| |
| |||||||
Log-Analyse und Auswertung: Iminent: ist er wirklich weg wenn ich es deinstalliert hab?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.07.2013, 16:41
| #1 |
| |  Iminent: ist er wirklich weg wenn ich es deinstalliert hab? Hallo ich bin bei so Computersachen nicht grad die Leuchte ich habe mir iwie Iminent mit installiert und das zu spät gemerkt ich hab dann heute mal gegooglet und gefunden, dass man das einfach deinstallieren kann. Danach hab ich dann aber diese Seite hier entdeckt und bin mir jetzt überhaupt nicht mehr sicher ob Iminent jetzt wirklich weg ist  und deshalb hab ich dann diese Logs erstellt wies hier geschrieben war und wende mich jetzt an euch damit ihr mir vllt helfen könnt und mir sagen könnt ob das jetzt ganz weg ist oder ncht und wie ich es ganz weg bekomme. Schon jetzt wirklich sehr vielen Dank ich bin echt froh, dass es Leute gibt, de davon Ahnung haben.otl:OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/4/2013 12:54:43 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lucia\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 55.27% Memory free 7.83 Gb Paging File | 5.72 Gb Available in Paging File | 73.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445.13 Gb Total Space | 348.17 Gb Free Space | 78.22% Space Free | Partition Type: NTFS Computer Name: LUCIA-FUJITSU | User Name: Lucia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/04 12:47:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucia\Desktop\OTL.exe PRC - [2013/06/27 14:30:21 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2013/06/24 10:24:45 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/06/24 10:24:30 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/06/24 10:24:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/06/22 01:35:02 | 027,995,640 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/05/29 12:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013/04/03 14:18:58 | 004,971,008 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe PRC - [2013/04/03 14:18:57 | 004,557,824 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe PRC - [2013/02/26 16:49:42 | 000,102,968 | ---- | M] (Fujitsu Technology Solutions) -- C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe PRC - [2013/02/04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/06/20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/03/30 15:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011/02/01 23:24:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 23:24:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/21 05:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010/09/30 03:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009/08/13 16:06:00 | 000,662,016 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe PRC - [2009/07/08 22:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe PRC - [2005/04/06 17:53:06 | 003,502,080 | ---- | M] () -- c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005/04/06 17:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005/04/06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013/05/23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013/05/17 23:09:39 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013/05/17 23:09:31 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013/05/17 10:51:16 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2013/03/18 13:11:09 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\652daef54b944f4e81ac562d639d0112\log4net.ni.dll MOD - [2013/03/18 13:11:09 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeskUpdateNotifier\0bbd213c31831ecd29d5de742778716e\DeskUpdateNotifier.ni.exe MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Lucia\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013/02/04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2013/01/21 22:42:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013/01/21 22:42:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013/01/21 22:42:18 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013/01/21 22:42:14 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Lucia\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012/10/24 12:59:14 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011/07/07 15:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/07/03 16:14:55 | 000,121,856 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFilterSvc.exe -- (GFilterSvc) SRV:64bit: - [2011/01/05 23:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/01/05 23:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/01/05 23:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/10/08 00:58:14 | 000,331,776 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/18 00:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/07/03 16:14:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Lucia\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013/06/24 10:24:45 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/06/24 10:24:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/06/03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013/04/03 14:18:57 | 004,557,824 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator) SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011/02/01 23:24:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 23:24:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005/04/06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/03/29 23:52:47 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/03/29 23:52:47 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/03/29 23:52:47 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/10/20 09:21:50 