Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.06.2012, 20:57   #1
Das_Exel
 
Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen - Standard

Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen



Guten Abend

Ein Freund von mir hatte sich vor zwei Tagen auf seinen Rechner den Windows Verschlüsselungs Trojaner eingefangen. (Eine Rechnung von Flirt-Fever soweit ich weis, genau konnte er mir das nicht mehr sagen. Die E-Mail hatte er übrigens schon gelöscht.)

Nun kam er damit zu mir und hatte mich darum gebeten das ich mir den Rechner mal angucke.

Gesagt, getan. Als ich dann als erstes MbAM drüberlaufen lassen wollte stellte ich fest das er das bereits getan hat. Er wollte den Rechner über Strg+Alt+Entf runterfahren kam dann auf den Desktop und wurde gefragt ob er das Programm beenden wolle, er drückte "Nein" und konnte dann wohl frei agieren. Hat dann, natürlich, als erstes den Trojaner gesucht und gelöscht.

Nun gut, also habe ich versucht die Daten wieder zu entschlüsseln mit div. Programmen die ich im Internet gefunden habe. (Diese Programme listet ihr hier übrigens alle auf, hätte ich das früher gewusst hätte ich mir einiges ersparen können... naja shit happens.)

Tja nun bin ich mit meinem Latein am Ende und habe mich hier gestern im Forum angemeldet und mir einige Themen durchgelesen, 'ne urgewaltige Aufgabe wie ich finde. Letztendlich habe ich aber es dennoch nicht geschafft. Ich dachte mir also jetzt, gut, einfach nen Post erstellen und das Problem mit anderen, versuchen, anzugehen.

1. Anmerkung: Ich habe seinen Namen durch fünf * ersetzen lassen.
2. Anmerkung: ShadowExplorer ist keine Option, hat er nicht eingeschaltet
3. Anmerkung: Win7 64Bit, Standartbrowser ist FireFox

Schritt 1: Defogger

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:53 on 06/06/2012 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Schritt 2: OTL.txt und Extra.txt


Zitat:
OTL logfile created on: 06.06.2012 17:56:18 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,99 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 79,47% Memory free
15,98 Gb Paging File | 14,07 Gb Available in Paging File | 88,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,31 Gb Free Space | 42,59% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.06 17:54:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.11.16 00:35:14 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.10.10 10:49:36 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Modules (No Company Name) ==========

MOD - [2009.10.10 10:49:36 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.08.09 04:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.05.06 11:41:52 | 000,062,464 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV - [2012.05.20 15:51:33 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.27 05:09:30 | 000,934,760 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.11.16 00:35:14 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.30 23:05:32 | 000,462,184 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2011.05.10 20:58:55 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - [2011.05.10 20:58:55 | 000,136,176 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update-Dienst (gupdate)
SRV - [2011.04.25 16:58:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.06 10:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.12.08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 06:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.12.08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.04.16 14:17:21 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.04.16 14:12:43 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.16 01:46:05 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010.11.22 15:22:38 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)
DRV:64bit: - [2009.10.14 22:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009.10.07 01:26:08 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009.10.07 01:24:32 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009.10.02 20:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.09.14 15:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.09.01 16:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009.08.23 04:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:23:37 | 000,327,168 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.20 05:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.17 19:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009.02.17 19:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008.02.18 16:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2008.02.18 16:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2008.01.21 09:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2011.02.22 01:41:09 | 000,000,000 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.05.18 08:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=eee1044000000000000090fba634307b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 50 57 38 83 A5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=eee1044000000000000090fba634307b
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=eee1044000000000000090fba634307b"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=eee1044000000000000090fba634307b&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.17 12:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.20 03:06:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2011.01.16 01:46:55 | 000,000,000 | ---D | M]

[2011.01.16 01:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.06.04 15:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\xftobxll.default\extensions
[2012.06.03 10:18:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\xftobxll.default\extensions\ffxtlbr@babylon.com
[2012.05.31 22:41:54 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\xftobxll.default\extensions\ffxtlbra@softonic.com
[2011.11.14 19:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.14 19:02:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.16 02:22:24 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.05.20 03:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.05.20 03:06:25 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012.06.04 15:55:49 | 000,565,918 | ---- | M] () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XFTOBXLL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.07.17 12:58:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.03 10:18:17 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Auswahl erfassen - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Auswahl erfassen - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Markierten Text speichern - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Markierten Text spe - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Als HTML speichern - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Als HTML speice - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BE9BB92-BAF1-4F72-8BEE-E81EA6DD28D0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.06 17:54:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.06.04 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Entschlüsslungs Ordner Test Vorsicht!
[2012.06.04 17:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2012.06.04 17:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012.06.04 15:11:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.06.04 15:10:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.04 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.04 15:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.04 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 10:18:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\BabylonToolbar
[2012.06.03 10:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.06.03 10:16:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Babylon
[2012.06.03 10:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.03 03:43:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Hgbrnbyfzpn
[2012.06.03 03:35:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012.06.03 03:34:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps
[2012.06.03 03:34:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment
[2012.05.31 22:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softonic
[2012.05.31 22:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012.05.24 00:32:37 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\SoSe2012_Rund_um_sorglos_Paket_MB
[2012.05.21 02:34:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Apple Computer
[2012.05.21 02:34:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apple Computer
[2012.05.21 02:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.21 02:33:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.05.21 02:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.21 02:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.21 02:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.05.21 02:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.21 02:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.05.21 02:30:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apple
[2012.05.21 02:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.05.21 02:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.05.21 02:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.05.21 02:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.05.21 02:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.05.17 04:59:31 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Buch

