| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.09.2012, 12:52
| #1 |
| |  Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen Hallo, ich fürchte mich hat es nun auch erwischt. Heute morgen beim hochfahren kam ein weißes Fenster, welches nur den Text "Das Programm kann die Webseite nicht anzeigen" enthielt, ansonsten konnte nichts gemacht werden (kein Taskmanager, etc.). Hab mich nun hier an die Anleitungen gehalten, Malwarebytes im abgesicherten Modus heruntergeladen, aktualisiert, gescannt und die gefundenen infizierten Objekte entfernt (Logfile im Anhang). Anschließend konnte ich wieder normal booten, habe "defogger" heruntergeladen und ausgeführt, wobei keine Fehlermeldung ausgegeben wurde. Dann habe ich OTL mittels Quick Scan laufen lassen und die beiden Logfiles gespeichert. Hier sind die beiden Logfiles: OTL.txt Logile: Code:
ATTFilter OTL logfile created on: 08.09.2012 12:47:08 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\anexity\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free 6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.09 07:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe PRC - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.11.02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe PRC - [2007.05.15 18:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007.03.21 18:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe PRC - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.07.24 00:09:23 | 000,115,137 | ---- | M] () -- C:\Users\anexity\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll MOD - [2012.03.09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011.01.16 04:09:42 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll MOD - [2011.01.16 04:08:27 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll MOD - [2011.01.16 04:08:22 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll MOD - [2011.01.16 04:01:31 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll MOD - [2011.01.16 04:01:19 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll MOD - [2011.01.16 04:01:17 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll MOD - [2011.01.16 04:01:12 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll MOD - [2011.01.16 04:01:10 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll MOD - [2011.01.16 04:01:09 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll MOD - [2011.01.16 04:01:09 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll MOD - [2011.01.16 04:01:08 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll MOD - [2011.01.16 04:01:06 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll MOD - [2011.01.16 04:01:01 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll MOD - [2010.12.29 20:52:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll MOD - [2010.12.29 20:51:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll MOD - [2010.12.29 18:22:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll MOD - [2010.12.29 18:22:40 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll MOD - [2010.12.29 18:22:28 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll MOD - [2010.12.29 18:22:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll MOD - [2010.12.29 18:21:53 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.12.29 18:21:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll MOD - [2010.12.29 18:21:36 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ace3bede2f516f9e5bca620ad86cc063\System.Web.ni.dll MOD - [2010.12.29 18:21:30 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.12.29 18:21:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010.12.29 18:21:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.12.29 18:21:19 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.12.29 18:21:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2009.06.10 15:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.06.10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 15:14:06 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.06.08 11:37:32 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV - [2012.09.08 00:38:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.08 03:53:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.29 18:27:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender) SRV - [2007.11.07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - [2012.07.30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.03.09 05:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.02.23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.10.27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.10.27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.10.27 03:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.10.27 03:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.10.27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.04.04 17:59:58 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011.01.13 03:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm) DRV - [2010.12.29 19:00:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.06.22 03:11:00 | 000,493,312 | ---- | M] (ITETech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2010.04.14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.01.14 13:14:10 | 000,126,808 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA) DRV - [2008.11.14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.05.15 06:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007.05.15 06:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tele2.at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 20 F7 77 24 09 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{15440812-8B32-4000-92FE-30CAF1BF1CD1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYAT&apn_uid=0630ea91-7e2a-4590-8f8e-b93526cca3ff&apn_sauid=20F02CA2-27AD-41CE-8746-571478301669 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={6086651F-1BD8-410E-8DB0-C29AFF5FEC7C}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: F:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: F:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\anexity\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: F:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.01.12 16:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 02:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 02:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 00:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 00:38:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.13 14:21:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.04 15:49:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M] [2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions [2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.15 17:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions [2011.03.28 05:04:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 20:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions [2010.12.29 18:47:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.12.29 18:47:52 | 000,000,000 | ---D | M] (ProxySel) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{71e95839-6f7e-470d-be54-77012fec6345} [2010.12.29 18:47:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 15:31:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Text2Link) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418} [2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2012.04.03 21:05:47 | 000,140,964 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\firegestures@xuldev.org.xpi [2011.04.11 00:55:48 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\personas@christopher.beard.xpi [2011.07.20 10:06:36 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.08.23 20:54:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.20 21:26:09 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.03.29 07:39:18 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.09.08 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.08 00:38:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.08 00:38:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.02 22:41:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.24 01:33:19 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.29 08:01:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.02 22:41:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.02 22:41:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.02 22:41:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.02 22:41:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.08 03:57:03 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [tvjbmonitor] F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe () O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - Startup: C:\Users\anexity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\anexity\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D3ADCF-862F-4DD8-910D-ADA9BB079B28}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE02C78C-AF36-4160-97A0-A26961071C58}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF83BD1D-5431-4AD9-9409-64CF13054C45}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.01.12 17:44:50 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2004.01.12 17:44:48 | 000,233,472 | R--- | M] () O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell - "" = AutoRun O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.08 12:46:31 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe [2012.09.08 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\anexity\AppData\Roaming\Malwarebytes [2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.08 12:33:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.08 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.08 12:33:06 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe [2012.09.08 12:27:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe [2012.09.08 12:26:19 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe [2012.09.08 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.08.29 15:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III ========== Files - Modified Within 30 Days ========== [2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe [2012.09.08 12:45:41 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.08 12:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.08 12:45:34 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys [2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 12:44:47 | 000,000,168 | ---- | M] () -- C:\Users\anexity\defogger_reenable [2012.09.08 12:44:17 | 000,050,477 | ---- | M] () -- C:\Users\anexity\Desktop\Defogger.exe [2012.09.08 12:33:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 12:33:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe [2012.09.08 12:32:07 | 000,000,512 | ---- | M] () -- C:\Users\anexity\Desktop\MBR.dat [2012.09.08 12:27:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe [2012.09.08 12:27:00 | 000,708,738 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.08 12:27:00 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.08 12:27:00 | 000,153,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.08 12:27:00 | 000,123,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.08 12:26:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe [2012.09.08 12:21:42 | 000,001,990 | ---- | M] () -- C:\Users\anexity\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.09.08 12:14:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.08 01:47:13 | 000,074,127 | ---- | M] () -- C:\ProgramData\pkcxieoxsdkckqb [2012.08.29 15:57:49 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.08.20 17:06:05 | 000,001,048 | ---- | M] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk [2012.08.19 13:52:06 | 000,107,363 | ---- | M] () -- C:\Users\anexity\Desktop\AL_script_update.exe [2012.08.19 12:44:30 | 000,835,023 | ---- | M] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe [2012.08.19 12:43:43 | 012,670,411 | ---- | M] () -- C:\Users\anexity\Desktop\X2Update14DE.exe [2012.08.19 12:27:21 | 000,508,780 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg [2012.08.19 12:27:10 | 000,328,056 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg [2012.08.18 18:46:34 | 000,127,122 | ---- | M] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json [2012.08.14 19:11:04 | 000,555,343 | ---- | M] () -- C:\Users\anexity\Desktop\vinocard.jpg [2012.08.10 01:28:12 | 000,500,649 | ---- | M] () -- C:\Users\anexity\Desktop\1344549037219.jpg ========== Files Created - No Company Name ========== [2012.09.08 12:44:34 | 000,000,168 | ---- | C] () -- C:\Users\anexity\defogger_reenable [2012.09.08 12:44:17 | 000,050,477 | ---- | C] () -- C:\Users\anexity\Desktop\Defogger.exe [2012.09.08 12:33:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 12:32:07 | 000,000,512 | ---- | C] () -- C:\Users\anexity\Desktop\MBR.dat [2012.09.08 01:42:29 | 000,074,127 | ---- | C] () -- C:\ProgramData\pkcxieoxsdkckqb [2012.08.29 15:57:24 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.08.20 17:06:06 | 000,001,048 | ---- | C] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk [2012.08.19 13:52:05 | 000,107,363 | ---- | C] () -- C:\Users\anexity\Desktop\AL_script_update.exe [2012.08.19 12:44:30 | 000,835,023 | ---- | C] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe [2012.08.19 12:43:31 | 012,670,411 | ---- | C] () -- C:\Users\anexity\Desktop\X2Update14DE.exe [2012.08.19 12:27:21 | 000,508,780 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg [2012.08.19 12:27:10 | 000,328,056 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg [2012.08.18 18:46:34 | 000,127,122 | ---- | C] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json [2012.08.14 19:11:03 | 000,555,343 | ---- | C] () -- C:\Users\anexity\Desktop\vinocard.jpg [2012.08.10 01:28:12 | 000,500,649 | ---- | C] () -- C:\Users\anexity\Desktop\1344549037219.jpg [2012.07.18 17:31:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.07.01 16:04:53 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.03.09 06:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.03.09 06:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011.10.12 02:53:41 | 000,000,074 | ---- | C] () -- C:\Windows\WatchTVProEx.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.06.04 00:50:20 | 000,000,240 | ---- | C] () -- C:\Windows\RomeTW.ini [2011.05.09 23:23:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.04.04 17:43:00 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.21 14:57:33 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.03.21 14:57:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.03.21 14:57:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.03.17 03:03:35 | 000,001,456 | ---- | C] () -- C:\Users\anexity\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.01.24 16:27:37 | 000,000,036 | ---- | C] () -- C:\Users\anexity\.org.eclipse.epp.usagedata.recording.userId [2011.01.17 00:09:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.01.16 21:22:56 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin [2011.01.12 17:44:59 | 000,005,120 | ---- | C] () -- C:\Users\anexity\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.04 16:56:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.04 16:55:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat [2011.01.04 16:55:14 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.01.04 16:53:59 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.01.03 00:38:15 | 000,000,096 | ---- | C] () -- C:\Users\anexity\.asadminpass [2010.12.30 16:38:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.12.30 02:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.29 18:27:40 | 000,708,738 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.12.29 18:27:40 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.12.29 18:27:40 | 000,153,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.12.29 18:27:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.12.29 18:06:10 | 000,000,879 | ---- | C] () -- C:\Users\anexity\Downloads.lnk [2010.12.29 18:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.08.12 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Audacity [2011.07.22 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Canneverbe Limited [2011.07.02 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.02 04:28:23 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DAEMON Tools Lite [2012.09.08 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Dropbox [2012.03.10 03:19:33 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoft [2011.01.15 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.11 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Ebner [2011.05.10 03:01:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\ManyCam [2011.02.07 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\MAXON [2011.10.31 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\mkvtoolnix [2011.01.12 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia [2011.01.12 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia Ovi Suite [2012.07.15 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\NoNameScript [2010.12.29 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Notepad++ [2011.03.08 03:58:32 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Opera [2011.01.12 16:24:45 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\PC Suite [2011.12.01 14:21:35 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Samsung [2011.04.07 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Subversion [2011.02.10 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TeamViewer [2010.12.29 18:37:57 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Thunderbird [2010.12.29 18:42:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Trillian [2011.04.04 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TrueCrypt [2011.12.26 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Unity [2012.07.01 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\uTorrent [2011.10.12 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\WatchTVProEx [2012.06.26 08:35:16 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.09.2012 12:47:08 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\anexity\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS
Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB26D06-05FB-4CBC-852F-50CAED1AB5FB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{11AE6151-841D-405F-B5A2-D93836516928}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13F718E7-5173-49DD-B333-0ADAA9881EB5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1879EC7A-9AB3-4C70-843B-3BBF3B5619C8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{3AE9BC15-975A-4D6F-97FD-BFA9C8941DBB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{4161921C-06AF-479E-B99E-DD124C0F07B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{438414FA-942F-4DA1-AF51-26BB4B0D78C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B3B134D-B91B-451D-86C8-B1505E776F26}" = lport=138 | protocol=17 | dir=in | app=system |
"{5BE2BD7C-8B53-4C4E-80BB-1E1DFED4F2A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F2054B6-580D-4E6D-8EE5-BE67C99FB806}" = rport=139 | protocol=6 | dir=out | app=system |
"{658CA06C-0DFC-4832-A263-5506B955078F}" = lport=137 | protocol=17 | dir=in | app=system |
"{6997AE05-1B12-44BA-A363-3FC14EB4659A}" = rport=137 | protocol=17 | dir=out | app=system |
"{6ADBD19F-A4F0-4CCA-91FA-C51099B6FE53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B0A75C7-1CCC-40F3-8925-99A6E92F182B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71937102-6EE6-4538-86AF-F856FE144D88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92F884DF-3E0D-4F3F-9347-F05D2EA022DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2D0DE05-0372-486D-92A5-229DB135094A}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2DE4316-B72A-4D3B-BD5C-D745E205546C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5D02157-0E82-4C1E-B0B8-C716CB498E89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{AE97417A-750D-4E7E-81F2-D81583087E68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD5E04B9-E0DA-41E2-AC9F-711BD7A5BFDA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{BE2EC1F1-B8EB-4FE5-A63E-E9296AD98E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0180D24-5AF6-410F-8FA2-C06F95C3F3F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{C9AD7C54-92F0-445A-A212-976A4757EEA5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA01D0EC-51C9-4FF0-BC20-DFCBFC6B62A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4938C1D-17E6-45A6-8421-ABA8E862C39D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F614ECC3-9492-409A-BE79-40CFECBE87E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FF4937E7-F936-489E-AC39-22A9E3B1D6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214A17B-16A5-4357-9FF4-3D7F3EDFF43A}" = protocol=6 | dir=in | app=f:\programme\utorrent\utorrent.exe |
"{03FAB972-1A53-4C36-962A-7F410D637959}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{09FB274D-8ADD-4628-97BB-935B5C76607B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0A98F939-2D22-4BBB-99A8-0E9987336E2B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{113A9218-F023-4E6F-AD53-1E9229D905B5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{11AF344B-A1A4-44D8-B1B2-713140B55989}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{1A09BB39-A97D-4D59-B3CA-892DCBC9B26F}" = protocol=6 | dir=in | app=g:\games\diablo iii\diablo iii.exe |
"{1B68F279-E8E0-4A5C-89D2-37535A14D336}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BD2F6D2-F96C-4EDC-A6B1-9CCBFC1351A0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2C2355F1-7876-4B18-9DAE-660F0159482F}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{2F04C78D-01CB-43A1-AD7D-D993887914F0}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{30CBA6E7-80B4-4DBE-8091-C0C46D695FE9}" = dir=out | app=f:\programe\emule\emule.exe |
"{34C3B2F3-E824-4B7D-9B2D-51E8FC059C09}" = protocol=6 | dir=out | app=system |
"{3803B665-65FC-420E-BEA6-242E440F11D2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3B1AD30D-37BE-4CB5-821F-8D17526F85D4}" = protocol=17 | dir=in | app=g:\games\diablo iii\diablo iii.exe |
"{3B1E5242-9407-45D8-9645-C83075EA42B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3BD8A872-1713-44E1-88DD-7593C07562F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3CD9C826-C244-45CD-9681-F141C3C55C73}" = protocol=6 | dir=in | app=g:\games\battlefield 3\bf3.exe |
"{4F47C86B-4B5E-44B6-BB51-55B80614657C}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{50CE94DC-DF9B-401E-88FB-712B15DB2D9B}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{55AF6AD7-138E-4649-8FDB-1BA3C7D48915}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{55B4C6BB-7149-48BB-9CC1-0B4D790E8BD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5911E5E4-A762-4B6B-96CC-0B45065B9438}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{59CB1C60-F41D-480A-BC47-FDF86C32F178}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{5B6F79F9-B917-4B5E-BB26-902C5623BF83}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{5D840D4A-B01C-4E50-8A2B-AF02F2D17F95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5D901CF6-15A3-4029-BC48-4C54A8302414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{611D54C2-48AA-4F66-A048-AC8EF44D24B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B8B0777-B4E5-4FC9-A47C-705CB8AB5BC5}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{6DBC692A-5BC6-4A21-B680-C2823059A219}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{70B05AF1-4FE1-4433-BA07-60B8BF4E4886}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe |
"{712434FA-4D62-462C-8917-48472475E7F7}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{7588B8D5-ABA3-4ECB-A124-09F75065C227}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{7B56278C-AAE7-4CD6-85E8-C712FFD78848}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{7D99C069-A825-42F0-B84B-3031227BAEE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F517E48-A639-4EDF-8B8D-391EF27E3A9A}" = protocol=17 | dir=in | app=f:\programme\utorrent\utorrent.exe |
"{8883D2EE-39AE-4566-B827-54CCE5D0B71E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B2E99E4-CFEF-4CEC-9800-9E44B6AC4AA7}" = protocol=17 | dir=in | app=g:\games\battlefield 3\bf3.exe |
"{9056F375-8586-425B-A539-681F5B77CD22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90A7DA1B-F98C-4973-B7CD-5C4A6B13EA5C}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{97543C94-307E-4BE7-9F17-DBFAB23C9D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9BD53013-A119-46FF-BF86-071A2846DF49}" = protocol=6 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe |
"{9CE3ADC6-ECD4-488E-B1FB-1BB69456157F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{9E4B6F2C-4662-477F-A15D-7363F3AD2B2E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A22B7549-E20F-47F6-B841-3D32F88369A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA14ABAA-62CA-45B6-93F0-686AA713F313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE9B0398-53B4-4699-9928-AA5103FD9FC3}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{AF98878D-130C-48C7-9532-FE4AB92E032E}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe |
"{B252CDFF-7812-47DA-BA57-8C33510C809B}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{B6F3CDA0-6680-4183-8403-3FEED0AD559B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BFDB22B3-64F5-4500-9196-26A3A9519E1D}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe |
"{C14A3EE7-5162-44C5-AE78-FBC8D0AC0A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3E71554-F695-4135-AFB2-E0F9C2469F37}" = dir=in | app=f:\programe\emule\emule.exe |
"{C455AB08-1393-44DC-B646-A4CD1196FEAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C4D298DA-3F7F-4ABB-B8F8-9E6889BA778E}" = protocol=17 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe |
"{C8B298C7-2704-4BAD-BB73-9C76509E6147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD18A0FC-7E47-4186-9576-D1B868531BF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EDFE3E6A-8DA3-4B7C-9885-C4B3825A7196}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F0CEA4D9-D4C9-4B47-93AE-7E3C3D8886DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0EB62ED-96BB-42DB-8C00-06D9AC72D5D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8ED1C72-F67D-43AA-BDA8-8150FB7FE9F2}" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"{FBBE3726-8989-45C9-AB2E-51FB7FDBB2A8}" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"{FCA89A80-0892-498A-A8BD-A2F44FA07753}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe |
"TCP Query User{0058B413-CAB0-4BE1-935D-0DC3851486CF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{071EDB05-28C3-42F7-AB39-F0F1434C907A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1816EF79-5102-433A-B00B-92F44E92D5C0}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe |
"TCP Query User{3667B2CB-492A-4044-8AD3-64445824A9D7}G:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\warcraft iii\war3.exe |
"TCP Query User{3E0147E3-C2AC-4ADB-A0A2-3BA69FB6613E}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe |
"TCP Query User{4D6A040B-EB81-4618-A306-7A3EBACB9377}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{529A4E58-8CA3-4DBC-8093-58C02DF26452}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe |
"TCP Query User{669DF5BF-D4C2-43E3-B336-47AFF45258AC}G:\games\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe |
"TCP Query User{721FCD17-090F-4111-AFEF-05BE967C7E19}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{80DFC16D-2665-4E75-AC4B-219DB9F8A8C9}G:\games\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=g:\games\dead island\deadislandgame.exe |
"TCP Query User{8358EF83-B9EF-4870-A775-075577E21522}C:\bauserver\spheresvr.exe" = protocol=6 | dir=in | app=c:\bauserver\spheresvr.exe |
"TCP Query User{A7E872F4-B9AD-4427-A658-9AB6928C7657}G:\games\ea games\ultima online 2d client\client.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe |
"TCP Query User{ACF61201-7C02-4382-8A63-2ED568382056}F:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=f:\programme\trillian\trillian.exe |
"TCP Query User{B20C32B7-D38E-4D70-B69A-5DF35123FFB7}G:\games\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=g:\games\valve\portal 2\portal2.exe |
"TCP Query User{B8F1B090-E51B-4D8B-9C42-E812A33450A3}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{CA00DFF3-28AD-4E10-850E-62139167B646}F:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\programme\mirc\mirc.exe |
"TCP Query User{FB0762AF-EE8D-4310-A136-06B4895C0798}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0B8B0C85-6887-4FAD-B957-22FFCE526372}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe |
"UDP Query User{25903D49-C832-498E-A5D4-17F5B242263D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{260B502D-3F88-4A36-B7E6-B63DB8053AF8}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe |
"UDP Query User{289F6CBB-A83C-4423-ACBB-2AB3FA46D9A0}F:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\programme\mirc\mirc.exe |
"UDP Query User{2F1BF8CA-2B86-49B7-9ADF-429F6C91C17D}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe |
"UDP Query User{385B1FBB-9FC8-4FFB-9DBC-D8E2E0D2ACEF}G:\games\ea games\ultima online 2d client\client.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe |
"UDP Query User{4770DA47-2F0B-485A-A4FA-C50A022D6776}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{680BAD46-1705-4FAA-8B77-9887D522F5DF}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{8B3DFE20-FB51-41B3-9B84-6E97CD66F33B}G:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\warcraft iii\war3.exe |
"UDP Query User{B12EAFDD-078E-4BA5-AA25-F813382DCD40}G:\games\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=g:\games\dead island\deadislandgame.exe |
"UDP Query User{BEAE585D-C50B-4FE0-8258-A82ACB3017AF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C222F2EC-18B5-4065-97A0-5E880322B3B6}F:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=f:\programme\trillian\trillian.exe |
"UDP Query User{C6378C78-22CC-4B09-9302-2D979B792551}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C79753E6-19E8-429F-8326-B29933BC3943}C:\bauserver\spheresvr.exe" = protocol=17 | dir=in | app=c:\bauserver\spheresvr.exe |
"UDP Query User{DAD41AF2-E090-4563-9A92-FF5FB7B6F408}G:\games\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=g:\games\valve\portal 2\portal2.exe |
"UDP Query User{E422F7A0-5A12-42CF-A103-1D3EE9F52DCD}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FB416359-D92F-4FB3-926D-696392CD379C}G:\games\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{212719F5-89EE-4B3A-A8EB-121D931E5547}" = Adobe Flash Player 10 ActiveX
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBA73A5-F9B8-4E6A-B96D-8585590F57F5}" = Microsoft SQL Server Management Studio Express
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55D873F4-67F0-4BA8-B735-06A5B99AFFE1}" = Adobe Flash Player 10 Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59054586-87B7-4CB3-AAE7-0F25597E6BBE}" = Master of Orion II
"{5B119660-1788-11D8-8EB8-0050BF643EE7}" = digestIT 2004
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3C9CD09-A1F4-4C60-BDDA-06152623324A}_is1" = Steig ein! 9.5
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D4A262C4-11C1-4841-A0B3-0AAE19BE708D}_is1" = Steig ein! 8.6
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D7241F38-7D90-794C-C77E-2F8DBEBED491}" = AMD Media Foundation Decoders
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
"{e7d7ffbd-9938-46b6-b377-0c995386cf5b}" = Check Point SSL Network Extender Service
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.5
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D-Fend Reloaded" = D-Fend Reloaded 1.1.0 (deinstallieren)
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup.divx.com" = DivX-Setup
"Dungeon Keeper II" = Dungeon Keeper 2
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"eMule_is1" = eMule ScarAngel 4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Gmask 1.70 English" = Gmask 1.70 English
"Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM)
"hon" = Heroes of Newerth
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"JDownloader" = JDownloader
"KeyControl" = KeyControl v1.02 (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 2.6.43 (remove only)
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 11.64.1403" = Opera 11.64
"Orion2DeinstKey" = Master of Orion II
"Postal 2_is1" = Portal 2
"Shockwave" = Shockwave
"T4EPlayer" = T4E Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.5
"WatchTVProEx_is1" = WatchTVPro Ex Version 5.14
"WheelMouse" = Smart-X7 7.80
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Axis2" = Axis2 (remove only)
"Dropbox" = Dropbox
"NoNameScript" = NNScript
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.02.2012 16:48:59 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/10 21:48:59.217]: [00001988]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 11.02.2012 07:56:18 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/11 12:56:18.662]: [00001944]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 11.02.2012 16:20:21 | Computer Name = michael | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 11.02.2012 16:21:04 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 11.02.2012 16:21:34 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12.02.2012 07:23:28 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 12:23:28.358]: [00000448]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 12.02.2012 17:49:43 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 22:49:43.983]: [00000340]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 15.02.2012 08:11:25 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/15 13:11:25.567]: [00000128]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 15.02.2012 12:57:53 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 15.02.2012 12:58:30 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 03.05.2012 19:27:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:37 - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 03.05.2012 19:27:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:38 - Failed to retrieve EpgListings (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 14.05.2012 20:50:26 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:26 - Error connecting to the internet. 02:50:26 - Unable
to contact server..
Error - 14.05.2012 20:50:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:31 - Error connecting to the internet. 02:50:31 - Unable
to contact server..
Error - 14.05.2012 21:50:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:42 - Error connecting to the internet. 03:50:42 - Unable
to contact server..
Error - 14.05.2012 21:50:50 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:47 - Error connecting to the internet. 03:50:47 - Unable
to contact server..
Error - 14.05.2012 22:50:55 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:50:55 - Error connecting to the internet. 04:50:55 - Unable
to contact server..
Error - 14.05.2012 22:51:03 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:51:00 - Error connecting to the internet. 04:51:00 - Unable
to contact server..
Error - 14.05.2012 23:54:08 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:08 - Error connecting to the internet. 05:54:08 - Unable
to contact server..
Error - 14.05.2012 23:54:16 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:13 - Error connecting to the internet. 05:54:13 - Unable
to contact server..
