Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FBDownloader wieder entdeckt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.07.2013, 11:19   #1
Galaxyman20
 
FBDownloader wieder entdeckt - Unglücklich

FBDownloader wieder entdeckt



hallo,

früher (ca.vor 5 monaten) hatte ich schonmal probleme mit dem fbdownloader. jede neue seite im browser war search.fbdownloader.com und bei jedem neustart erscheinte ein pop-up, das mir sagte, ich hab meine startseite geändert und wenn ich auf abbrechen drücke wird sie wieder auf search.fbdownloader.com gesetzt. ich habe einige anleitungen aus dem internet befolgt, und ein paar einstellungen bei about:config in firefox geändert und fbdownloader war dann auch weg. das dachte ich zumindest. heute habe ich nämlich bei der taskleiste (rechts bei den kleinen symbolen) auf anpassen gedrückt und was ich dann sah: "FBDownloader Updater". :O
jetzt weiss ich, dass ich ihn nicht richtig entfernt habe, und nun habe ich angst, dass er zurückkommen könnte.
ich habe windows 7.

ich hoffe, dass mir jemand helfen kann.

Geändert von Galaxyman20 (03.07.2013 um 12:10 Uhr)

Alt 03.07.2013, 11:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 03.07.2013, 11:54   #3
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



habe noch ein älteres logfile von MBAM:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
multimedia :: VULKANO82 [Administrator]

03.06.2013 08:09:46
mbam-log-2013-06-03 (08-09-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 475321
Laufzeit: 3 Stunde(n), 40 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\multimedia\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\Users\multimedia\AppData\Roaming\dclogs\2012-11-24-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 03.07.2013, 12:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2013, 12:34   #5
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



OTL.txt
Code:
ATTFilter
OTL logfile created on: 03.07.2013 13:16:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\multimedia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 55,51% Memory free
7,49 Gb Paging File | 5,24 Gb Available in Paging File | 69,93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,87 Gb Total Space | 198,83 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive D: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VULKANO82 | User Name: multimedia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\multimedia\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (SolutoLauncherService) -- C:\Programme\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Programme\Soluto\SolutoService.exe (Soluto)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (SaiK0CCB) -- C:\Windows\SysNative\drivers\SaiK0CCB.sys (Saitek)
DRV:64bit: - (SaiU0CCB) -- C:\Windows\SysNative\drivers\SaiU0CCB.sys (Saitek)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (tenCapture) -- C:\Windows\SysNative\drivers\tenCapture.sys (Hajo Krabbenhöft)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 28 7E 5E 13 6C CE 01  [binary data]
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{1AADEE04-DDB2-476D-986F-F34FB4A571F4}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVED_enDE429
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{7CC01521-91BE-4D2D-9293-17522A90CB86}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{8ED16244-A149-4B28-878E-2ADA2AE868CF}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{B9E1D707-7F9F-445C-A371-17B0FC05996E}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8uMViANz&i=26
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\multimedia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\MULTIM~1\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.25 14:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.25 14:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.25 14:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.25 14:48:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.25 14:48:30 | 000,000,000 | ---D | M]
 