========== Files - Modified Within 30 Days ==========

[2012.06.06 17:54:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.06.06 17:53:29 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2012.06.06 17:42:28 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2012.06.06 17:39:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.06 16:47:44 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 16:47:43 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 16:39:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 16:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.06 16:39:28 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.04 22:06:14 | 002,291,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.04 15:10:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 10:18:27 | 000,000,346 | ---- | M] () -- C:\user.js
[2012.06.03 03:36:01 | 000,000,000 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012.06.03 03:35:19 | 000,000,312 | ---- | M] () -- C:\Users\*****\Desktop\Curse Client.appref-ms
[2012.06.01 11:28:07 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012.05.31 22:38:11 | 001,669,184 | ---- | M] () -- C:\Users\*****\Desktop\softonic_ggl_1.5.24.3.exe
[2012.05.31 22:37:29 | 001,857,488 | ---- | M] () -- C:\Users\*****\Desktop\install_easyshare_8.3.exe
[2012.05.30 01:26:13 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012.05.30 00:57:58 | 000,633,202 | ---- | M] () -- C:\Users\*****\Desktop\usa_kanada_2007-761.jpg
[2012.05.23 03:20:01 | 000,545,044 | ---- | M] () -- C:\Users\*****\Desktop\Stochastik I.rar
[2012.05.21 02:29:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.21 02:29:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.21 02:29:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.21 02:29:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.21 02:29:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.15 12:21:34 | 000,069,602 | ---- | M] () -- C:\Users\*****\Desktop\restplaetze_berufsausbildung_2012.pdf

========== Files Created - No Company Name ==========

[2012.06.06 17:53:29 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2012.06.06 17:42:27 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2012.06.04 15:10:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 03:36:01 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012.05.31 22:41:54 | 000,000,346 | ---- | C] () -- C:\user.js
[2012.05.31 22:38:21 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012.05.21 02:29:53 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.13 03:12:44 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.11.16 00:35:32 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.16 00:35:14 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.11 17:30:33 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\dtGsVxxxfVxfGdxxtsx
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.21 02:17:54 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\LEnnLAqLojqnEnE
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.22 01:41:17 | 000,000,156 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.22 01:04:47 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011.02.22 01:04:39 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011.02.22 01:04:28 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2011.02.22 01:04:28 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.02.21 22:38:27 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.02.21 22:09:07 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.02.05 22:39:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.16 01:17:06 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.01.16 01:17:06 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011.01.16 01:04:56 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011.01.16 01:03:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.08 15:19:24 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010.06.08 15:19:24 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll

========== LOP Check ==========

[2012.06.03 10:16:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2012.06.03 10:18:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BabylonToolbar
[2012.04.30 01:10:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\dll-files.com
[2011.07.23 20:44:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.06.03 04:10:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.03 04:10:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.06.03 04:21:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Hgbrnbyfzpn
[2012.06.03 04:10:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2012.01.15 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Kalypso Media
[2012.01.13 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2011.11.16 00:34:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PunkBuster
[2011.05.07 01:09:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Qualcomm
[2012.02.06 01:11:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung
[2011.02.22 01:05:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SmarThru4
[2012.02.06 01:22:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Temp
[2011.06.05 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011.12.12 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft
[2012.05.30 01:26:13 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
[2012.06.01 11:28:07 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012.04.05 23:10:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Zitat:
OTL Extras logfile created on: 06.06.2012 17:56:18 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,99 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 79,47% Memory free
15,98 Gb Paging File | 14,07 Gb Available in Paging File | 88,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,31 Gb Free Space | 42,59% Space Free | Partition Type: NTFS