[ System Events ]
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
Error - 08.09.2012 06:43:03 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
Error - 08.09.2012 06:43:14 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfhlp01
Error - 08.09.2012 06:44:57 | Computer Name = michael | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber sfhlp01.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:32 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:44 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfhlp01
< End of report >
Ich hoffe mir kann geholfen werden und ich bedanke mich schon einmal im voraus! LG, anexity |
|
11.09.2012, 11:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen Wieso im Anhang? Poste die Logs doch bitte einheitlich und nicht so einen Mischmasch. Grundsätzlich sollen alle Logs direkt gepostet werden in CODE-Tags umschlossen
__________________
__________________ |
|
11.09.2012, 12:37
| #3 |
| | Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen Hallo,
__________________erstmal vielen Dank für deine Antwort. Ich habe die restliche Logs im Anhang gepostet, da dies in der Anleitung für die Hilfesuchenden (http://www.trojaner-board.de/69886-a...-beachten.html) explizit so gefordert wurde. Hier nun alle Logs direkt: Malwarebytes Logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.08.02 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 anexity :: MICHAEL [Administrator] Schutz: Deaktiviert 08.09.2012 12:39:15 mbam-log-2012-09-08 (12-39-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 241084 Laufzeit: 2 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ttesfmkoutgegfc (Rogue.WindowsSecuritySystem.Phex) -> Daten: C:\Windows\ttesfmko.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\ttesfmko.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ttesfmko.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\anexity\0.10582708333216007.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\svhost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 08.09.2012 12:47:08 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\anexity\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free 6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.09 07:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe PRC - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.11.02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe PRC - [2007.05.15 18:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007.03.21 18:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe PRC - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.07.24 00:09:23 | 000,115,137 | ---- | M] () -- C:\Users\anexity\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll MOD - [2012.03.09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011.01.16 04:09:42 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll MOD - [2011.01.16 04:08:27 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll MOD - [2011.01.16 04:08:22 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll MOD - [2011.01.16 04:01:31 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll MOD - [2011.01.16 04:01:19 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll MOD - [2011.01.16 04:01:17 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll MOD - [2011.01.16 04:01:12 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll MOD - [2011.01.16 04:01:10 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll MOD - [2011.01.16 04:01:09 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll MOD - [2011.01.16 04:01:09 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll MOD - [2011.01.16 04:01:08 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll MOD - [2011.01.16 04:01:06 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll MOD - [2011.01.16 04:01:01 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll MOD - [2010.12.29 20:52:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll MOD - [2010.12.29 20:51:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll MOD - [2010.12.29 18:22:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll MOD - [2010.12.29 18:22:40 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll MOD - [2010.12.29 18:22:28 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll MOD - [2010.12.29 18:22:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll MOD - [2010.12.29 18:21:53 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.12.29 18:21:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll MOD - [2010.12.29 18:21:36 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ace3bede2f516f9e5bca620ad86cc063\System.Web.ni.dll MOD - [2010.12.29 18:21:30 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.12.29 18:21:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010.12.29 18:21:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.12.29 18:21:19 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.12.29 18:21:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2009.06.10 15:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.06.10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 15:14:06 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.06.08 11:37:32 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV - [2012.09.08 00:38:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.08 03:53:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.29 18:27:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender) SRV - [2007.11.07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - [2012.07.30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.03.09 05:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.02.23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.10.27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.10.27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.10.27 03:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.10.27 03:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.10.27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.04.04 17:59:58 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011.01.13 03:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm) DRV - [2010.12.29 19:00:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.06.22 03:11:00 | 000,493,312 | ---- | M] (ITETech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2010.04.14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.01.14 13:14:10 | 000,126,808 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA) DRV - [2008.11.14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.05.15 06:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007.05.15 06:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tele2.at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 20 F7 77 24 09 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{15440812-8B32-4000-92FE-30CAF1BF1CD1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYAT&apn_uid=0630ea91-7e2a-4590-8f8e-b93526cca3ff&apn_sauid=20F02CA2-27AD-41CE-8746-571478301669 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={6086651F-1BD8-410E-8DB0-C29AFF5FEC7C}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: F:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: F:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\anexity\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: F:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.01.12 16:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 02:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 02:16:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 00:38:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 00:38:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.13 14:21:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.04 15:49:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M] [2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions [2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.15 17:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions [2011.03.28 05:04:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 20:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions [2010.12.29 18:47:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.12.29 18:47:52 | 000,000,000 | ---D | M] (ProxySel) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{71e95839-6f7e-470d-be54-77012fec6345} [2010.12.29 18:47:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 15:31:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Text2Link) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418} [2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2012.04.03 21:05:47 | 000,140,964 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\firegestures@xuldev.org.xpi [2011.04.11 00:55:48 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\personas@christopher.beard.xpi [2011.07.20 10:06:36 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.08.23 20:54:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.20 21:26:09 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.03.29 07:39:18 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.09.08 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.08 00:38:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.08 00:38:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.02 22:41:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.24 01:33:19 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.29 08:01:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.02 22:41:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.02 22:41:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.02 22:41:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.02 22:41:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.08 03:57:03 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [tvjbmonitor] F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe () O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - Startup: C:\Users\anexity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\anexity\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D3ADCF-862F-4DD8-910D-ADA9BB079B28}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE02C78C-AF36-4160-97A0-A26961071C58}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF83BD1D-5431-4AD9-9409-64CF13054C45}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.01.12 17:44:50 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2004.01.12 17:44:48 | 000,233,472 | R--- | M] () O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell - "" = AutoRun O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.08 12:46:31 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe [2012.09.08 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\anexity\AppData\Roaming\Malwarebytes [2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.08 12:33:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.08 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.08 12:33:06 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe [2012.09.08 12:27:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe [2012.09.08 12:26:19 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe [2012.09.08 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.08.29 15:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III ========== Files - Modified Within 30 Days ========== [2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe [2012.09.08 12:45:41 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.08 12:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.08 12:45:34 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys [2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 12:44:47 | 000,000,168 | ---- | M] () -- C:\Users\anexity\defogger_reenable [2012.09.08 12:44:17 | 000,050,477 | ---- | M] () -- C:\Users\anexity\Desktop\Defogger.exe [2012.09.08 12:33:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 12:33:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe [2012.09.08 12:32:07 | 000,000,512 | ---- | M] () -- C:\Users\anexity\Desktop\MBR.dat [2012.09.08 12:27:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe [2012.09.08 12:27:00 | 000,708,738 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.08 12:27:00 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.08 12:27:00 | 000,153,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.08 12:27:00 | 000,123,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.08 12:26:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe [2012.09.08 12:21:42 | 000,001,990 | ---- | M] () -- C:\Users\anexity\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.09.08 12:14:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.08 01:47:13 | 000,074,127 | ---- | M] () -- C:\ProgramData\pkcxieoxsdkckqb [2012.08.29 15:57:49 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.08.20 17:06:05 | 000,001,048 | ---- | M] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk [2012.08.19 13:52:06 | 000,107,363 | ---- | M] () -- C:\Users\anexity\Desktop\AL_script_update.exe [2012.08.19 12:44:30 | 000,835,023 | ---- | M] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe [2012.08.19 12:43:43 | 012,670,411 | ---- | M] () -- C:\Users\anexity\Desktop\X2Update14DE.exe [2012.08.19 12:27:21 | 000,508,780 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg [2012.08.19 12:27:10 | 000,328,056 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg [2012.08.18 18:46:34 | 000,127,122 | ---- | M] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json [2012.08.14 19:11:04 | 000,555,343 | ---- | M] () -- C:\Users\anexity\Desktop\vinocard.jpg [2012.08.10 01:28:12 | 000,500,649 | ---- | M] () -- C:\Users\anexity\Desktop\1344549037219.jpg ========== Files Created - No Company Name ========== [2012.09.08 12:44:34 | 000,000,168 | ---- | C] () -- C:\Users\anexity\defogger_reenable [2012.09.08 12:44:17 | 000,050,477 | ---- | C] () -- C:\Users\anexity\Desktop\Defogger.exe [2012.09.08 12:33:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 12:32:07 | 000,000,512 | ---- | C] () -- C:\Users\anexity\Desktop\MBR.dat [2012.09.08 01:42:29 | 000,074,127 | ---- | C] () -- C:\ProgramData\pkcxieoxsdkckqb [2012.08.29 15:57:24 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.08.20 17:06:06 | 000,001,048 | ---- | C] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk [2012.08.19 13:52:05 | 000,107,363 | ---- | C] () -- C:\Users\anexity\Desktop\AL_script_update.exe [2012.08.19 12:44:30 | 000,835,023 | ---- | C] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe [2012.08.19 12:43:31 | 012,670,411 | ---- | C] () -- C:\Users\anexity\Desktop\X2Update14DE.exe [2012.08.19 12:27:21 | 000,508,780 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg [2012.08.19 12:27:10 | 000,328,056 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg [2012.08.18 18:46:34 | 000,127,122 | ---- | C] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json [2012.08.14 19:11:03 | 000,555,343 | ---- | C] () -- C:\Users\anexity\Desktop\vinocard.jpg [2012.08.10 01:28:12 | 000,500,649 | ---- | C] () -- C:\Users\anexity\Desktop\1344549037219.jpg [2012.07.18 17:31:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.07.01 16:04:53 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.03.09 06:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.03.09 06:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011.10.12 02:53:41 | 000,000,074 | ---- | C] () -- C:\Windows\WatchTVProEx.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.06.04 00:50:20 | 000,000,240 | ---- | C] () -- C:\Windows\RomeTW.ini [2011.05.09 23:23:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.04.04 17:43:00 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.21 14:57:33 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.03.21 14:57:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.03.21 14:57:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.03.17 03:03:35 | 000,001,456 | ---- | C] () -- C:\Users\anexity\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.01.24 16:27:37 | 000,000,036 | ---- | C] () -- C:\Users\anexity\.org.eclipse.epp.usagedata.recording.userId [2011.01.17 00:09:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.01.16 21:22:56 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin [2011.01.12 17:44:59 | 000,005,120 | ---- | C] () -- C:\Users\anexity\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.04 16:56:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.04 16:55:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat [2011.01.04 16:55:14 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.01.04 16:53:59 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.01.03 00:38:15 | 000,000,096 | ---- | C] () -- C:\Users\anexity\.asadminpass [2010.12.30 16:38:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.12.30 02:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.29 18:27:40 | 000,708,738 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.12.29 18:27:40 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.12.29 18:27:40 | 000,153,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.12.29 18:27:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.12.29 18:06:10 | 000,000,879 | ---- | C] () -- C:\Users\anexity\Downloads.lnk [2010.12.29 18:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.08.12 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Audacity [2011.07.22 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Canneverbe Limited [2011.07.02 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.02 04:28:23 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DAEMON Tools Lite [2012.09.08 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Dropbox [2012.03.10 03:19:33 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoft [2011.01.15 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.11 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Ebner [2011.05.10 03:01:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\ManyCam [2011.02.07 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\MAXON [2011.10.31 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\mkvtoolnix [2011.01.12 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia [2011.01.12 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia Ovi Suite [2012.07.15 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\NoNameScript [2010.12.29 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Notepad++ [2011.03.08 03:58:32 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Opera [2011.01.12 16:24:45 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\PC Suite [2011.12.01 14:21:35 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Samsung [2011.04.07 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Subversion [2011.02.10 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TeamViewer [2010.12.29 18:37:57 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Thunderbird [2010.12.29 18:42:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Trillian [2011.04.04 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TrueCrypt [2011.12.26 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Unity [2012.07.01 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\uTorrent [2011.10.12 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\WatchTVProEx [2012.06.26 08:35:16 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.09.2012 12:47:08 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\anexity\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS
Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB26D06-05FB-4CBC-852F-50CAED1AB5FB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{11AE6151-841D-405F-B5A2-D93836516928}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13F718E7-5173-49DD-B333-0ADAA9881EB5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1879EC7A-9AB3-4C70-843B-3BBF3B5619C8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{3AE9BC15-975A-4D6F-97FD-BFA9C8941DBB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{4161921C-06AF-479E-B99E-DD124C0F07B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{438414FA-942F-4DA1-AF51-26BB4B0D78C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B3B134D-B91B-451D-86C8-B1505E776F26}" = lport=138 | protocol=17 | dir=in | app=system |
