| |
| |||||||
Log-Analyse und Auswertung: Online Banking gesperrt - SchadsoftwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.05.2013, 14:47
| #1 |
| |  Online Banking gesperrt - Schadsoftware Hallo liebe Trojanerbekämpfer! Da mein Online Banking bei der Sparkasse aufgrund einer Schadsoftware gesperrt wurde, habe ich gleich einmal danach gegoogelt und bin hier aufs Forum gestoßen. Hier habe ich auch schon gesehen, dass ich nicht der einzige mit dem Problem bin. Ich hoffe ihr könnt mir helfen die Schadsoftware (oder was sich da auch eingenistet hat) zu beseitigen ohne dass ich meinen PC neu aufsetzten muss. Ich habe nun gleich einmal den OTL Scan gemacht wie er in einem Thread beschrieben wird. Hier die LOGs: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 30.05.2013 15:27:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,01% Memory free
8,25 Gb Paging File | 6,27 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): c:\pagefile.sys 5120 6144i:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,52 Gb Total Space | 33,37 Gb Free Space | 36,87% Space Free | Partition Type: NTFS
Drive D: | 295,37 Gb Total Space | 66,80 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
Drive X: | 79,87 Gb Total Space | 32,46 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009F94DA-CBD8-407D-B0FE-9CB775C3BC8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06D1948F-644C-4896-9BA9-0F7930F33C83}" = rport=10243 | protocol=6 | dir=out | app=system |
"{09E2BE97-1853-4E8F-BBA5-175CC1E99FF3}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery |
"{0A0C3620-F7EC-4DBB-96B4-30F79F3370EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{11E6253B-2AB5-4B6B-9480-B3D848E7A8C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11F9AEE4-E398-4917-BB06-437088F52DE4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1787A7F2-B295-44BF-81B0-035B2C2E07DD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{18847473-1DE7-43F1-AB45-803A65400366}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1AAD2B6A-D4E3-4916-AAA9-5E75F603A89D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{25A9BE02-A3FD-4499-BEFD-B2CAE381AC3F}" = rport=137 | protocol=17 | dir=out | app=system |
"{296F624C-116D-4646-A214-65594CFB1109}" = rport=445 | protocol=6 | dir=out | app=system |
"{29F79B7C-0383-43A8-BA1F-B117C93718F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C93F55C-D159-4D40-950D-3AE60DB785C1}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery |
"{33128945-6BA1-4CB0-A224-35D3F582EFDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3AF46097-BAEB-4785-9D2B-BCFCF8F301CD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53B3E999-04A1-460F-85C9-302A57922D65}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections |
"{5DADB6ED-1E47-4C26-BA62-51143052A917}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6F6F5851-94D4-479A-8145-D386544A3C62}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections |
"{7112BBAB-AFB3-4B40-9600-73D67229D637}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{771D0B2A-5DDD-4D87-BDC9-2A771DBC4F47}" = lport=137 | protocol=17 | dir=in | app=system |
"{7DB7CAD4-F2B5-4345-86E5-E9FA0D7FEEBF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{7FC16EDE-C651-43DE-AD86-6312388BD8B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{876108B7-FC34-4868-B688-48E1F178CA63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{889459E7-1CE6-4F0D-BB69-687DBDB6A550}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B494AC4-D0CD-4321-B8E9-959A51691A2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B6231EA-2FA9-4435-A8A8-20F7F76F2973}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8FC4E2DF-485C-463E-B9E0-D6CCD399A3E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{9054ABC2-4A7A-407B-8E3D-7CA6FDE899C8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9ADF84D8-C2B5-4ABB-8635-E3C107DD47DD}" = lport=3389 | protocol=6 | dir=in | app=system |
"{A3FC3E23-1598-4D8A-9A1C-68E548AC155E}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7688D13-FAC9-4F35-B75C-9311F9C2E210}" = lport=5656 | protocol=17 | dir=in | name=gremoteserver udp port |
"{B027759C-962F-4611-BB6E-9F1C786C2CFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3A39DEF-CEC9-4469-9164-DFF31FEDAB8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C728CAA3-0AB4-4140-AC55-6E5BA3FB5D78}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DF16FFA5-3563-4F3B-845B-FC47ECAEBE5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E3842230-9BF2-4295-8F2C-A9F72ECDC71B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E9CE0F33-B64D-4552-BFE5-35450376A2C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA45B1D4-9274-495F-98F3-07150856F107}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ECFBB29A-CF1F-459C-A580-01148721A594}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EDF0DF3E-95D3-427F-8F16-9E8EF6D04034}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F78FEC8E-35F4-472F-A335-8DA512B6CF39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FD7BDD81-213E-46D0-B724-11429D2342F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFBDD387-7D4B-4851-9B39-407BACDFF3C9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E26137-D535-4208-A7F5-AF2FED065BB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{035E12E6-3041-45F2-B98F-A39CB7132580}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0375961E-0337-45E3-98F3-07D6EA3C3A29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05908347-5937-4C8F-BD84-E8AF76D9A056}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe |