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058A4D6A-69FC-47A5-94C9-A70E0FBD1661}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0A478405-803F-471D-B640-BFC5AA851AAF}" = lport=138 | protocol=17 | dir=in | app=system |
"{14DEEF74-056D-4E32-8AC9-8E4928ACC6B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1977A653-F4D3-4901-9BAF-AD9120E0FFDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FE11F97-B5AE-40BC-AFE5-529EAD55E939}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20E5F66C-99FA-4C23-A6C8-AA22C544D9FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{21F0A941-BCC7-489E-A922-B660D1613CC6}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A8590A4-8B78-42C9-A163-5B3E74D7FB80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34073FCC-37EE-4745-B4E5-ECA912E22014}" = lport=137 | protocol=17 | dir=in | app=system |
"{377BB811-4BF8-4448-9EA4-EF0EB61788F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4177D962-774B-4FE5-964D-17260C1AD2D2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{42543020-997E-4FE5-B25D-62D2267CD24C}" = rport=138 | protocol=17 | dir=out | app=system |
"{4651F20B-C321-48FA-9A0B-3648C72FB30D}" = rport=137 | protocol=17 | dir=out | app=system |
"{4814F787-F712-4F35-B99C-A12EACBCFCEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63B7179C-11CD-4E72-A451-EB2D05CA100A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6F96AC38-DB22-48AD-B289-AB6B1614C1C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{762FE8FD-C6DA-4C0D-BB0A-60225E1BC2DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F7CC229-8623-4D27-AEB4-DB81879070A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{81B0E4AD-6F87-4080-8D3B-09DE012657F0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{860B3717-2A1C-4AC2-86E6-AD387461CB5D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{87E409C6-69BA-4F15-9C01-22D59F94A29D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{913F2450-AC09-4521-9190-85F8C2441E15}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A3FB01C6-9B44-4F08-B857-E8EC66F4E460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA13369A-550F-495A-9146-E1D9386E3137}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AD3C203D-9AD4-44B4-ACFE-B6A4FF0D4C70}" = rport=139 | protocol=6 | dir=out | app=system |
"{B4746267-20AF-4E6E-B42A-8E2FFB69C05C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BEE99B2B-BF2B-49FE-A206-8D6CD0606928}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6C9EF2B-FF5B-4F3E-B8F3-786BE5B606EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E41E6C54-0036-4825-8C46-010216E1B6D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00879529-F30E-4299-90C9-5A7D5610DCA0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{009E7A8E-2212-4FE6-B419-862FB3865F30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{00F6FF59-EE5A-421D-96C6-10E690EF6111}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{02660665-240E-4B21-8A31-C38C29ADCB36}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{02D30109-A840-475C-86E8-6004EE8BB217}" = protocol=6 | dir=out | app=system |
"{02F1B7B2-D767-41C6-8783-FF8045090255}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{05326C9D-9D59-4229-BD3E-ECC970CB91FD}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |
"{081AB678-AEF0-4E44-B072-484838823AF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A420301-3E2A-48A1-B7C7-492CFB0124C6}" = protocol=17 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{0AE60987-B812-4F5E-8814-13A952A37D42}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F8CDE1A-BAA1-4DC0-A197-A9F7B0095EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{10006175-36D6-401F-9181-77D89251ACA4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\extra1\bin\settlers6.exe |
"{10E9DF1B-6D6C-4531-97E3-3B8C1FD7BFAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{131B22F4-405F-4A3E-AB06-4D1C473D3B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{14205400-8BFA-4936-8279-3D10F1204CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{18C4FB34-79B1-40BC-916C-33E5FF973B5F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{1D06585C-9677-4F1B-BE92-E2D93F6CB7F4}" = protocol=6 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{1D35FAD9-03A9-480E-8988-589ABB33E10B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1E8DACD7-0E1C-4349-A3E6-947AD7FBDAD0}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |
"{2493A268-8E56-47FB-A73F-7CAA19C19839}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\extra1\bin\settlers6.exe |
"{24A5692B-8AFC-425C-A209-44E46226F919}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{271A56D5-EF97-4E12-9527-6C2962E1748D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{28CBE331-F0EB-4564-90A9-CBD01B5FE02D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{2A84FC7D-B56C-4356-8FAB-34A41788E45A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{2E942207-47F3-44B2-9E80-461594C7F6C0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{31A14D49-6F93-4B2D-87C9-0E00B2F3479A}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{32E8FC50-8078-422E-B077-72D10FA1940E}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{33BC3A2D-384B-4976-8937-A27F93580C86}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{3659B87C-C8D1-4078-B349-02A43B3DE63A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{387DDCB1-3157-4B41-B331-6493CD9C4FE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{387F2DF6-BD60-4C12-8DD3-6E85A7BEFBA8}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{38934833-F423-4FE7-A09E-8421CA76BB6C}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{3B6CED42-BCF0-4419-A6D7-8D06C981217E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{3C1A0011-7317-46C1-B86C-64D4E61B4994}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{3F145037-08E0-4027-A6CF-C189EA591E1A}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{40B37C7B-682A-4816-9140-73A736D77023}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4188C717-093B-4043-97F1-B4A78C856DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{41BAA516-A5B5-43AE-8FD5-4D1FDD8A0146}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{42C5893E-0E85-4A9A-964D-53E649003F53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{442475FC-DD7F-421E-9D1D-52E3693C0C35}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{44B3B966-A3BD-4A30-B660-D03F747481ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4522D0AD-4591-4D83-B920-FC80C7B09CBB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{45F486DF-29FE-40EE-8960-CEE84A630F89}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{480E6211-11D5-4B39-B320-26A994212918}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |
"{4B98DB44-D60C-49C5-8AB5-A0670993F1FC}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{504CA1CC-2D60-465A-9597-E00F54DA29FD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{543E7691-BE1B-4B98-B77B-F5245E264055}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{55127574-F8EF-4FA4-93D6-59F6A2DE01EE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{56F96F78-88FC-4324-AEDC-E1A9382E1AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{5866E2C9-AE8D-4120-B75F-C79DB858EB82}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5E6FC9A6-278F-4C54-B27C-F7DFAADDED75}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{626309D1-619A-4313-B112-0EEFB3C1FF96}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{62DADE86-9D75-4A7E-97D6-E9B82019ACDE}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{6610143C-46F7-4A53-B491-EF46C410910B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{670180BD-8884-4D38-9D9D-A6C33C3B2822}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6CE66E0B-358D-4335-8C8D-44120E53CC10}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |
"{7061D5F2-BF48-4ED1-8924-FC5354ED1341}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{731A314C-D194-4150-904E-E380C2DAF1A4}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{74C5AC2B-D3F0-4F02-9DF8-A4E70C85A28B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{79A7042C-BE16-484F-A0D1-4B9438B428DB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{7F1BD841-A33D-423D-B292-F0F6DC7375BE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{8760C299-649F-48C3-B115-4423B9436B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{879E80D6-71F0-47F4-87C4-CBBB66D8A6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
"{898D119B-2F24-466D-BBA3-BB3A4D868070}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{8A0D2EAF-5F7F-4B71-8505-26973DAF7BF7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BFFD791-46E0-4FCF-9CBD-E2C6DA73F937}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{8CE72121-1781-4E65-A92E-4480790F9B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion\cities in motion.exe |
"{8D76A898-70A8-4EEE-90E0-7F301A592B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{93F142E5-97AD-43DE-BFDA-042E6E0A10C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96DD74C3-2338-4830-BA1E-1D43227C5723}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9D441AEA-D7C8-4D42-A9B4-895E8DD0C41E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FB67627-B0E9-4A4A-AE90-0F475DED01FB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{A10528A5-2220-47B3-B18F-58A601D40F3C}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |
"{A23B96F5-BDE0-447F-993E-4B241B14E180}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{A2801FAE-1F99-4264-9769-59CC6BD15F48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A2F39A1E-7D27-4E92-921D-281AE42B49E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4CD8F2E-4AD7-4EA8-AFE4-94BE5DF48A59}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{A75E39D3-BC2A-4CAC-9998-8FEDE8398CDD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7BBB955-6030-4913-8B96-0A070F4FBF24}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{A81A6BF1-48E4-469B-8B0B-04E12C0F89DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A84F1F29-B824-40B1-928A-A50DB62D2755}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A8A430EF-20EA-4ADE-BF71-E0C8D43F1FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{A9D670AB-EDA1-48F4-9C68-21A91B81A2DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AAC194EA-0AFC-49C2-8CC3-20181B929309}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{AB168094-0FED-4754-BB3E-0050C8164812}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
"{ACB2FA18-1D96-41BA-B16F-87899DD3D6DA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{ACBAD8CE-D0C4-48CE-AB3E-D9DB173294AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{ACD319B3-56DC-47F2-B674-5A5419972F90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{AD869572-6870-4600-9925-2B022B6A59A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B3586887-EA40-44B1-9C12-FF63D99926AB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{B37129CD-B0EF-47E1-AD2E-9D3CA851D7D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5213C7C-A407-497D-96C6-0C994299B94E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B5ABB4AF-CC46-4686-BE06-9C5104D20D52}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{B77BF8B6-988D-46AE-80B7-F69630B41DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{B79F1FD9-C58D-4B0B-9D18-5D6CE1FDE5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{B7C340F9-88F1-4704-BB27-9451B700B97B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{B812DE04-4FDA-43ED-B0E8-FEEE2D0E8DAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BA140441-A67E-406B-A8DE-FE5B587460AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BD56F25C-AB4A-4BDF-B86E-DABD30279449}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0CD677C-2286-4921-8757-AB54D41C0458}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |
"{C0D3AE90-6901-4B6E-BEB3-2675D252E3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{C181422E-0F56-424F-B916-AF923B9FD5CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5C9F766-476C-494D-8F6F-34EE34E48A84}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{C6069B1B-0DDD-442A-A94A-3F823D0A7BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{C722DAF9-171E-4411-AE17-E2BFC7D54223}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{C8935ADA-AE6A-4E92-82F8-73F597D2D6F1}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe |
"{C8EC5807-535D-4050-A8DA-EAE8F41EB2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D09C0174-829A-4378-A410-CE21A51FC4C4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D1067830-C5DA-49F2-BE35-B5D5DA969F6F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{D2A228FE-8A14-4F2C-9B5F-84AB6D51FBF5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D38CC444-2C99-4C93-8E4F-B975B44EB7F3}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe |
"{D653A4B2-0886-4AF2-B2BD-27A00138A88B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{DB60794E-629E-4DB0-BD64-EC87802996EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{DC1FFD57-56A5-4893-AE7F-EFBC86AA3B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{DCDE854A-F320-4184-B275-870EBD0603B6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E04CBD5F-C137-4525-8C3D-91C192CD56E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E09520A0-DA84-43B2-933B-081E455C7BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion\cities in motion.exe |
"{E0B48039-0D16-4E03-B7C3-9B2E32BC27BF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E0BFD674-A9BB-4C81-ADAD-DF16B7911EE9}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{E5BA124D-50E1-4B79-A29A-F1CE5FC602AC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E840F281-3E65-4957-AB13-7F55A0B4999F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC26E2DC-ED39-4A5B-B0AF-0124C363CF19}" = protocol=6 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{EE17FB6C-CCCD-4A2E-AB6F-61A7E7863FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{EEC98BD3-6753-4AB2-9363-89F22305CFB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2E68862-C796-455D-95BC-1E674481127A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{F5111C56-4A54-47F7-8D5B-04F4272D88AC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{F58F2218-6AB0-4166-A33E-34D3C332D081}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{F6388036-338F-4420-AEE0-4151390BBBAE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{F7AD32A6-4298-4194-87FC-C0AB0B6F3EBD}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe |
"{F8428BB0-95FF-4B9F-9371-DAA73FBDC312}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{FC7805C7-CF47-4F33-9E8E-9120E6E38BCF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{FD9541F6-54F0-4371-A80E-C7BAD4F7AC6C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{0B0CCA34-EF35-4744-9B50-02D2EBF69A3B}C:\program files (x86)\novo's easy wow server\0.4.3\authserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novo's easy wow server\0.4.3\authserver.exe |
"TCP Query User{10A0473B-C109-44E0-B52E-3CD18513EFA8}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{18D665FF-6F82-4D5C-9D51-A86D1C07047D}C:\users\*****\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de.exe |
"TCP Query User{25039C1A-E6E5-46AE-BF43-FE320F5EE209}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{2BB2ADC6-1E1A-4F3E-9B6B-6BFA54057D96}C:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{364905DC-384C-4893-92E8-9B292F2B6851}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{3E87C91E-0E08-4A73-BB45-0FAED17EA1CD}C:\program files (x86)\take 2\civcity rome\civcity rome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\take 2\civcity rome\civcity rome.exe |