[2013.05.27 13:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.22 20:55:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.22 20:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.22 20:55:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.05.13 19:00:52 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll
[2011.09.02 17:38:42 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.gronkh.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.752 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv530.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\multimedia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: AdBlock = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Minecraft = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkphehjjbgfckcgpcggpecjmbnifpejn\1_0\
CHR - Extension: Convert YouTube to MP3 = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\noibmlfclijjipjajmgfgejgcaioholk\1.4_0\
CHR - Extension: YouTube Unblocker = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0\
CHR - Extension: Google Mail = C:\Users\multimedia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.04 08:55:41 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\Toolbar\WebBrowser: (no name) - {1CE76C93-A797-4CA2-AB3C-F4A6CFBA3440} - No CLSID value found.
O3 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000..\Run: [DataMgr] C:\Users\multimedia\AppData\Roaming\DataMgr\datamgr.exe (HTTO Group, Ltd.)
O4 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000..\Run: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SDB92.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3837161293-2504035848-2858964587-1000\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A35F455B-5668-4676-9BE3-74A32BB9A2C8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.05 12:56:44 | 000,000,061 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7a6f8d2f-6c19-11e0-95a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a6f8d2f-6c19-11e0-95a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe -- [2009.05.05 13:51:42 | 000,267,560 | R--- | M] (Travellers Tales (UK) Ltd)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.03 13:15:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\multimedia\Desktop\OTL (1).exe
[2013.07.03 11:51:21 | 000,107,376 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\Vxdif.dll
[2013.07.03 11:51:19 | 000,316,024 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\drivers\Apfiltr.sys
[2013.07.03 11:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.07.03 11:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.07.02 18:40:06 | 000,000,000 | ---D | C] -- C:\AMD
[2013.07.02 18:38:26 | 003,837,440 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.07.02 18:35:40 | 000,849,992 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013.07.02 18:35:40 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2013.06.27 21:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.06.24 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\multimedia\AppData\Local\GameMaker8.1
[2013.06.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Users\multimedia\AppData\Local\YoYo_Games_Ltd
[2013.06.24 17:44:02 | 000,000,000 | ---D | C] -- C:\Users\multimedia\GameMaker 8.1
[2013.06.24 17:44:02 | 000,000,000 | ---D | C] -- C:\Users\multimedia\AppData\Roaming\GameMaker
[2013.06.23 22:05:26 | 000,000,000 | ---D | C] -- C:\Dosgames
[2013.06.23 16:30:46 | 000,000,000 | ---D | C] -- C:\Users\multimedia\VirtualBox VMs
[2013.06.23 16:26:27 | 000,000,000 | ---D | C] -- C:\Users\multimedia\.VirtualBox
[2013.06.23 15:51:14 | 000,000,000 | ---D | C] -- C:\Users\multimedia\AppData\Local\DOSBox
[2013.06.23 15:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2013.06.23 15:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2013.06.23 13:07:03 | 000,000,000 | ---D | C] -- C:\Users\multimedia\Documents\AntiVirus Extream 2013
[2013.06.23 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\solicus
[2013.06.22 20:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2013.06.22 20:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2013.06.22 15:17:24 | 000,000,000 | ---D | C] -- C:\Users\multimedia\Documents\MAGIX_MxTray
[2013.06.22 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\multimedia\AppData\Roaming\MAGIX
[2013.06.22 14:51:13 | 000,000,000 | ---D | C] -- C:\Users\multimedia\Documents\OnDemandDump
[2013.06.22 14:51:13 | 000,000,000 | ---D | C] -- C:\Users\multimedia\Documents\CrashLog
[2013.06.22 14:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.06.22 14:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.06.21 18:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.06.21 16:00:16 | 000,131,856 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2013.06.21 11:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013.06.19 20:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.06.15 23:06:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 23:06:27 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.15 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\multimedia\AppData\Roaming\.mono
[2013.06.15 19:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KSP
[2013.06.15 17:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2013.06.15 17:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2013.06.13 20:21:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.13 20:21:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.13 20:21:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.13 20:21:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.13 20:21:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.13 20:21:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.13 20:21:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.13 20:21:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.13 20:21:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.13 20:21:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.13 20:21:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.13 20:21:48 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.13 20:21:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.13 13:31:47 | 000,000,000 | ---D | C] -- C:\Users\multimedia\Documents\PAK128.german
[2013.06.13 13:22:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.13 13:22:32 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.13 13:22:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.13 13:22:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.13 13:22:23 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.13 13:22:18 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.13 13:22:18 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.13 13:22:18 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.13 13:22:18 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.13 13:22:17 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.13 13:22:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.13 13:22:08 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.13 13:22:08 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.09 14:07:13 | 000,000,000 | ---D | C] -- C:\Users\multimedia\.gimp-2.8
[2013.06.09 14:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.03 13:15:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\multimedia\Desktop\OTL (1).exe