"{5BE2BD7C-8B53-4C4E-80BB-1E1DFED4F2A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F2054B6-580D-4E6D-8EE5-BE67C99FB806}" = rport=139 | protocol=6 | dir=out | app=system |
"{658CA06C-0DFC-4832-A263-5506B955078F}" = lport=137 | protocol=17 | dir=in | app=system |
"{6997AE05-1B12-44BA-A363-3FC14EB4659A}" = rport=137 | protocol=17 | dir=out | app=system |
"{6ADBD19F-A4F0-4CCA-91FA-C51099B6FE53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B0A75C7-1CCC-40F3-8925-99A6E92F182B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71937102-6EE6-4538-86AF-F856FE144D88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92F884DF-3E0D-4F3F-9347-F05D2EA022DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2D0DE05-0372-486D-92A5-229DB135094A}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2DE4316-B72A-4D3B-BD5C-D745E205546C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A5D02157-0E82-4C1E-B0B8-C716CB498E89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{AE97417A-750D-4E7E-81F2-D81583087E68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD5E04B9-E0DA-41E2-AC9F-711BD7A5BFDA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{BE2EC1F1-B8EB-4FE5-A63E-E9296AD98E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0180D24-5AF6-410F-8FA2-C06F95C3F3F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{C9AD7C54-92F0-445A-A212-976A4757EEA5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA01D0EC-51C9-4FF0-BC20-DFCBFC6B62A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4938C1D-17E6-45A6-8421-ABA8E862C39D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F614ECC3-9492-409A-BE79-40CFECBE87E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FF4937E7-F936-489E-AC39-22A9E3B1D6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214A17B-16A5-4357-9FF4-3D7F3EDFF43A}" = protocol=6 | dir=in | app=f:\programme\utorrent\utorrent.exe |
"{03FAB972-1A53-4C36-962A-7F410D637959}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{09FB274D-8ADD-4628-97BB-935B5C76607B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0A98F939-2D22-4BBB-99A8-0E9987336E2B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{113A9218-F023-4E6F-AD53-1E9229D905B5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{11AF344B-A1A4-44D8-B1B2-713140B55989}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{1A09BB39-A97D-4D59-B3CA-892DCBC9B26F}" = protocol=6 | dir=in | app=g:\games\diablo iii\diablo iii.exe |
"{1B68F279-E8E0-4A5C-89D2-37535A14D336}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BD2F6D2-F96C-4EDC-A6B1-9CCBFC1351A0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2C2355F1-7876-4B18-9DAE-660F0159482F}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{2F04C78D-01CB-43A1-AD7D-D993887914F0}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{30CBA6E7-80B4-4DBE-8091-C0C46D695FE9}" = dir=out | app=f:\programe\emule\emule.exe |
"{34C3B2F3-E824-4B7D-9B2D-51E8FC059C09}" = protocol=6 | dir=out | app=system |
"{3803B665-65FC-420E-BEA6-242E440F11D2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3B1AD30D-37BE-4CB5-821F-8D17526F85D4}" = protocol=17 | dir=in | app=g:\games\diablo iii\diablo iii.exe |
"{3B1E5242-9407-45D8-9645-C83075EA42B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3BD8A872-1713-44E1-88DD-7593C07562F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3CD9C826-C244-45CD-9681-F141C3C55C73}" = protocol=6 | dir=in | app=g:\games\battlefield 3\bf3.exe |
"{4F47C86B-4B5E-44B6-BB51-55B80614657C}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{50CE94DC-DF9B-401E-88FB-712B15DB2D9B}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{55AF6AD7-138E-4649-8FDB-1BA3C7D48915}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{55B4C6BB-7149-48BB-9CC1-0B4D790E8BD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5911E5E4-A762-4B6B-96CC-0B45065B9438}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{59CB1C60-F41D-480A-BC47-FDF86C32F178}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{5B6F79F9-B917-4B5E-BB26-902C5623BF83}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{5D840D4A-B01C-4E50-8A2B-AF02F2D17F95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5D901CF6-15A3-4029-BC48-4C54A8302414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{611D54C2-48AA-4F66-A048-AC8EF44D24B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B8B0777-B4E5-4FC9-A47C-705CB8AB5BC5}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe |
"{6DBC692A-5BC6-4A21-B680-C2823059A219}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{70B05AF1-4FE1-4433-BA07-60B8BF4E4886}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe |
"{712434FA-4D62-462C-8917-48472475E7F7}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe |
"{7588B8D5-ABA3-4ECB-A124-09F75065C227}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{7B56278C-AAE7-4CD6-85E8-C712FFD78848}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{7D99C069-A825-42F0-B84B-3031227BAEE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F517E48-A639-4EDF-8B8D-391EF27E3A9A}" = protocol=17 | dir=in | app=f:\programme\utorrent\utorrent.exe |
"{8883D2EE-39AE-4566-B827-54CCE5D0B71E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B2E99E4-CFEF-4CEC-9800-9E44B6AC4AA7}" = protocol=17 | dir=in | app=g:\games\battlefield 3\bf3.exe |
"{9056F375-8586-425B-A539-681F5B77CD22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90A7DA1B-F98C-4973-B7CD-5C4A6B13EA5C}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{97543C94-307E-4BE7-9F17-DBFAB23C9D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9BD53013-A119-46FF-BF86-071A2846DF49}" = protocol=6 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe |
"{9CE3ADC6-ECD4-488E-B1FB-1BB69456157F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{9E4B6F2C-4662-477F-A15D-7363F3AD2B2E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A22B7549-E20F-47F6-B841-3D32F88369A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA14ABAA-62CA-45B6-93F0-686AA713F313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE9B0398-53B4-4699-9928-AA5103FD9FC3}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{AF98878D-130C-48C7-9532-FE4AB92E032E}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe |
"{B252CDFF-7812-47DA-BA57-8C33510C809B}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{B6F3CDA0-6680-4183-8403-3FEED0AD559B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BFDB22B3-64F5-4500-9196-26A3A9519E1D}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe |
"{C14A3EE7-5162-44C5-AE78-FBC8D0AC0A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3E71554-F695-4135-AFB2-E0F9C2469F37}" = dir=in | app=f:\programe\emule\emule.exe |
"{C455AB08-1393-44DC-B646-A4CD1196FEAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C4D298DA-3F7F-4ABB-B8F8-9E6889BA778E}" = protocol=17 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe |
"{C8B298C7-2704-4BAD-BB73-9C76509E6147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD18A0FC-7E47-4186-9576-D1B868531BF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EDFE3E6A-8DA3-4B7C-9885-C4B3825A7196}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F0CEA4D9-D4C9-4B47-93AE-7E3C3D8886DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0EB62ED-96BB-42DB-8C00-06D9AC72D5D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8ED1C72-F67D-43AA-BDA8-8150FB7FE9F2}" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"{FBBE3726-8989-45C9-AB2E-51FB7FDBB2A8}" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"{FCA89A80-0892-498A-A8BD-A2F44FA07753}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe |
"TCP Query User{0058B413-CAB0-4BE1-935D-0DC3851486CF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{071EDB05-28C3-42F7-AB39-F0F1434C907A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1816EF79-5102-433A-B00B-92F44E92D5C0}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe |
"TCP Query User{3667B2CB-492A-4044-8AD3-64445824A9D7}G:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\warcraft iii\war3.exe |
"TCP Query User{3E0147E3-C2AC-4ADB-A0A2-3BA69FB6613E}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe |
"TCP Query User{4D6A040B-EB81-4618-A306-7A3EBACB9377}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{529A4E58-8CA3-4DBC-8093-58C02DF26452}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe |
"TCP Query User{669DF5BF-D4C2-43E3-B336-47AFF45258AC}G:\games\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe |
"TCP Query User{721FCD17-090F-4111-AFEF-05BE967C7E19}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{80DFC16D-2665-4E75-AC4B-219DB9F8A8C9}G:\games\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=g:\games\dead island\deadislandgame.exe |
"TCP Query User{8358EF83-B9EF-4870-A775-075577E21522}C:\bauserver\spheresvr.exe" = protocol=6 | dir=in | app=c:\bauserver\spheresvr.exe |
"TCP Query User{A7E872F4-B9AD-4427-A658-9AB6928C7657}G:\games\ea games\ultima online 2d client\client.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe |
"TCP Query User{ACF61201-7C02-4382-8A63-2ED568382056}F:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=f:\programme\trillian\trillian.exe |