"{068BD1D5-DD5F-444C-ACD6-E1F89A1B06F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{072C8F0F-1518-4BC7-BAD3-0E5A83C37DC2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{07CE84FD-A1A4-489C-80AC-45CC8EA138FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DFDFD8D-606C-408B-B661-124C7DBF418A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{0F51F023-80D5-4E9F-B560-BDDE721B9D9E}" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"{15AEE56B-468F-4D87-A49B-ED162E20C3D1}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{1625F215-C211-4179-98CC-BF27DEE62FD5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{16ACE72D-4508-4F23-864E-4DA498DA45A4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1966F879-ED7C-4D05-898C-1DCD62B789C9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{19ACBC3C-CB74-49B5-ACDF-249C76A12F64}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{1F027B75-4715-4862-AAA6-5D10FE6AEC15}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{21C602CF-B9DB-4D32-A3A8-2AA9179A04C8}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{223E1DBF-856C-4BC9-9557-76B62605682B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{261143D8-A802-4762-BE48-95D2F325A54E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2933F36D-59CB-4EE0-83BA-1D54D8C6AE85}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2A160773-B1AA-40A2-895A-8B082E7EEE9B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B55B782-7692-4F1C-8552-DB3EEC09DD6F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C817F02-3C3F-44FF-A1FF-2313488F77CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2CA99137-DF28-4712-8686-4FBD5A7F32CB}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\goodsync.exe |
"{2E0AB9EB-13EA-43E6-B368-8D7DD5C2F4A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3120431D-16B5-4958-BDD3-8ECA53963D15}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\gs-server.exe |
"{32776A0C-1EDA-489C-ACE9-A62BAF7CD539}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{327EAF38-4580-4DA3-9C13-09950D08E21A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{340DA129-306B-4B9D-BEC0-D1D24C91B0C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{352F6E09-8002-40FC-8EEE-42CA31A80061}" = protocol=6 | dir=in | app=d:\program files\idisplay\idisplay.exe |
"{36854603-C330-4B4F-93C5-D194DFE3CC1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{368EE2D9-648C-4D55-A169-4D856140FF8D}" = protocol=6 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe |
"{38E459E0-3761-4859-96B4-2B68E69D31A8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{38F0B886-E2E0-4947-A48F-3EC918F46B7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E9D864D-47E8-415E-9657-60DAB604C1AA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F30BB61-32DB-4377-93A4-7D0E0D4AB580}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42321214-143B-490A-A986-102118775D6F}" = protocol=6 | dir=in | app=c:\program files\backburner 2\server.exe |
"{426C7343-414E-4A12-8C9E-F096605507D7}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe |
"{42E9ACA5-A052-4476-AAC9-DADCA657D3E1}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{45B7934F-31D9-421B-A78E-1D5B2AC89DAB}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\gsexplorer.exe |
"{47C8606C-5EA6-4067-BA7C-50B351933472}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48FD44FF-7B34-4949-9325-6FE2C77D4CBA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B9CFE6D-FB20-48BC-B5A6-054E40C733A5}" = protocol=17 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe |
"{4BDD1781-90FE-413F-9221-42B49E0EB81C}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{4F29CF7F-45AE-44EA-9188-C4C5C9404B51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{51D3B1D0-98F7-402A-84AB-DCFA15CA50EB}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{51F988AA-0F16-4BA0-823A-CADADE58F8B2}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe |
"{52354824-D402-487A-AE2E-1E843E485363}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{591C0695-2D57-45E8-97F5-C8791C6A185E}" = protocol=6 | dir=out | app=system |
"{5AEBED2F-1CB5-4A09-AC36-BA5D7AC10D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C939CAA-29CD-4F53-A7C5-F1CAC87292DC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5D77A730-2A69-43E4-B173-1A87AAA30E26}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\manager.exe |
"{615FDF69-E1AC-4D8A-89E1-67475C23B3A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{62E96D18-CC00-49DE-8F38-0F07EE2948BB}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{669F3289-ED87-47CE-997C-946F54BCA972}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{694EB7EA-85F4-4E99-A1E0-B2147CD492D7}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6D9B4F4B-4073-425A-BAD8-9434626961A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F5C7B5A-392C-4213-B454-0F391AC28F0F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6FC9F265-7215-4EC4-B1D5-02C486A37B8B}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe |
"{73C882FE-805B-4006-BE8B-B6DDC44E186E}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe |
"{7C26D67B-19EE-4DD7-8D17-C7B8F12B5A20}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"{82909D90-CA4D-4A13-89EB-8E0260706FCC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82C1B06C-8959-499E-87B6-2C51DDF6AAC3}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\goodsync.exe |
"{8A0BA3F2-9470-42D8-96E7-FE9A169DB7AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8AD93B54-D05A-4708-8833-E01255A84DD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8B0A0DC5-8C74-41BA-9024-488CD78FD01E}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{8BFB7093-8B09-4B34-95F4-0D0117155524}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"{8C1F23BD-E20C-402F-987C-56007C4BA3B9}" = protocol=17 | dir=in | app=c:\program files\backburner 2\server.exe |
"{8D4B2110-75FC-4C64-9FC5-EBBFD11D4FBE}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\gs-server.exe |
"{8FB52C9D-BBFD-4644-80C4-B8F2E63C7F35}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{90183AC0-B8E1-425A-A317-9CE761F8CAEC}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\manager.exe |
"{937A28EA-3E96-410D-B294-3EBF3876C5F2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbupswx.exe |
"{951D2E66-D162-43CA-94D7-BFB49C907084}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95D2B67E-8207-4038-8089-AE94A2D8CD0B}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\server.exe |
"{992AF70C-8CEF-48A4-87EA-A2F1ABCA08C1}" = protocol=17 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{99D09D79-B9AC-46E4-87BF-E1F981014DE3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AEFC9E4-1E48-4070-BA36-30D444131913}" = protocol=6 | dir=in | app=c:\program files\backburner 2\monitor.exe |