"TCP Query User{40B1D9CC-B696-410F-AB65-5D95F84031F7}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{45686C3D-EB39-4007-A967-D72F483F4FD8}C:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{46ED13AE-AE49-4D5F-B52D-8E5375D5A5FF}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{5255BB98-1E45-4A28-8875-CC97429ADE71}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{569CC884-BE6B-4A80-B8BE-8731975E95BB}C:\program files (x86)\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{65F7FA29-DF74-463D-9F14-71F2B1B5EE28}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{6C032E69-F0C7-4457-B1E1-A21E8B48CB91}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{7D652931-D2EF-4863-8F95-B9B7F398E93B}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{80FAE56C-D5B5-4B3E-BBE1-52DBFC888278}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{8488CF89-182F-413F-91FA-71AE42565DD9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{8AC1BD6F-D057-4442-9FD7-2CB5C546088F}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{8F1C152B-BD5E-4444-ACDF-F57FE8FF0C67}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{94A14555-AEC2-4FCB-92E1-4D7F57507BD6}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
"TCP Query User{98A6EC01-7357-4CFA-8A3F-CD023C7385FB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A5CA3185-7D5A-420B-944B-61F88C71D00E}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{B151DC4C-F5B1-4276-8BF9-FA658F746181}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe |
"TCP Query User{C35C3087-53DA-42C8-82F2-AD2D87775354}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{C4DB21EC-C34C-45FC-8AC1-415CA5270CFC}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{C97D74CE-B0DD-453A-80E4-6CA32D87E203}C:\users\*****\downloads\ptr-installer-de_de(1).exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de(1).exe |
"TCP Query User{CCD67E65-C801-4E53-84D0-138C9BE044C9}C:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{CF560FCA-1A7C-4959-AEF5-71463F9FBA21}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
"TCP Query User{DCB77A14-6D38-49C8-8068-D129D0F4A082}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{DF40009E-BC04-4313-9B6E-74AB355AD414}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{E3CE6900-20A3-48D4-B90A-E50FB95D585C}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2650-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2650-enus-ptr-tools-downloader.exe |
"TCP Query User{FBC404D2-AF28-461C-941D-E0A1F7D46867}C:\users\*****\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{08ABF1A7-FA6F-4942-AAB8-B82DD166465B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{0A4ECD9C-447C-44B8-AE06-414EF06BFE39}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe |
"UDP Query User{0EC59942-8251-4D91-AFCF-347E106BE5A7}C:\users\*****\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de.exe |
"UDP Query User{1147F2F4-666A-4D5D-A9C1-28944C392402}C:\program files (x86)\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{12737C02-7B8A-4119-AC2C-AC84E4ED5BAF}C:\program files (x86)\take 2\civcity rome\civcity rome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\take 2\civcity rome\civcity rome.exe |
"UDP Query User{1743C121-3653-4BED-A7C9-D0414FAAA884}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{25F8A193-410E-4600-A8A3-BCC14C34430A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{2FC60618-4EDB-41A4-AB9A-53075D51B530}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{3130A2A2-E431-4C52-AD09-B06CE4AF9B98}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{32FE69F8-9697-4A30-AB35-1692A647B72F}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
"UDP Query User{3C8D7315-0F6F-4187-8BEF-61CB909D39D9}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{3C96DD84-F541-4BC4-B6CA-948D136C3673}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{57D6D8B9-A6F2-407F-8038-7698F7E59B12}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{664C904D-9213-4CC2-B14B-E963FEF03C45}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{7A7A431B-CAE3-4EFE-BD94-B32CB2F38750}C:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{7A999CB5-9603-4B42-9E5C-8BC378575F36}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{7D96E6E2-50DA-4F41-9ADB-60909EF8D24B}C:\program files (x86)\novo's easy wow server\0.4.3\authserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novo's easy wow server\0.4.3\authserver.exe |
"UDP Query User{7F593FDE-557D-4022-BB25-7B2D1E365D84}C:\users\*****\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe |
"UDP Query User{82E9B393-3366-42F5-B670-808F4827F700}C:\users\*****\downloads\ptr-installer-de_de(1).exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de(1).exe |
"UDP Query User{89EB851A-99FC-4CE6-81B6-4495F5F473A9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{A8D06909-E3B9-44EC-9150-135FC20A9978}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2650-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2650-enus-ptr-tools-downloader.exe |
"UDP Query User{C9CE729B-E84F-472B-956D-E593C95849BC}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{CEF9BD06-BB31-4B30-AD6F-A63491E667A5}C:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe |
"UDP Query User{D71AEC19-2324-41F3-9D31-CEE0B1CB0A90}C:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{D7D6C8A7-B28E-4696-89D3-A1EFCD62224C}C:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{DFFA4BBD-0B4D-4C48-BE7F-452D6DAC61B1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{E0B19395-C95D-499F-A6E2-2F5BD5D22375}C:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novo's easy wow server\0.4.3\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{E29F3C97-CF51-45BF-8636-504CD9B1E028}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{E4E7C9DB-14A2-4994-99A7-74431CF434A0}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{E7575328-67C0-4F99-8C7B-E179209F1CF1}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"UDP Query User{E9B708DB-FAA1-4170-82E5-22FF32A6CBB3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{FCDBE7D2-F1A0-4A0B-86F7-8AB2F6F81626}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26F32F41-2AA7-4DC9-B995-EA9860AE8C3B}" = Saitek SD6 Programming Software 6.2.1.3
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"M-WIN-L 7.0.0 1148351_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.0 1148351)
"M-WIN-L 8.0.0 1803527_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527)
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{5E331A07-33AE-4832-B33B-C14FAF79BDEC}" = Eudora
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{68EB7EA8-96D9-4CBD-8BE7-03189D1FC06B}_is1" = CivCity Rome
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{765443B7-555F-4E8C-9C96-A52409AE4E4A}" = Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7C9454BB-A2F7-4AE2-98C7-EE8C74D29D62}_is1" = Patrician IV
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C260343B-6282-42A2-939F-1FF7E503F608}" = Wolfram Notebook Indexer 2.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte)
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EAC2DDAB-5035-44EE-AA13-65D40CF46FF1}" = Kabel Deutschland Installations-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client 2.4.1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"BabylonToolbar" = Babylon toolbar on IE
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cities XL" = Cities XL
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"Downloader" = Downloader
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"IsoBuster_is1" = IsoBuster 2.8.5
"Kabel Deutschland Installations-Software" = Kabel Deutschland Installations-Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MiKTeX 2.7" = MiKTeX 2.7
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Novo's Easy WoW Server 0.4.3" = Novo's Easy WoW Server 0.4.3
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 11.64.1403" = Opera 11.64
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SmarThru Office PC Fax" = SmarThru Office PC Fax
"SmarThru PC Fax" = SmarThru PC Fax
"Softonic" = Softonic toolbar on IE
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 73010" = Cities in Motion
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Tomb Raider - Underworld_is1" = Tomb Raider - Underworld
"Uninstall_is1" = Uninstall 1.0.0.1
"World of Warcraft Public Test" = World of Warcraft Public Test