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012/10/20 09:21:50 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/05/05 17:58:13 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/04/15 04:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/24 07:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/03/24 07:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/03/22 19:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/08 15:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/03/08 15:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/03/08 15:44:06 | 000,046,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011/02/18 01:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/01/04 04:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/10/09 15:35:38 | 001,801,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010/05/07 04:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/11/19 14:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/24 07:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006/11/01 12:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006/11/01 12:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B2B5B351-CEAE-42AB-8FAC-C953CA30EBB9} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3334258535554943&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{B2B5B351-CEAE-42AB-8FAC-C953CA30EBB9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {B2B5B351-CEAE-42AB-8FAC-C953CA30EBB9} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3334258535554943&q={searchTerms} IE - HKLM\..\SearchScopes\{B2B5B351-CEAE-42AB-8FAC-C953CA30EBB9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9C42BC773723262B&affID=119828&tsp=4932 IE - HKCU\..\SearchScopes\{3E903C6A-78DF-484E-828C-0B49669AC6FB}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{4D734116-B7E2-4A45-B5FD-71B6C5B7D0A1}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{5AA6F69D-88A8-461A-B8DC-DD323C09D918}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435433323431393439&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{69F91227-1EB2-4181-9630-146703E59681}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{8D4AD34B-5C21-42A0-B03B-392E4CBCD865}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com.anonymize-me.de/?anonymto=687474703A2F2F6474732E7365617263682D726573756C74732E636F6D2F73723F7372633D696562266763743D64732661707069643D3336322673797374656D69643D3430362661706E5F647469643D424E443430362661706E5F70746E72733D414736266F3D41504E31303634352661706E5F7569643D3333333432353835333535353439343326713D7B7365617263685465726D737D&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{B2B5B351-CEAE-42AB-8FAC-C953CA30EBB9}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937465453475F646544453437334445343733&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{BC224271-AFEB-4BD7-9EC3-31CD17E6018E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{E39014E6-E309-43E7-9E24-07B059BD5E67}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{FE5ECB34-F931-4399-81B0-694539783C95}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=2d223e7f-f357-4bac-b2b4-30e770141cec&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/27 14:31:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/27 14:31:12 | 000,000,000 | ---D | M] [2013/07/03 16:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Data Manager) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.) O2 - BHO: (Data Manager) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFil0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Lucia\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE (Bandoo Media Inc.) O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - Startup: C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/03/16 21:36:00 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dyndns.info ([c-liesen] https in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.115.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = liesen.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FCED7C7-9F90-4F4F-8D5D-6EED4C0E2CB2}: DhcpNameServer = 192.168.115.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F5E299C-DF3B-48A4-A974-31EDC360B26E}: DhcpNameServer = 192.168.115.10 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll () O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{22cb690f-1a86-11e2-8524-bc773723262e}\Shell - "" = AutoRun O33 - MountPoints2\{22cb690f-1a86-11e2-8524-bc773723262e}\Shell\AutoRun\command - "" = D:\Startme.exe O33 - MountPoints2\{22cb69c6-1a86-11e2-8524-bc773723262e}\Shell - "" = AutoRun O33 - MountPoints2\{22cb69c6-1a86-11e2-8524-bc773723262e}\Shell\AutoRun\command - "" = D:\Startme.exe O33 - MountPoints2\{fa1182e6-8ca5-11e2-8869-8c736eb28122}\Shell - "" = AutoRun O33 - MountPoints2\{fa1182e6-8ca5-11e2-8869-8c736eb28122}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/04 12:47:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lucia\Desktop\OTL.exe [2013/07/03 16:15:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013/07/03 16:15:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013/07/03 16:15:16 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013/07/03 16:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013/07/03 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013/07/03 16:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/07/03 16:15:09 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\Delta [2013/07/03 16:15:09 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\BabSolution [2013/07/03 16:15:01 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\Opera [2013/07/03 16:14:58 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\Babylon [2013/07/03 16:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/07/03 16:14:57 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\DesktopIconForAmazon [2013/07/03 16:14:54 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\OCS [2013/07/03 15:33:12 | 000,000,000 | R--D | C] -- C:\Users\Lucia\Dropbox [2013/07/03 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013/07/03 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\Lucia\AppData\Roaming\Dropbox [2013/06/27 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013/06/27 14:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2013/06/27 14:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013/06/23 12:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java ========== Files - Modified Within 30 Days ========== [2013/07/04 12:47:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucia\Desktop\OTL.exe [2013/07/04 12:44:13 | 000,000,000 | ---- | M] () -- C:\Users\Lucia\defogger_reenable [2013/07/04 12:12:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/04 11:57:31 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/04 11:57:31 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/04 11:55:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/04 11:55:09 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/07/04 11:55:09 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/04 11:55:09 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/07/04 11:55:09 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/04 11:50:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/04 11:50:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1828459559-1447077266-1953636593-1156UA.job [2013/07/04 11:49:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/04 11:49:19 | 3152,506,880 | -HS- | M] () -- C:\hiberfil.sys [2013/07/04 11:47:40 | 000,001,729 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/07/03 20:50:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1828459559-1447077266-1953636593-1156Core.job [2013/07/03 16:14:56 | 000,121,856 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc0.exe [2013/07/03 16:14:55 | 000,121,856 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc.exe [2013/07/03 15:42:16 | 000,000,985 | ---- | M] () -- C:\Users\Lucia\Desktop\Dropbox.lnk [2013/07/03 15:42:16 | 000,000,965 | ---- | M] () -- C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/06/30 20:01:43 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/06/27 14:31:16 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/06/27 14:30:26 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013/06/24 17:23:02 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013/06/24 10:25:00 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013/06/17 11:12:49 | 000,048,842 | RHS- | M] () -- C:\ProgramData\ntuser.pol ========== Files Created - No Company Name ========== [2013/07/04 12:44:13 | 000,000,000 | ---- | C] () -- C:\Users\Lucia\defogger_reenable [2013/07/03 16:17:31 | 000,001,729 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/07/03 16:14:56 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc0.exe [2013/07/03 16:14:55 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc.exe [2013/07/03 15:33:12 | 000,000,985 | ---- | C] () -- C:\Users\Lucia\Desktop\Dropbox.lnk [2013/07/03 15:26:09 | 000,000,965 | ---- | C] () -- C:\Users\Lucia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/06/27 14:31:16 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/06/24 17:23:02 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013/02/26 19:48:54 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2012/05/05 17:53:10 | 009,880,076 | ---- | C] () -- C:\Users\Lucia\TI-Nspire.tcc [2012/04/03 19:24:31 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012/03/06 22:23:57 | 000,006,144 | ---- | C] () -- C:\Users\Lucia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/04 18:54:13 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012/03/04 18:54:13 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2012/03/04 18:54:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012/03/04 12:54:39 | 000,002,822 | RHS- | C] () -- C:\Users\Lucia\ntuser.pol [2012/03/04 11:49:29 | 000,048,842 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/07/03 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\BabSolution [2013/07/03 16:14:58 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Babylon [2012/11/26 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013/07/03 16:15:09 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Delta [2012/10/08 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Deluxe Pacman [2013/07/03 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\DesktopIconForAmazon [2013/07/04 11:51:59 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Dropbox [2011/05/07 21:24:53 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Fujitsu [2012/03/04 12:55:45 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Fujitsu Launch Center [2013/07/03 16:14:54 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\OCS [2013/07/03 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Opera [2012/09/05 14:27:17 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Origin [2012/12/10 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\TeamViewer [2013/02/27 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Texas Instruments [2012/05/05 18:11:27 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\TI-Nspire [2012/03/13 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Windows Small Busines [2012/03/04 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\Windows Small Business Server [2013/04/13 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Lucia\AppData\Roaming\XnView ========== Purity Check ========== < End of report > |