"{9D5EE270-9B9B-4442-9477-A36491868858}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{9E7A0B81-AFA4-407E-A7EA-AFDE3437A1E5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9F2B409E-16EC-4966-990E-7C639985CCB7}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{A3F0A002-7EBB-4D0B-A7EE-89ED3B0FB9C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5C8C719-6E5E-42A1-A42A-556C4624E940}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC462C6B-6BF5-458C-B67E-F895AB4EF239}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3y.exe |
"{ADC8156F-D5EE-4BEC-A852-77EF3BF8A688}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B06EEEEE-3EE4-43F7-B4B0-F28879FC6DD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1C05667-57B1-44AE-945B-A9D64A3ED774}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe |
"{B41BC928-7536-4684-A307-2CA17AE78402}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B56ADB45-742F-443A-9B5D-DA5B83670298}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B606879E-95CC-4EA2-AA5F-3A9272C07B40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B635AA8A-2ED0-450A-8BB9-D8C30CC2AAC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8D8996A-71E0-46C9-A49B-5F3D2BA60C33}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{B8F0F1B0-DF66-45F2-986A-75B03D6EE072}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC0FB2B8-CF73-4C6D-B7CD-299EE792D254}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{BDE2D687-0055-40FB-AC4E-F8E379BA06EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BE7A5EBF-B7CE-4D5A-A996-81CE9FDC1AF1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbupswx.exe |
"{BE872ABA-FE1B-4A1E-912E-DC5795724E88}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF552EE1-8E94-4100-B023-A72F2AD8DFD0}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C0EBE799-EFEA-40AD-B9B0-D5A3E3C83C44}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\server.exe |
"{C149A3BB-48A0-40B4-B60D-7C4B6667144C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C14B69C3-3A1B-4301-8C71-D16B9E511E36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C39398DF-1DB2-4EC8-80C2-2544B358C975}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C53E7953-74DC-4320-AC44-D5B798DAC4DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C55AA09B-5525-4FE2-A6EB-FE17E44E1B92}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{CD502786-FA52-4F1E-B195-031C915833EE}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe |
"{CD7BC678-DAD4-42B2-888F-85E10DABB878}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE20CE75-6E56-4C46-B6F9-729977790F76}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{CFCDCFF8-61A6-48FF-9149-D066CAC41D10}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"{D052D553-11B4-457E-9ACD-BB5B26BBCA06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D45501EB-FEC5-46A5-AACE-41F3342A73A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D55F51D7-F784-4F67-8AB4-02D1816868AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D7E37804-02D9-44BE-8E60-F0396E11312D}" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"{D97D1A9B-9C6A-443B-B496-5301699D85C8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D9A34361-1FF4-4A6F-B322-F2BCBF841B16}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DBDDC718-2424-40FF-A660-6016C0B35062}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC38B7A1-7A19-4572-B804-231FA9CB50E3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC551ABC-F82D-4790-8BAE-591A9829533C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DDA1CA55-32DD-4E60-BB67-699197D1FAF8}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{DDE7E29B-05BA-4E5A-8181-03661C71A136}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe |
"{DE070C7C-2D36-4F1B-958A-703CD2B84E8C}" = protocol=6 | dir=in | app=d:\program files\smartftp client\smartftp.exe |
"{DF43F3F7-7B1B-452B-927E-FDEDF48E7B7A}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{DFEEA257-873B-4630-82AB-9AACA41BFDD0}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{E114EFDB-4644-40C8-AE70-713830269671}" = protocol=17 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{E202C588-7DD2-48E8-B46A-A91AAEFA4A5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2DBD22A-1ED6-4296-8BA9-7122C581BCFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4DEB344-75BB-477B-AD79-85DD288615D7}" = protocol=17 | dir=in | app=d:\program files\idisplay\idisplay.exe |
"{E5605F38-7950-458D-BDD0-75D40AA6352C}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3y.exe |
"{E723A605-7E07-4C14-AC5C-96E4F64D20A7}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{E78E6DBB-2928-497A-8A31-607565F791D2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E880C361-C135-451E-A136-34181AAA1844}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED0B4C47-FA5E-4F0C-9209-6330535D9419}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\gsexplorer.exe |
"{F12CCF94-7941-414A-9FB4-966B0208590D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3239163-F0AF-4759-B0F1-31DF2F31CB44}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe |
"{F6963C29-9F24-4AD6-BC27-F6B01B418D4D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F832AC05-3A68-4054-8915-99D2176CDE09}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"{FB225D7F-CECC-4854-A40B-E36D48C19D49}" = protocol=6 | dir=in | app=c:\program files\backburner 2\manager.exe |
"{FE817B56-B7F1-4436-901B-449D36087CE8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{059C752D-1FC9-44FF-9A50-F27E5B46BA24}D:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=d:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe |
"TCP Query User{0BA3652B-F4B5-4662-AF88-B1970C5A7044}D:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{136E423E-34A7-448A-A643-791DB8C12AB9}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{1A25D4C9-0F54-4D46-9E7F-4485009BF066}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{1EDEAD11-6D23-43C0-8CC6-FA0061F14AA7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{21C2D761-EDDE-4B5F-BA93-3325F2A125D2}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{3400678C-1FAF-482A-A952-9C6FA6DAFDD6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3BE6D1F8-1DF8-465D-967B-6A0EAD4E9B3B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{4A7B64B0-D97C-450E-910B-F8D222DAF7A6}D:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe |
"TCP Query User{4BD62CB5-8702-4025-BAA1-FA0A6E8ECFD6}D:\program files\idisplay\idisplay.exe" = protocol=6 | dir=in | app=d:\program files\idisplay\idisplay.exe |
"TCP Query User{4C7C430B-31B0-4530-91A0-EB26BC91A343}D:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"TCP Query User{551C577B-B3A2-4AE8-AB9B-E66E100CF79E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{56E35F55-8B7B-45BD-9376-B95952327BF6}D:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe |
"TCP Query User{5AFB474E-1409-4EA9-A864-A07C2269352E}X:\fsx\aerosoft\airbus x\airbusxconnect.exe" = protocol=6 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe |
"TCP Query User{5DC31A97-624E-4481-98B0-22036563013A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6AF74A2F-6B52-49BA-8B37-345F4362A782}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{6DFB3240-5D39-40F0-B32D-95048128E4A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{781BC3BA-B39F-43CF-96F0-13E733ED2075}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{83A15E0A-2A60-4865-A452-028EBD9ED5AE}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{83B38E4D-B4F8-4D8A-9928-FF393831DDB2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{924F1177-3C84-49B9-80CB-ADDDC2862353}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AAA5B836-1CD0-4A4B-BAB4-D9B64A4D3C43}D:\program files\netcommy\netcommy.exe" = protocol=6 | dir=in | app=d:\program files\netcommy\netcommy.exe |
"TCP Query User{D4F45617-B12A-4493-A1F1-BC095D735EE7}D:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"TCP Query User{DAFB5FC9-A974-4FE4-A91B-C10F45E675F7}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{E3C68974-81CE-4651-9A9B-810811B24F1E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{E8C37F4E-EC7F-4533-851D-02FA1190CFAC}D:\program files\netcommy\netcommy.exe" = protocol=6 | dir=in | app=d:\program files\netcommy\netcommy.exe |
"TCP Query User{F15E12E7-0BB0-4B20-A258-89EDC6C5D200}C:\program files\apm planner\ardupilotmegaplanner10.exe" = protocol=6 | dir=in | app=c:\program files\apm planner\ardupilotmegaplanner10.exe |
"TCP Query User{F7E7CD97-C1D5-459D-A531-85122A0ECAA3}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{0B3FF12A-4257-44F8-BE08-43F033F9B79E}D:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe |
"UDP Query User{0EFB661D-39C1-4CBA-B41D-C05DF1960852}D:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=d:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{22D2C70F-D75B-472B-AC69-3B2B36C2425D}C:\program files\apm planner\ardupilotmegaplanner10.exe" = protocol=17 | dir=in | app=c:\program files\apm planner\ardupilotmegaplanner10.exe |
"UDP Query User{2528374E-F523-48DE-B4B9-F4A14D99C53B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{2B491EE1-5012-4AAF-89B8-89294E7175B2}D:\program files\netcommy\netcommy.exe" = protocol=17 | dir=in | app=d:\program files\netcommy\netcommy.exe |
"UDP Query User{2D41A54B-D1D1-4827-9A90-336373FDCC3A}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{30A93AE1-CBAD-46B7-B681-65571E57BFE8}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{317CF065-C65C-4535-93E4-814BDC84D0E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{3A84B6EA-F33E-4210-9586-D5F1A3DC6A99}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{3E76244C-96C2-49EA-8EE2-17137AD30318}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{402F8884-F988-483A-AB17-5D6927643736}X:\fsx\aerosoft\airbus x\airbusxconnect.exe" = protocol=17 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe |
"UDP Query User{4BAC178C-8AC0-4A2E-BB71-761F73B8432B}D:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{4F475238-25A2-46B2-A03D-F4BB4EC6B8C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{56268A59-A90D-4BB1-94B7-62A84DDB7899}D:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe |
"UDP Query User{5F85D056-1694-41F9-A040-F89B4BAC7370}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{882A0A0F-1E98-41B7-AA79-4DAAC9E39AB3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8DCA4174-8EA5-4B2D-8004-D834F0094743}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{91D47CDA-40AA-44FB-B50F-46181055F9A1}D:\program files\idisplay\idisplay.exe" = protocol=17 | dir=in | app=d:\program files\idisplay\idisplay.exe |
"UDP Query User{B7165220-5A9D-4CF0-94E9-39DD65E162DB}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B8DBB5C1-7CD0-4F0C-B52B-BA2CC1F7B57F}D:\program files\netcommy\netcommy.exe" = protocol=17 | dir=in | app=d:\program files\netcommy\netcommy.exe |
"UDP Query User{C9F985FD-E2BF-4F9B-94D5-6EEA9900E82B}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{CF6957E8-63D7-482B-BA5F-B896B19CCD1A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D380BC74-21AF-4B7B-B970-6660C0A0D147}D:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe |
"UDP Query User{D8A13A2F-4DD1-4FDA-8117-6402A378507A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DFC2CBF5-1B6B-4876-8286-9FFD23E85F3E}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"UDP Query User{E68B1C36-A389-4BB3-8B03-AE8C5C9A0673}D:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe |
"UDP Query User{F6416E5F-D574-4BAA-86A1-9C160B91AB97}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F727E7ED-DDAF-4180-993B-1BB1CCA7FA8B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02220E03-0B8C-44F5-8E20-AD8917AA6DD1}" = openAir2kml
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.8
"{07B30B65-6615-46CF-ABB2-4AD33B9CE87A}" = OutSync
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1" = HD2 Toolkit Version 4.1
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{16BF9FAA-2804-48A9-823F-87DFD06969E0}" = LX navigation LXE
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225B779B-94BA-4A83-9E11-6F1D99ECE7CD}" = Windchill ProductPoint Client Manager-2.0_2010.09.06.001