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.01.2012 22:27:20 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Patrician4.exe, Version: 1.1.1.0,
Zeitstempel: 0x4c87b540 Name des fehlerhaften Moduls: Patrician4.exe, Version: 1.1.1.0,
Zeitstempel: 0x4c87b540 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00066aa3 ID des fehlerhaften
Prozesses: 0x1004 Startzeit der fehlerhaften Anwendung: 0x01ccd3f3313c6c23 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Kalypso Media\Patrician 4\Patrician4.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Kalypso Media\Patrician 4\Patrician4.exe
Berichtskennung:
9d27b3b3-3fe9-11e1-ad20-90fba634307b

Error - 16.01.2012 09:03:40 | Computer Name = *****-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 17.01.2012 14:33:52 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Patrician4.exe, Version: 1.1.1.0,
Zeitstempel: 0x4c87b540 Name des fehlerhaften Moduls: atklumdisp.dll, Version: 7.14.10.304,
Zeitstempel: 0x4ad5a128 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000cbe9 ID des fehlerhaften
Prozesses: 0x11f0 Startzeit der fehlerhaften Anwendung: 0x01ccd5436dee179b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Kalypso Media\Patrician 4\Patrician4.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\atklumdisp.dll Berichtskennung: cdb3c202-4139-11e1-906f-90fba634307b