"TCP Query User{B20C32B7-D38E-4D70-B69A-5DF35123FFB7}G:\games\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=g:\games\valve\portal 2\portal2.exe |
"TCP Query User{B8F1B090-E51B-4D8B-9C42-E812A33450A3}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{CA00DFF3-28AD-4E10-850E-62139167B646}F:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\programme\mirc\mirc.exe |
"TCP Query User{FB0762AF-EE8D-4310-A136-06B4895C0798}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0B8B0C85-6887-4FAD-B957-22FFCE526372}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe |
"UDP Query User{25903D49-C832-498E-A5D4-17F5B242263D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{260B502D-3F88-4A36-B7E6-B63DB8053AF8}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe |
"UDP Query User{289F6CBB-A83C-4423-ACBB-2AB3FA46D9A0}F:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\programme\mirc\mirc.exe |
"UDP Query User{2F1BF8CA-2B86-49B7-9ADF-429F6C91C17D}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe |
"UDP Query User{385B1FBB-9FC8-4FFB-9DBC-D8E2E0D2ACEF}G:\games\ea games\ultima online 2d client\client.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe |
"UDP Query User{4770DA47-2F0B-485A-A4FA-C50A022D6776}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{680BAD46-1705-4FAA-8B77-9887D522F5DF}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{8B3DFE20-FB51-41B3-9B84-6E97CD66F33B}G:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\warcraft iii\war3.exe |
"UDP Query User{B12EAFDD-078E-4BA5-AA25-F813382DCD40}G:\games\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=g:\games\dead island\deadislandgame.exe |
"UDP Query User{BEAE585D-C50B-4FE0-8258-A82ACB3017AF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C222F2EC-18B5-4065-97A0-5E880322B3B6}F:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=f:\programme\trillian\trillian.exe |
"UDP Query User{C6378C78-22CC-4B09-9302-2D979B792551}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C79753E6-19E8-429F-8326-B29933BC3943}C:\bauserver\spheresvr.exe" = protocol=17 | dir=in | app=c:\bauserver\spheresvr.exe |
"UDP Query User{DAD41AF2-E090-4563-9A92-FF5FB7B6F408}G:\games\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=g:\games\valve\portal 2\portal2.exe |
"UDP Query User{E422F7A0-5A12-42CF-A103-1D3EE9F52DCD}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FB416359-D92F-4FB3-926D-696392CD379C}G:\games\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{212719F5-89EE-4B3A-A8EB-121D931E5547}" = Adobe Flash Player 10 ActiveX
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBA73A5-F9B8-4E6A-B96D-8585590F57F5}" = Microsoft SQL Server Management Studio Express
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{55D873F4-67F0-4BA8-B735-06A5B99AFFE1}" = Adobe Flash Player 10 Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59054586-87B7-4CB3-AAE7-0F25597E6BBE}" = Master of Orion II
"{5B119660-1788-11D8-8EB8-0050BF643EE7}" = digestIT 2004
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3C9CD09-A1F4-4C60-BDDA-06152623324A}_is1" = Steig ein! 9.5
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D4A262C4-11C1-4841-A0B3-0AAE19BE708D}_is1" = Steig ein! 8.6
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D7241F38-7D90-794C-C77E-2F8DBEBED491}" = AMD Media Foundation Decoders
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
"{e7d7ffbd-9938-46b6-b377-0c995386cf5b}" = Check Point SSL Network Extender Service
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.5
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D-Fend Reloaded" = D-Fend Reloaded 1.1.0 (deinstallieren)
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup.divx.com" = DivX-Setup
"Dungeon Keeper II" = Dungeon Keeper 2
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"eMule_is1" = eMule ScarAngel 4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Gmask 1.70 English" = Gmask 1.70 English
"Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM)
"hon" = Heroes of Newerth
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"JDownloader" = JDownloader
"KeyControl" = KeyControl v1.02 (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 2.6.43 (remove only)
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 11.64.1403" = Opera 11.64
"Orion2DeinstKey" = Master of Orion II
"Postal 2_is1" = Portal 2
"Shockwave" = Shockwave
"T4EPlayer" = T4E Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.5
"WatchTVProEx_is1" = WatchTVPro Ex Version 5.14
"WheelMouse" = Smart-X7 7.80
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Axis2" = Axis2 (remove only)
"Dropbox" = Dropbox
"NoNameScript" = NNScript
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.02.2012 16:48:59 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/10 21:48:59.217]: [00001988]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 11.02.2012 07:56:18 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/11 12:56:18.662]: [00001944]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 11.02.2012 16:20:21 | Computer Name = michael | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 11.02.2012 16:21:04 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 11.02.2012 16:21:34 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12.02.2012 07:23:28 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 12:23:28.358]: [00000448]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 12.02.2012 17:49:43 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 22:49:43.983]: [00000340]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 15.02.2012 08:11:25 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/15 13:11:25.567]: [00000128]: GetDeviceIpAddress:
GetAddressByName [BRN001BA92C6898] Error
Error - 15.02.2012 12:57:53 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 15.02.2012 12:58:30 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 03.05.2012 19:27:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:37 - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 03.05.2012 19:27:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:38 - Failed to retrieve EpgListings (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 14.05.2012 20:50:26 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:26 - Error connecting to the internet. 02:50:26 - Unable
to contact server..
Error - 14.05.2012 20:50:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:31 - Error connecting to the internet. 02:50:31 - Unable
to contact server..
Error - 14.05.2012 21:50:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:42 - Error connecting to the internet. 03:50:42 - Unable
to contact server..
Error - 14.05.2012 21:50:50 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:47 - Error connecting to the internet. 03:50:47 - Unable
to contact server..
Error - 14.05.2012 22:50:55 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:50:55 - Error connecting to the internet. 04:50:55 - Unable
to contact server..
Error - 14.05.2012 22:51:03 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:51:00 - Error connecting to the internet. 04:51:00 - Unable
to contact server..
Error - 14.05.2012 23:54:08 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:08 - Error connecting to the internet. 05:54:08 - Unable
to contact server..
Error - 14.05.2012 23:54:16 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:13 - Error connecting to the internet. 05:54:13 - Unable
to contact server..
[ System Events ]
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
Error - 08.09.2012 06:43:03 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
Error - 08.09.2012 06:43:14 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfhlp01
Error - 08.09.2012 06:44:57 | Computer Name = michael | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber sfhlp01.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:32 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
Error - 08.09.2012 06:45:44 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfhlp01
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-08 13:25:55
Windows 6.1.7600 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-5 OCZ-VERTEX2 rev.1.25
Running: pmxj3yyt.exe; Driver: C:\Users\anexity\AppData\Local\Temp\uwldypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83250599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83274F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91034000, 0x3CA315, 0xE8000020]
PAGE peauth.sys 9996AB9B 72 Bytes CALL E93B29C5
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3304] ntdll.dll!DbgUiRemoteBreakin 776ED315 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc60c1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc60c1@c8979ff3dc1c 0x39 0x7B 0x92 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0xA8 0x2F 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x87 0x5F 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xCC 0xDA 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc60c1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc60c1@c8979ff3dc1c 0x39 0x7B 0x92 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4A 0xA8 0x2F 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x87 0x5F 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x06 0xCC 0xDA 0x05 ...
---- EOF - GMER 1.0.15 ----
Vielen Dank schonmal für die Hilfe! LG, anexity |
|
11.09.2012, 16:53
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigenZitat:
Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen |
| 32 bit, battle.net, bho, booten, c:\windows\system32\cmd.exe, converter, document, error, excel, failed, firefox, flash player, gmx.net, google, google earth, helper, install.exe, jdownloader, kaspersky, langs, logfile, mp3, office 2007, plug-in, popup, problem, programm, realtek, registry, richtlinie, security, senden, software, svchost.exe, taskmanager, teamspeak, visual studio, windows |