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2336573C-3213-48AA-A306-8309BA9BD92C}" = Aerosoft's - Airbus X
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2F4493E4-7237-4B2F-B693-B13BA827DBA7}" = Rhinoceros 4.0 Trainingsmaterial - Stufe 1
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{388BB822-33BF-4ED9-8A04-7007CC37A24E}" = REFLEX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{46181E57-7362-4FCC-A30E-6E31429E160F}_is1" = NaviComputer V0.95
"{4689C255-3373-4A61-8E3C-3E9C92EFA4E5}" = AeroFly Professional Deluxe
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{5BD1BBB6-DC09-420F-B459-DD61DD351541}" = aerosoft's - Menorca X for FSX
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64996B10-0B55-4625-A124-551CB65F09CE}" = aerosoft's - London City Airport X
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7668700F-1E1D-4E37-A7AE-29DFA7BE4B8F}" = eDocPrintPro v3.17.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F702E8C-D01F-4128-AD93-4A9AE07603A9}" = Aerosoft's - German Airfields FREE - Wasserkuppe
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{917FBB8E-C606-4ADD-9E5D-236646F5A1AA}" = PhoenixRC
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{990A2B02-0C8F-4BD4-989B-9F4561D8FAD2}" = RealFlight G5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4003C3C-30EF-41F6-87DD-33DDC471651C}" = Autodesk 123D Catch
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBA5E54-5B3C-11DE-BAEA-F9C855D89593}" = insight3d 0.3.2
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C0A6F8BF-2C50-4D70-B98E-590EA298E5A1}" = WinSpice v1.06.00
"{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CDDE8723-0D3C-4446-BFCC-6AFAED649A71}" = Mission Planner
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FDD9AD-F2FA-42D7-B4B6-43202C53F142}" = 'PTC Places' Namespace Shell Extension
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E630D30A-79EE-407A-8F51-9D57D1F45230}" = gs_x86
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EB2423B8-2060-4260-874B-3ED7A68D1275}" = FS Flight Keeper (3.0)
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE18E4CF-6732-470B-A526-3FE205AC69D5}" = CompanionLink
"{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{FB56079B-7D0C-4D1D-864A-09BA159CC31B}" = Active Sky Evolution
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF63DB41-2880-4C24-A06A-B8BF69B6406B}" = Unified Remote
"1C403B82E4E446F5F271843776F81232792700B4" = Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports (11/15/2012 5.1.2600.0)
"7-Zip" = 7-Zip 9.20
"ABViewer 7_is1" = ABViewer 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Condor: The Competition Soaring Simulator" = Condor: The Competition Soaring Simulator 1.1.2
"D4BE65E2BB029E9D50B48199CCFFE66D0F514A27" = Windows-Treiberpaket - 3D Robotics (usbser) Ports (03/28/2013 1.6.2.0)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"DivX Setup.divx.com" = DivX-Setup
"doubleTwist" = doubleTwist
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"EasternAlps Scenery" = EasternAlps Scenery 2.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"f1mustang_FSX" = Flight1 Citation Mustang
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.7.0.1
"FinePrint" = FinePrint
"Flamingo 1.1" = Flamingo 1.1
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FlightGear_is1" = FlightGear 2.10.0.3
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Google Calendar Sync" = Google Calendar Sync
"Ground Environment X Europe" = Ground Environment X Europe
"Hugin" = Hugin 2011.0.0
"iDisplay_is1" = iDisplay 2.0.0
"IGC GE Flight_is1" = IGC Flight Replay 1.0
"ImgBurn" = ImgBurn
"InstallShield_{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"JDownloader" = JDownloader
"KeyShot2" = KeyShot2 2.3 32 bit
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.8
"LX Styler_is1" = LX Styler
"MatlabR2011a" = MATLAB R2011a
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"NetCommy_is1" = NetCommy 1.14
"nHancer" = nHancer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"openAir2kml" = openAir2kml
"OpenAL" = OpenAL
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Rhinoceros 3.0" = Rhinoceros 3.0
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SeeYou Mobile" = SeeYou Mobile
"SeeYou_is1" = SeeYou Version 4.22
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TS3 Overlay" = TS3 Overlay
"VAIOSoft Recovery Manager" = VAIOSoft Recovery Manager
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR
"wxdevcpp" = wxDev-C++ 7.3.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aerosoft Mega Airport Munich v 1.00 for FSX" = Aerosoft Mega Airport Munich v 1.00 for FSX
"Dropbox" = Dropbox
"FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279
"GeoGebra WebStart" = GeoGebra WebStart
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Spotify" = Spotify
"Titan Casino" = Titan Casino
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8143
Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8143
Error - 28.05.2013 22:50:46 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files\CompanionLink\ClxMapi64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.05.2013 22:53:18 | Computer Name = Martin-PC | Source = System Restore | ID = 8193
Description =
Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030
Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030
Error - 30.05.2013 05:38:32 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files\CompanionLink\ClxMapi64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.05.2013 05:42:48 | Computer Name = Martin-PC | Source = System Restore | ID = 8193
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 30.05.2013 05:06:41 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:41 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ OSession Events ]
Error - 25.01.2011 19:33:57 | Computer Name = Martin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3752
seconds with 1560 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25.05.2013 03:35:56 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR32
gefunden.