Error - 17.01.2012 17:37:58 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Patrician4.exe, Version: 1.1.1.0,
Zeitstempel: 0x4c87b540 Name des fehlerhaften Moduls: atklumdisp.dll, Version: 7.14.10.304,
Zeitstempel: 0x4ad5a128 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000cbe9 ID des fehlerhaften
Prozesses: 0xd9c Startzeit der fehlerhaften Anwendung: 0x01ccd55d90cfdab1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Kalypso Media\Patrician 4\Patrician4.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\atklumdisp.dll Berichtskennung: 8595a9f4-4153-11e1-906f-90fba634307b

Error - 17.01.2012 18:08:27 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Patrician4.exe, Version: 1.1.1.0,
Zeitstempel: 0x4c87b540 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x12f0 Startzeit der fehlerhaften Anwendung: 0x01ccd560f1c74819 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Kalypso Media\Patrician 4\Patrician4.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: c75ee3c5-4157-11e1-906f-90fba634307b

Error - 17.01.2012 21:34:44 | Computer Name = *****-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 19.01.2012 11:41:38 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTAIV_CONFIG.exe, Version: 0.0.0.0,
Zeitstempel: 0x4aa7ac55 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
Zeitstempel: 0x4c297c56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000407fd ID des fehlerhaften
Prozesses: 0x1014 Startzeit der fehlerhaften Anwendung: 0x01ccd6c0a5a03e9f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Rockstar Games\Grand Theft Auto
IV\Config\GTAIV_CONFIG.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll
Berichtskennung:
129ebb19-42b4-11e1-a825-90fba634307b

Error - 19.01.2012 13:10:46 | Computer Name = *****-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 20.01.2012 10:20:22 | Computer Name = *****-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 20.01.2012 21:25:57 | Computer Name = *****-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

[ System Events ]
Error - 02.06.2012 22:21:17 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 02.06.2012 22:21:17 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 02.06.2012 22:23:52 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =

Error - 02.06.2012 22:27:52 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 02.06.2012 22:34:56 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 04.06.2012 09:01:44 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 04.06.2012 10:57:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 04.06.2012 16:02:23 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AVP erreicht.

Error - 04.06.2012 16:06:30 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 06.06.2012 10:39:44 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20


< End of report >
Schritt 3: Gmer

Diesen Schritt habe ich ausgelassen da das hier ein 64 Bit System ist.

Ich habe in den Anhang noch drei Logs von Malwarebytes Anti-Malware angehängt. Das erste ist das von dem Zeitpunkt kurz nach dem Auftreten des Trojaner, das zweite ist ein Scan den ich gleich gemacht habe als ich den Rechner hier hatte und das dritte Log ist von dem Scan nachdem ich OTL etc. durchlaufen lassen habe.

Zum Thema wie die Daten verschlüsselt sind. Die Namen der Daten sind alle unverändert, soweit ich das jetzt gesehen habe, aber sobald man sie öffnen möchte kommt eine Fehlermeldung und das war's.