|
04.07.2013, 16:44
| #2 |
| | Iminent: ist er wirklich weg wenn ich es deinstalliert hab? extras:OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 7/4/2013 12:54:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lucia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.91 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 55.27% Memory free
7.83 Gb Paging File | 5.72 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.13 Gb Total Space | 348.17 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Computer Name: LUCIA-FUJITSU | User Name: Lucia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0194E714-8467-47AB-AD78-63284C73D3D6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{02F28D4F-B753-4E4B-B17D-0448FE9803BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06E89086-29C2-4D18-AC5D-25C083906403}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2D133A10-3433-48CC-A4ED-9DFE575A1D6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39697303-8E2E-442C-8712-8113EC945DB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3C3BE427-9A74-4B41-81E2-32F1799DFE15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F52F9CB-BA0D-4422-AB27-DDE8C8975429}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{706D1843-C790-4598-AA93-B4FA52F8B1A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F3351F1-B1A2-4EBC-BA63-ED476EDB694E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8212A91D-C9BA-42B5-8BF8-AFE3BD62633D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A7F74A96-5E26-4A61-A8A0-1BF2A9EADA12}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC4F85F7-D8ED-4E1A-A7B2-4832FB75CCA8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C809322F-F0DB-49D1-B57C-768BE5A7C667}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAA08EAA-F342-41AD-97FA-122231C78DDA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14388670-549A-4018-939C-DEB8208EED1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19CEF980-D3F4-4DA3-B467-08EE5ED94587}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{2C02FB68-B92F-4BC3-958D-877BB20BFAFE}" = protocol=17 | dir=in | app=c:\users\lucia\adobe photoshop cs6\adobe version cue cs2\bin\versioncuecs2.exe |
"{42957E8F-CF62-4986-95B2-3A32400E8950}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49D669DF-AD15-4714-AD25-A6D868014A97}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F639738-0891-46AC-B06E-9FFFFED0DA03}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{595990B0-B67F-45C5-BF9B-A6DA1438BC1F}" = protocol=17 | dir=in | app=c:\users\lucia\appdata\roaming\dropbox\bin\dropbox.exe |
"{6399AC6D-74BB-4BD3-8E56-0937267B18C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{67C0891D-1CFC-4BB8-A8D1-74AEEE57E274}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{683D00B6-7125-44BE-8AC5-D17432A95C0C}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{73FF8CAB-6DE7-48E2-B2DB-9D70C6BFA60A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{74581677-6A99-4C50-87DC-447C69792478}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{88599510-3ABA-46CB-A734-C3A0624C8396}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9D236A10-82A6-491B-992D-D26F33106F89}" = protocol=6 | dir=in | app=c:\users\lucia\appdata\roaming\dropbox\bin\dropbox.exe |
"{AFB91182-DC4D-4493-B79D-2B284B1C3C59}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B85706CE-60E3-4D17-B39D-ED25ABA7241B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B8C58CF6-BA3A-414B-956A-D09D84272246}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BE2152B8-5D98-4A2B-8CB4-F66AD3904479}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D246C05C-CF5E-4D9D-BB08-A526958DFCC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA31545F-4C13-4732-8247-0D2D3446AA4E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA56791F-685E-46C2-B43B-B63DFF9BFA56}" = protocol=6 | dir=in | app=c:\users\lucia\adobe photoshop cs6\adobe version cue cs2\bin\versioncuecs2.exe |
"{DF31289F-2929-41F8-8A4B-E820EA7545D6}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EBE70A88-52CB-4038-8D4C-7E9D46E091E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{12EA02BA-3A7F-44A7-AC1F-EB98E3E63650}C:\program files (x86)\ti education\ti-nspire teacher software\ti-nspire teacher software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire teacher software\ti-nspire teacher software.exe |
"TCP Query User{2B5AF8C5-C803-4DEB-A70C-8C5AA3E0B921}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe |
"TCP Query User{392F771E-B883-4D7F-A075-8F3D1CA23639}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{475C8E89-6719-461D-A4B4-EA735A22C265}C:\program files (x86)\ti education\ti-diagnostics\ti-diagnostic.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-diagnostics\ti-diagnostic.exe |
"TCP Query User{7D4DF806-A895-4156-963A-16589BAAA70C}C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe |
"TCP Query User{831FF5FF-4803-4318-B85A-A78971E081B1}C:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe |
"TCP Query User{8B8C63DE-4569-47D7-B95E-80D7A55CB359}C:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe |
"TCP Query User{90ECE1CA-18BB-4BB9-99B4-0137B77166B2}C:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe |
"TCP Query User{DFF11C04-4238-456D-8282-C006227E3FC2}C:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe |
"TCP Query User{F568F3BA-A889-4E32-AEE3-3050268CE348}C:\users\lucia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucia\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0FA86BF3-91F3-4463-A2C9-500E54417912}C:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe |
"UDP Query User{1D3ED56C-7570-48EA-A91B-FBD9FBD8B884}C:\program files (x86)\ti education\ti-nspire teacher software\ti-nspire teacher software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire teacher software\ti-nspire teacher software.exe |
"UDP Query User{40D91FE8-074E-46E2-8A44-5B937A8013DF}C:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe |
"UDP Query User{8DC70D1C-3D68-48A0-A06F-E7F8549D366B}C:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas teacher software\ti-nspire cas teacher software.exe |
"UDP Query User{9B5C8641-4D0B-4C33-B0DA-F4ADF105FCD4}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe |
"UDP Query User{9E316D91-2C97-4A71-9590-DDAC5E54FB2D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{B2131B22-B1CB-4AB5-997E-3D7B4A326F3B}C:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lego media\constructive\lego loco\exe\loco.exe |
"UDP Query User{F6596512-60C2-4880-9403-C021448068BE}C:\program files (x86)\ti education\ti-diagnostics\ti-diagnostic.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-diagnostics\ti-diagnostic.exe |
"UDP Query User{F9A3E0A3-5DFB-42A1-9B0C-1EDDD4A22EAD}C:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\jre\3.2.0\bin\java.exe |
"UDP Query User{FA350B62-FCC3-4B21-BFF9-5EAFEA35370F}C:\users\lucia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucia\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}" = Windows Small Business Server 2011 Standard ClientAgent
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BA7A1C2-4964-4AF9-8EEF-BC18D6624092}" = TSDoctor
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{10A5FC84-CB84-4CC1-A0EC-C7598A04AA0A}" = TI-Nspire(TM) Teacher Software
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.005.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6C7AEC6B-6ACD-43D7-B9FB-05F6B3B0D8AF}" = TeliSP
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BD-0407-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9983CD31-473F-4808-8317-5346119F0187}" = eBay
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A10B9E4E-9C40-4491-A3E1-C2B53DAB03C1}" = Facebook Messenger 2.0.4478.0
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1E035A6-F03E-426F-82F0-BAC56FF873DC}" = AIS Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.165
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A8377A-3062-43B8-94F4-4E30EA43A9E9}" = Windows Small Business Server 2011 Standard WMI Provider
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"8458-4195-6614-3708" = Vektoris3D 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIS Connect" = AIS Connect
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Deluxe Pacman_is1" = Deluxe Pacman version 1.98a
"DeskUpdate_is1" = DeskUpdate
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"FotoQuelle Fotosoftware" = FotoQuelle Fotosoftware 4.11.0
"HaaliMkx" = Haali Media Splitter
"ilividtoolbargaw" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"lavfilters_is1" = LAV Filters 0.54.1
"LEGO LOCO" = LEGO LOCO
"MKVToolNix" = MKVToolNix 5.9.0
"Office14.SingleImage" = Microsoft Office Professional 2010
"RealPlayer 16.0" = RealPlayer
"Sweet Home 3D_is1" = Sweet Home 3D version 3.7
"Update Engine" = Sony Ericsson Update Engine
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.99
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = G-Filter
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/3/2013 1:40:08 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
Error - 7/3/2013 1:40:08 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
Error - 7/4/2013 5:10:59 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = WinMgmt | ID = 10
Description =
Error - 7/4/2013 5:11:49 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.115.58:5353 23 58.115.168.192.in-addr.arpa.
PTR LUCIA-FUJITSU-2.local.
Error - 7/4/2013 5:11:49 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 58.115.168.192.in-addr.arpa.
PTR LUCIA-FUJITSU.local.
Error - 7/4/2013 5:47:34 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
werden.
Error - 7/4/2013 5:47:34 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Internet Explorer" konnte nicht heruntergefahren
werden.
Error - 7/4/2013 5:50:09 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = WinMgmt | ID = 10
Description =
Error - 7/4/2013 5:50:28 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.115.58:5353 23 58.115.168.192.in-addr.arpa.
PTR LUCIA-FUJITSU-2.local.
Error - 7/4/2013 5:50:28 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 21 58.115.168.192.in-addr.arpa.
PTR LUCIA-FUJITSU.local.
[ Media Center Events ]
Error - 1/9/2013 6:28:57 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 11:28:56 - Fehler beim Herstellen der Internetverbindung. 11:28:57
- Serververbindung konnte nicht hergestellt werden..
Error - 1/9/2013 6:29:08 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 11:29:02 - Fehler beim Herstellen der Internetverbindung. 11:29:02
- Serververbindung konnte nicht hergestellt werden..
Error - 1/28/2013 12:11:20 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 17:11:20 - Fehler beim Herstellen der Internetverbindung. 17:11:20
- Serververbindung konnte nicht hergestellt werden..
Error - 1/28/2013 12:11:34 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 17:11:26 - Fehler beim Herstellen der Internetverbindung. 17:11:26
- Serververbindung konnte nicht hergestellt werden..
Error - 2/3/2013 12:34:55 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 17:34:55 - Fehler beim Herstellen der Internetverbindung. 17:34:55
- Serververbindung konnte nicht hergestellt werden..