Error - 26.05.2013 05:27:30 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 26.05.2013 05:27:30 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 26.05.2013 05:27:31 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 26.05.2013 05:27:31 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 26.05.2013 05:27:32 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 27.05.2013 01:14:52 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
Error - 27.05.2013 01:14:53 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
Error - 27.05.2013 01:14:53 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
Error - 27.05.2013 01:14:54 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
< End of report >
Code:
ATTFilter OTL logfile created on: 30.05.2013 15:27:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,01% Memory free 8,25 Gb Paging File | 6,27 Gb Available in Paging File | 76,03% Paging File free Paging file location(s): c:\pagefile.sys 5120 6144i:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 90,52 Gb Total Space | 33,37 Gb Free Space | 36,87% Space Free | Partition Type: NTFS Drive D: | 295,37 Gb Total Space | 66,80 Gb Free Space | 22,62% Space Free | Partition Type: NTFS Drive X: | 79,87 Gb Total Space | 32,46 Gb Free Space | 40,64% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - X:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () PRC - C:\Windows\System32\lxbucoms.exe ( ) ========== Modules (No Company Name) ========== MOD - D:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - D:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Java\jre7\bin\jp2native.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU () ========== Services (SafeList) ========== SRV - (mi-raysat_3dsmax9_32) -- D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (GsServer) -- D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (nHancer) -- X:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (BBDemon) -- D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (mi-raysat_3dsmax2010_32) -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( ) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (DxkgFilter) -- D:\Program Files\iDisplay\idisplay.sys () DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.at/ [binary data] IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 6D 55 81 97 BB CB 01 [binary data] IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT" FF - prefs.js..extensions.enabledAddons: linky%40gemal.dk:3.0.0 FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:2.8.5 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.24 09:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.24 09:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.05.24 16:38:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.05.24 16:38:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.05.24 16:38:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.05.24 16:38:38 | 000,000,000 | ---D | M] [2011.01.24 09:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2013.05.23 23:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions [2013.03.12 16:55:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013.05.07 22:35:16 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\foxyproxy@eric.h.jung [2011.02.17 00:36:55 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\linky@gemal.dk [2013.05.07 22:35:11 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2011.03.04 00:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\rypciewz.default\extensions [2011.03.04 00:19:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\rypciewz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.24 23:34:11 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\youtube2mp3@mondayx.de.xpi [2011.12.08 19:42:35 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013.05.09 20:29:38 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.23 23:39:39 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.08 07:28:48 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.01.20 16:35:01 | 000,002,059 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\daemon-search.xml [2013.05.30 11:09:56 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-1.xml [2011.04.30 21:09:36 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-2.xml [2011.05.05 23:06:57 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-3.xml [2011.06.21 06:52:49 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-4.xml [2011.08.19 15:15:09 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-5.xml [2011.09.12 23:04:33 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-6.xml [2011.03.25 15:37:06 | 000,001,056 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin.xml [2012.08.20 01:55:49 | 000,003,915 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\sweetim.xml O1 HOSTS File: ([2011.01.24 21:36:54 | 000,001,730 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 4 more lines... O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Programme\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Spotify Web Helper] C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Zaemectiot] C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe (Sysinternals - www.sysinternals.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA416F6-55F8-461A-B1D4-A0FB030B6945}: NameServer = 212.18.3.5 212.18.0.