Ich bin ganz ehrlich wäre es mein Rechner hätte ich das Ding einfach platt gemacht. Aber das hier ist nicht mein Rechner und mein Freund sagte mir das er ziemlich wichtige Sachen hier drauf hat. (Uni-Protokolle, ein-zwei Teile seiner Doktorarbeit etc. pp, sprich Dinge die extrem wichtig sind.)

Ach und ich habe ihm auch schon gesagt er möchte bitte alle seine wichtigen Daten doch einfach nochmal als Backup auf nen seperaten USB Stick packen, oder ähnliches.

Sollte noch etwas fehlen einfach bescheid geben.

Alt 08.06.2012, 15:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen - Standard

Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen



Zitat:
Zum Thema wie die Daten verschlüsselt sind. Die Namen der Daten sind alle unverändert, soweit ich das jetzt gesehen habe, aber sobald man sie öffnen möchte kommt eine Fehlermeldung und das war's.
Hat er eine Sicherheitskopie seiner "wichtigen" Daten?
So wichtige Dinge wie Doktorarbeit sollte man nicht so sorglos betrachten

Hinweise bzgl. der verschlüsselten Dateien:
Wann genau die Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Man darf sich aber keine falschen Hoffnungen machen. Mittlerweile sieht es finster aus => Delphi-PRAXiS - Einzelnen Beitrag anzeigen - Verschlüsselungs-Trojaner, Hilfe benötigt


Und in Zukunft willst dein Kumpel sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________

__________________

Antwort

Themen zu Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen
64 bit system, avp.exe, babylon toolbar, babylontoolbar, bho, bonjour, browser, converter, daten verschlüsselt, desktop, device driver, document, downloader, e-mail, error, flash player, google, google earth, grand theft auto, helper, home, install.exe, kaspersky, langs, logfile, microsoft office word, mp3, nicht öffnen, problem, programm, realtek, richtlinie, scan, search the web, searchscopes, security, senden, svchost.exe, teamspeak, trojaner, version=1.0, win7 64bit, windows



Ähnliche Themen: Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen


  1. Dateien lassen sich nicht öffnen, grüne Dateinamen
    Alles rund um Windows - 01.03.2016 (24)
  2. Windows 7: Programme lassen sich nicht mehr über Verknüpfung öffnen
    Plagegeister aller Art und deren Bekämpfung - 05.12.2015 (36)
  3. Windows 7: .exe Programme lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 27.07.2015 (4)
  4. Windows 8.1 Programme, Systemsteuerung, etc. lassen sich nicht mehr öffnen
    Alles rund um Windows - 15.03.2015 (3)
  5. windows 7 systemsteuerung keine Funktion Browser lassen sich nicht öffnen
    Alles rund um Windows - 02.11.2014 (3)
  6. Ordener auf externe Festplatte als Verknüpfung, lassen sich aber öffnen
    Plagegeister aller Art und deren Bekämpfung - 11.10.2014 (3)
  7. Windows 8.1: Nach Vieren befall lassen sich einige Programme nicht Installieren/öffnen
    Alles rund um Windows - 12.09.2014 (22)
  8. Windows 7 LAN Einstellungen lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (2)
  9. Windows 7 braucht ewig bis es reagiert, ordner lassen sich nicht öffnen.
    Log-Analyse und Auswertung - 05.08.2014 (12)
  10. Windows 8: yawtix and google suchergebnisse lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (6)
  11. Windows 7 Ultimate: E-Mails lassen sich nicht öffnen
    Log-Analyse und Auswertung - 21.04.2014 (15)
  12. Windows 7: Internetoptionen lassen sich nicht öffnen!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2014 (1)
  13. Windows 7: Google, Facebook, Youtube laden nicht/ lassen sich nicht öffnen
    Log-Analyse und Auswertung - 19.11.2013 (19)
  14. Trojaner Befall + Dateien lassen sich nicht mehr öffnen
    Log-Analyse und Auswertung - 16.07.2012 (21)
  15. Verschlüsselungs-Trojaner: Dateinamen lassen sich nicht entschlüsseln
    Diskussionsforum - 08.06.2012 (3)
  16. Einstellungen lassen sich nciht mehr ändern, div. webseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (82)
  17. Trojaner eingefangen Internetseiten lassen sich nicht mehr öffnen!
    Log-Analyse und Auswertung - 15.04.2008 (3)

Zum Thema Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen - Guten Abend Ein Freund von mir hatte sich vor zwei Tagen auf seinen Rechner den Windows Verschlüsselungs Trojaner eingefangen. (Eine Rechnung von Flirt-Fever soweit ich weis, genau konnte er mir - Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen...
Archiv
Du betrachtest: Windows Verschlüsselungs Trojaner schlägt zu: Dateinamen unverändert, lassen sich aber nicht öffnen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.