Error - 2/3/2013 12:35:25 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 17:35:00 - Fehler beim Herstellen der Internetverbindung. 17:35:00
- Serververbindung konnte nicht hergestellt werden..
Error - 2/4/2013 12:43:57 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 17:43:57 - Fehler beim Herstellen der Internetverbindung. 17:43:57
- Serververbindung konnte nicht hergestellt werden..
Error - 2/4/2013 12:44:12 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 17:44:03 - Fehler beim Herstellen der Internetverbindung. 17:44:03
- Serververbindung konnte nicht hergestellt werden..
Error - 2/26/2013 6:49:42 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 11:49:42 - Fehler beim Herstellen der Internetverbindung. 11:49:42
- Serververbindung konnte nicht hergestellt werden..
Error - 2/26/2013 6:49:52 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = MCUpdate | ID = 0
Description = 11:49:47 - Fehler beim Herstellen der Internetverbindung. 11:49:47
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 7/3/2013 12:59:32 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 7/3/2013 12:59:32 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 7/3/2013 2:52:44 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne LIESEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 7/3/2013 2:52:44 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 7/3/2013 2:52:44 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 7/3/2013 4:30:34 PM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = DCOM | ID = 10010
Description =
Error - 7/4/2013 5:10:36 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne LIESEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 7/4/2013 5:10:37 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername
konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen
haben: a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller. b)
Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller
erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
Error - 7/4/2013 5:49:37 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne LIESEN aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 7/4/2013 5:49:38 AM | Computer Name = LUCIA-FUJITSU.liesen.local | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername
konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen
haben: a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller. b)
Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller
erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
< End of report >
Gmer: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-04 17:11:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lucia\AppData\Local\Temp\uwtcypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002faf000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002faf02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!free 0000000074be9894 5 bytes JMP 000000010a90d2d0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!malloc 0000000074be9cee 5 bytes JMP 000000010a90d230
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 0000000074beb0b9 5 bytes JMP 000000010a90d2d0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 0000000074beb0c9 5 bytes JMP 000000010a90d480
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!realloc 0000000074beb10d 5 bytes JMP 000000010a90d2b0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!calloc 0000000074bec456 5 bytes JMP 000000010a90d270
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_msize 0000000074bef43b 5 bytes JMP 000000010a90d2e0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000074c05942 5 bytes JMP 000000010a90d2d0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 0000000074c1028d 5 bytes JMP 000000010a90d3c0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 0000000074c102a9 5 bytes JMP 000000010a90d3e0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000074c3bfd1 5 bytes JMP 000000010a90d500
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 0000000074c3bfe1 5 bytes JMP 000000010a90d420
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 0000000074c3c16b 5 bytes JMP 000000010a90d400
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_expand 0000000074c3c18a 5 bytes JMP 000000010a90d3a0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapadd 0000000074c3dd03 5 bytes JMP 000000010a90d550
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapchk 0000000074c3dd17 5 bytes JMP 000000010a90d560
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 0000000074c3de16 4 bytes {JMP 0xffffffff95ccf76b}
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapmin 0000000074c3de1f 5 bytes JMP 000000010a90d650
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapused 0000000074c3df05 5 bytes JMP 000000010a90d620
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapwalk 0000000074c3df18 5 bytes JMP 000000010a90d590
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1824] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2044] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[1780] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Windows\SysWOW64\schtasks.exe[1892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Windows\SysWOW64\schtasks.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Windows\SysWOW64\schtasks.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2612] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4764] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Windows\vsnp2uvc.exe[1296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Windows\vsnp2uvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Windows\vsnp2uvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000074b051dd 7 bytes JMP 0000000110053ac0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000074b0610b 7 bytes JMP 0000000110053c10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 0000000074b0c6c1 7 bytes JMP 0000000110053bf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000074b4fc98 7 bytes JMP 0000000110053c60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000074b4fcd1 7 bytes JMP 0000000110053d30