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06AFEE5-B9BC-4DB3-A216-146EB60EC29B}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9d2bd751-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bd751-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{9d2bd75d-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bd75d-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{9d2bd769-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bd769-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{cf19e7c0-56a6-11e0-b760-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{cf19e7c0-56a6-11e0-b760-0023549c1a34}\Shell\AutoRun\command - "" = S:\AutoRun.exe O33 - MountPoints2\{f82bf3ed-53b7-11e1-b4ff-0023549c1a34}\Shell - "" = AutoRun O33 - MountPoints2\{f82bf3ed-53b7-11e1-b4ff-0023549c1a34}\Shell\AutoRun\command - "" = J:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 21:30:18 | 000,000,000 | ---D | C] -- D:\Dokumente\XCSoarData [2013.05.25 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\FileZilla [2013.05.25 13:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.05.22 16:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.22 16:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.05.22 16:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Yqzi [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Quit [2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Ehma [2013.05.12 18:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.8 [2013.05.12 18:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.8 [2013.05.12 17:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD2 Toolkit [2013.05.12 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\HD2 Toolkit [2013.05.11 13:50:25 | 000,000,000 | ---D | C] -- D:\Dokumente\HTC HD2 Android [2013.05.11 12:20:09 | 000,000,000 | ---D | C] -- D:\Dokumente\WhatsApp [2013.05.08 21:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.08 21:10:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.08 21:10:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.08 21:10:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.08 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\insight3d [2013.05.08 20:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\insight3d [2013.05.08 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk [2013.05.08 17:04:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SmartFTP Client 4.1 Setup [2013.05.07 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\Downloads [2013.05.07 22:44:12 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.02 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\flightgear.org [2013.05.02 22:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org [2013.05.02 22:56:55 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2013.05.02 22:56:55 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2013.05.02 22:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2013.05.02 22:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.10.0.3 [2013.04.30 17:59:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\GMap.NET [2013.04.30 17:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2013.04.30 17:57:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APM Planner [2013.04.30 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\APM Planner [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Martin\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Martin\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Martin\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Martin\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2013.05.30 15:21:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.30 14:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.30 11:12:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.30 11:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 16:20:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 16:20:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 16:13:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.05.28 16:12:56 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2013.05.26 13:32:55 | 000,000,976 | ---- | M] () -- C:\Users\Martin\Desktop\Adobe Dreamweaver CS3 - 32bit.lnk [2013.05.26 13:25:09 | 000,000,810 | ---- | M] () -- C:\Users\Martin\Desktop\FileZilla.lnk [2013.05.25 19:03:51 | 000,064,640 | ---- | M] () -- D:\Dokumente\Kontakte Stand 25.05.2013.CSV [2013.05.25 19:03:49 | 000,038,431 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2013.05.22 20:13:16 | 000,025,387 | ---- | M] () -- D:\Dokumente\Penzberg, Deutschland nach Wirtschaftskammer Wien - Google Maps.pdf [2013.05.22 16:26:02 | 000,001,550 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.15 21:46:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 21:46:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.12 18:19:05 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk [2013.05.11 17:44:57 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.11 17:44:57 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.11 17:44:57 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.11 17:44:57 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.10 21:33:06 | 000,001,237 | ---- | M] () -- C:\Users\Martin\Desktop\VisualSFM_win32.exe - Verknüpfung.lnk [2013.05.08 22:06:14 | 000,017,698 | ---- | M] () -- D:\Dokumente\Bestellnummer_ 22368.pdf [2013.05.08 22:05:30 | 000,067,429 | ---- | M] () -- D:\Dokumente\Ülis Segelflugbedarf - FLARM Competence Center.pdf [2013.05.08 19:53:37 | 000,001,825 | ---- | M] () -- C:\Users\Martin\Desktop\Autodesk 123D Catch.lnk [2013.05.07 22:43:55 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.07 20:27:50 | 000,001,094 | ---- | M] () -- C:\Users\Martin\Desktop\minecraft.bat - Verknüpfung.lnk [2013.05.04 20:53:16 | 000,000,840 | ---- | M] () -- C:\Users\Martin\Desktop\SeeYou.lnk [2013.05.02 22:56:55 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2013.05.02 22:56:55 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2013.05.02 22:56:10 | 000,000,835 | ---- | M] () -- C:\Users\Martin\Desktop\FlightGear 2.10.0.3.lnk [2013.04.30 17:59:36 | 000,001,068 | ---- | M] () -- C:\Users\Martin\Desktop\Mission Planner Mav 1.0.lnk ========== Files Created - No Company Name ========== [2013.05.26 16:21:05 | 000,000,000 | ---- | C] () -- C:\Windows\cs3marked64 [2013.05.26 13:25:09 | 000,000,810 | ---- | C] () -- C:\Users\Martin\Desktop\FileZilla.lnk [2013.05.25 19:03:46 | 000,064,640 | ---- | C] () -- D:\Dokumente\Kontakte Stand 25.05.2013.CSV [2013.05.22 20:13:16 | 000,025,387 | ---- | C] () -- D:\Dokumente\Penzberg, Deutschland nach Wirtschaftskammer Wien - Google Maps.pdf [2013.05.22 16:26:02 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.12 18:19:12 | 002,888,384 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2013.05.12 18:19:12 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2013.05.12 18:19:08 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2013.05.12 