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000074b4fcf5 7 bytes JMP 0000000110053ce0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000700c11a8 2 bytes [0C, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000700c13a8 2 bytes [0C, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000700c1422 2 bytes [0C, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000700c1498 2 bytes [0C, 70]
.text C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe[4680] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4756] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[4956] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe[516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe[516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe[516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[5172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[5240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[5352] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5480] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[5500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6828] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6976] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Users\Lucia\Desktop\gmer_2.1.19163.exe[5608] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Users\Lucia\Desktop\gmer_2.1.19163.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Users\Lucia\Desktop\gmer_2.1.19163.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3952:6488] 000007feee349688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{097CA6C8-762A-41B3-B196-B38B6EBB0812}\Connection@Name isatap.{C21655E6-E161-41EB-ABB6-BE8D1856DF66}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}\Connection@Name isatap.{5DE40016-76B0-4C48-A70E-57C328D588DA}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BAC19539-84CD-456B-AFBD-AB283425B63B}?\Device\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}?\Device\{097CA6C8-762A-41B3-B196-B38B6EBB0812}?\Device\{6AF73DF7-FB3E-4504-8BA5-C311A36B977D}?\Device\{9A209A89-FC4B-4E86-85F8-DC83E792FD41}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BAC19539-84CD-456B-AFBD-AB283425B63B}"?"{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}"?"{097CA6C8-762A-41B3-B196-B38B6EBB0812}"?"{6AF73DF7-FB3E-4504-8BA5-C311A36B977D}"?"{9A209A89-FC4B-4E86-85F8-DC83E792FD41}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BAC19539-84CD-456B-AFBD-AB283425B63B}?\Device\TCPIP6TUNNEL_{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}?\Device\TCPIP6TUNNEL_{097CA6C8-762A-41B3-B196-B38B6EBB0812}?\Device\TCPIP6TUNNEL_{6AF73DF7-FB3E-4504-8BA5-C311A36B977D}?\Device\TCPIP6TUNNEL_{9A209A89-FC4B-4E86-85F8-DC83E792FD41}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00150079fe36
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773723262e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773723262e@205476a663b4 0x0C 0xB9 0xBC 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{097CA6C8-762A-41B3-B196-B38B6EBB0812}@InterfaceName isatap.{C21655E6-E161-41EB-ABB6-BE8D1856DF66}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{097CA6C8-762A-41B3-B196-B38B6EBB0812}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}@InterfaceName isatap.{5DE40016-76B0-4C48-A70E-57C328D588DA}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00150079fe36 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773723262e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773723262e@205476a663b4 0x0C 0xB9 0xBC 0xA1 ...
---- EOF - GMER 2.1 ----
|
|
04.07.2013, 16:46
| #3 |
| | Iminent: ist er wirklich weg wenn ich es deinstalliert hab? Gmer:
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-04 17:11:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lucia\AppData\Local\Temp\uwtcypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002faf000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002faf02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!free 0000000074be9894 5 bytes JMP 000000010a90d2d0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!malloc 0000000074be9cee 5 bytes JMP 000000010a90d230
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 0000000074beb0b9 5 bytes JMP 000000010a90d2d0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 0000000074beb0c9 5 bytes JMP 000000010a90d480
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!realloc 0000000074beb10d 5 bytes JMP 000000010a90d2b0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!calloc 0000000074bec456 5 bytes JMP 000000010a90d270
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_msize 0000000074bef43b 5 bytes JMP 000000010a90d2e0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000074c05942 5 bytes JMP 000000010a90d2d0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 0000000074c1028d 5 bytes JMP 000000010a90d3c0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 0000000074c102a9 5 bytes JMP 000000010a90d3e0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000074c3bfd1 5 bytes JMP 000000010a90d500
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 0000000074c3bfe1 5 bytes JMP 000000010a90d420
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 0000000074c3c16b 5 bytes JMP 000000010a90d400
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_expand 0000000074c3c18a 5 bytes JMP 000000010a90d3a0
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapadd 0000000074c3dd03 5 bytes JMP 000000010a90d550
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapchk 0000000074c3dd17 5 bytes JMP 000000010a90d560
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 0000000074c3de16 4 bytes {JMP 0xffffffff95ccf76b}
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapmin 0000000074c3de1f 5 bytes JMP 000000010a90d650
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapused 0000000074c3df05 5 bytes JMP 000000010a90d620
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\msvcrt.dll!_heapwalk 0000000074c3df18 5 bytes JMP 000000010a90d590