18:19:05 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk [2013.05.10 21:33:06 | 000,001,237 | ---- | C] () -- C:\Users\Martin\Desktop\VisualSFM_win32.exe - Verknüpfung.lnk [2013.05.08 22:06:14 | 000,017,698 | ---- | C] () -- D:\Dokumente\Bestellnummer_ 22368.pdf [2013.05.08 22:05:30 | 000,067,429 | ---- | C] () -- D:\Dokumente\Ülis Segelflugbedarf - FLARM Competence Center.pdf [2013.05.08 19:53:37 | 000,001,825 | ---- | C] () -- C:\Users\Martin\Desktop\Autodesk 123D Catch.lnk [2013.05.02 22:56:10 | 000,000,835 | ---- | C] () -- C:\Users\Martin\Desktop\FlightGear 2.10.0.3.lnk [2013.04.30 17:59:36 | 000,001,068 | ---- | C] () -- C:\Users\Martin\Desktop\Mission Planner Mav 1.0.lnk [2013.04.04 18:26:06 | 000,038,431 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.07.09 23:28:25 | 000,000,335 | ---- | C] () -- C:\Users\Martin\AppData\Local\Perfmon.PerfmonCfg [2012.06.26 00:45:25 | 000,199,312 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\csio.dll [2012.03.18 23:18:53 | 000,038,434 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012.03.18 23:17:42 | 000,038,435 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.02.28 21:10:33 | 000,001,434 | ---- | C] () -- C:\Users\Martin\AppData\Local\RecConfig.xml [2012.02.23 14:41:57 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI [2012.02.23 14:41:33 | 000,000,341 | ---- | C] () -- C:\Windows\RECMGRUN.INI [2012.02.23 14:40:52 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI [2011.10.24 07:11:40 | 000,000,400 | ---- | C] () -- C:\Windows\g_nhqnsp300.ini [2011.10.24 07:11:40 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bhtrugl705.dat [2011.10.22 11:24:20 | 000,805,895 | ---- | C] () -- C:\Users\Martin\cdlabel.jpg [2011.09.24 23:42:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.03.28 20:01:28 | 000,000,406 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\gnuplot_history [2011.01.24 09:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Martin\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Martin\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.30 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft [2012.03.03 21:48:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.Nitrous [2012.11.30 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.techniclauncher [2012.11.28 23:38:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Arduino [2013.05.08 19:53:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Autodesk [2012.07.06 23:54:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\benibela [2011.04.08 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BOM [2011.10.19 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon [2011.03.13 10:40:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CompanionLink [2012.02.10 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite [2011.03.28 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DassaultSystemes [2011.05.03 20:14:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dev-Cpp [2013.05.28 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox [2013.05.17 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ehma [2013.05.27 19:29:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FileZilla [2011.02.23 09:49:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Flight1 [2013.05.02 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\flightgear.org [2013.01.09 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Freeplane [2012.11.06 00:08:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fritzing [2011.01.24 09:24:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GetRightToGo [2013.01.07 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GoodSync [2011.02.25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HiFi [2013.04.25 19:43:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IGCGeFlight [2011.10.27 18:59:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ImgBurn [2012.12.30 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\JabRef 2.9 [2011.02.08 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LegalSounds [2011.01.24 09:36:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Local [2011.02.27 10:48:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mathsoft [2013.05.21 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MyPhoneExplorer [2011.09.24 23:40:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenCandy [2011.09.27 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Outlook [2011.02.27 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PTC [2011.10.29 21:19:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\pymclevel [2013.05.30 15:10:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Quit [2012.01.28 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SHAPE Services [2011.05.19 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Soft Gold [2013.05.29 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spotify [2011.11.10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer [2013.03.03 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX [2013.05.25 19:00:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client [2011.09.27 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ts3overlay [2011.01.25 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2011.03.26 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft [2012.05.03 00:09:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unified Remote [2012.11.24 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\xm1 [2013.05.17 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Yqzi ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:74603393 < End of report > Gruß, Martin |
| Themen zu Online Banking gesperrt - Schadsoftware |
| 7-zip, avira, banking, bho, bonjour, canon, desktop, error, excel, failed, fehler, flash player, google, helper, home, hängen, install.exe, logfile, monitor.exe, mozilla, msiexec.exe, myphoneexplorer, object, online, plug-in, problem, registry, scan, schadsoftware, security, senden, server, sketchup, spotify web helper, svchost.exe, taskhost.exe, teamspeak, visual studio, windows |
Baum-Darstellung