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1824] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2044] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[1780] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Windows\SysWOW64\schtasks.exe[1892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Windows\SysWOW64\schtasks.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Windows\SysWOW64\schtasks.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2612] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text c:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe[2612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2772] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2380] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3776] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4764] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Windows\vsnp2uvc.exe[1296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Windows\vsnp2uvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Windows\vsnp2uvc.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!GetMenu + 412 0000000074b051dd 7 bytes JMP 0000000110053ac0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 0000000074b0610b 7 bytes JMP 0000000110053c10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 0000000074b0c6c1 7 bytes JMP 0000000110053bf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 0000000074b4fc98 7 bytes JMP 0000000110053c60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 0000000074b4fcd1 7 bytes JMP 0000000110053d30
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 0000000074b4fcf5 7 bytes JMP 0000000110053ce0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000700c11a8 2 bytes [0C, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000700c13a8 2 bytes [0C, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000700c1422 2 bytes [0C, 70]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[708] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000700c1498 2 bytes [0C, 70]
.text C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe[4680] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Users\Lucia\AppData\Roaming\Dropbox\bin\Dropbox.exe[4680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4756] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[4956] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[4956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe[516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe[516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe[516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[5172] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[5240] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[5352] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Users\Lucia\Adobe Photoshop CS6\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5480] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[5500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[5500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6828] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6976] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
.text C:\Users\Lucia\Desktop\gmer_2.1.19163.exe[5608] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074b1cfca 5 bytes JMP 0000000173fd4970
.text C:\Users\Lucia\Desktop\gmer_2.1.19163.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [B6, 75]
.text C:\Users\Lucia\Desktop\gmer_2.1.19163.exe[5608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [B6, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3952:6488] 000007feee349688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{097CA6C8-762A-41B3-B196-B38B6EBB0812}\Connection@Name isatap.{C21655E6-E161-41EB-ABB6-BE8D1856DF66}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}\Connection@Name isatap.{5DE40016-76B0-4C48-A70E-57C328D588DA}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BAC19539-84CD-456B-AFBD-AB283425B63B}?\Device\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}?\Device\{097CA6C8-762A-41B3-B196-B38B6EBB0812}?\Device\{6AF73DF7-FB3E-4504-8BA5-C311A36B977D}?\Device\{9A209A89-FC4B-4E86-85F8-DC83E792FD41}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BAC19539-84CD-456B-AFBD-AB283425B63B}"?"{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}"?"{097CA6C8-762A-41B3-B196-B38B6EBB0812}"?"{6AF73DF7-FB3E-4504-8BA5-C311A36B977D}"?"{9A209A89-FC4B-4E86-85F8-DC83E792FD41}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BAC19539-84CD-456B-AFBD-AB283425B63B}?\Device\TCPIP6TUNNEL_{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}?\Device\TCPIP6TUNNEL_{097CA6C8-762A-41B3-B196-B38B6EBB0812}?\Device\TCPIP6TUNNEL_{6AF73DF7-FB3E-4504-8BA5-C311A36B977D}?\Device\TCPIP6TUNNEL_{9A209A89-FC4B-4E86-85F8-DC83E792FD41}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00150079fe36
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773723262e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc773723262e@205476a663b4 0x0C 0xB9 0xBC 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{097CA6C8-762A-41B3-B196-B38B6EBB0812}@InterfaceName isatap.{C21655E6-E161-41EB-ABB6-BE8D1856DF66}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{097CA6C8-762A-41B3-B196-B38B6EBB0812}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}@InterfaceName isatap.{5DE40016-76B0-4C48-A70E-57C328D588DA}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7B48D33E-3A1C-44DA-8E1A-1A8C25C566A6}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00150079fe36 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773723262e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc773723262e@205476a663b4 0x0C 0xB9 0xBC 0xA1 ...
---- EOF - GMER 2.1 ----
|
|
| Themen zu Iminent: ist er wirklich weg wenn ich es deinstalliert hab? |
| ahnung, avira searchfree toolbar, bandoo, browserdefendert, compu, deinstalliere, deinstallieren, deinstalliert, einfach, entdeck, entdeckt, erstell, erstellt, gefunde, gemerkt, gfiltersvc.exe, heute, iminent, installier, installiert, intranet, leute, nicht mehr, plug-in, seite, wirklich, überhaupt |
Linear-Darstellung