[2013.07.03 12:56:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.03 12:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.03 12:46:40 | 000,000,000 | ---- | M] () -- C:\Users\multimedia\defogger_reenable
[2013.07.03 12:01:53 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 12:01:53 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.03 11:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.02 18:48:20 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.02 18:48:20 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.02 18:48:20 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.02 18:48:20 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.02 18:48:20 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.01 16:37:04 | 000,484,992 | ---- | M] () -- C:\Users\multimedia\Desktop\Minecraft.exe
[2013.06.26 13:41:52 | 000,291,404 | ---- | M] () -- C:\test.xml
[2013.06.22 20:51:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.22 20:51:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.22 19:54:24 | 000,028,074 | ---- | M] () -- C:\Users\multimedia\AppData\Local\recently-used.xbel
[2013.06.21 18:55:28 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.06.21 16:00:16 | 000,131,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2013.06.20 12:24:12 | 000,477,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.19 08:53:42 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.06.17 17:49:38 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.17 08:30:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2013.06.13 13:25:47 | 003,245,354 | ---- | M] () -- C:\Program Files (x86)\wenquanyi_9pt.bdf
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.03 12:46:40 | 000,000,000 | ---- | C] () -- C:\Users\multimedia\defogger_reenable
[2013.07.01 16:36:52 | 000,484,992 | ---- | C] () -- C:\Users\multimedia\Desktop\Minecraft.exe
[2013.06.22 19:54:24 | 000,028,074 | ---- | C] () -- C:\Users\multimedia\AppData\Local\recently-used.xbel
[2013.06.21 18:55:28 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.06.19 20:06:01 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.06.17 08:30:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2013.06.14 13:52:35 | 000,001,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.06.13 13:22:29 | 003,245,354 | ---- | C] () -- C:\Program Files (x86)\wenquanyi_9pt.bdf
[2013.06.09 14:07:01 | 000,000,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.10.28 13:49:19 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.05.25 19:27:32 | 000,000,094 | ---- | C] () -- C:\Users\multimedia\.gtk-bookmarks
[2012.03.22 16:02:59 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.03.18 14:34:06 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.03.06 17:53:16 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\VideoConverter_sysquict.dat
[2012.02.03 20:59:48 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.07 10:59:46 | 000,017,408 | ---- | C] () -- C:\Users\multimedia\AppData\Local\WebpageIcons.db
[2011.09.08 18:16:29 | 000,120,320 | ---- | C] () -- C:\Users\multimedia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.20 15:33:01 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.07.10 15:45:09 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.10 15:45:08 | 000,002,339 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.04 19:17:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.07.04 18:53:09 | 000,000,760 | ---- | C] () -- C:\Users\multimedia\AppData\Roaming\setup_ldm.iss
[2011.04.21 15:42:09 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 03.07.2013 13:16:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\multimedia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 55,51% Memory free
7,49 Gb Paging File | 5,24 Gb Available in Paging File | 69,93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,87 Gb Total Space | 198,83 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive D: | 4,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: VULKANO82 | User Name: multimedia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0386F54C-5A63-42E2-AD44-BADB46810DD0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{04006B2C-9497-4084-8AE4-FFCA85E42F77}" = lport=25565 | protocol=17 | dir=in | name=minecraft-server 2 | 
"{0CF248C9-7470-48EC-A6B7-55D75E53BF4B}" = lport=25565 | protocol=6 | dir=in | name=minecraft-server | 
"{31E7F530-DBAC-4080-B056-D8814762F670}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3301DA2C-169D-4E4B-B7BA-9D5D83744A1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EDCC8C3-6C1A-47F8-92D1-C7A157B39E0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4110C683-189F-4296-97D1-DD7EB03D5370}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4608395E-EAF1-4FC4-A987-293F5EA86B60}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5C52EB55-6856-4A93-8BA7-BE22BC67227F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7274A101-DAA1-4F8B-8C21-38DFA4151C74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{88E3F7AD-2F76-40FB-80D1-206EB23FC284}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8BA5FB94-B137-49A2-AD96-EC9B80DB4EE2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{998D15F0-AD8D-4D21-B18F-7200D9E80F7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB44BF1D-5792-4636-BC5B-17653ACBEE10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB874D2D-B66B-4B9C-B22C-AB71F7DF04B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C356AFD5-9758-45A2-A866-D4443A26CB6A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C977B187-1DF4-46E2-9F94-F9F5A3F57625}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CBE3E916-4A25-40B2-BEED-640FAB86457E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{CE664B47-291A-4517-A2E6-A8FE851B229B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D136E8C2-9286-4A31-8666-416936304F4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5A030DD-3B21-4899-BB7E-31AF9519E5A2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DA1CDBD7-919B-41E4-BFED-CF910A280F78}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E9E66074-24E0-4F24-849E-D916888146DE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F5F3CE0C-11D8-4198-BE8D-31FA49E5CD5D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F66F4903-CE19-40E4-B23A-19B5C2DB7640}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF551309-D3A4-4C0D-9BE6-594A3D4ECF92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DA830F-41EF-4E9C-9C32-15E2E44E6C8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AC2795D-E640-4B6C-AEFE-BF8CF0914634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21F173C1-35F7-4F0E-843F-65D1B9C5C802}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{235F4389-C244-4FDA-91CB-D4FA0F63DC35}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{259418A3-2D2D-457D-8E86-7F463FD78B87}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{2B96DBB2-5B72-4075-BD85-4C21972DA7A5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2FB34FBB-CC1E-467A-BC72-E94D822D26B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3AF909A7-E2DC-44FA-B23B-FA2E183D2494}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3BF5EB85-51E4-41B9-9B21-C85A200CFE3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C5D7D03-8E94-4CF9-A4C7-691D82AEE272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46F43CA3-50E8-428F-BA76-E0558648A339}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{4B77D631-A5EB-4F51-9FA3-D6C60076F435}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5157EDB1-2723-4343-BDEA-12EA128E0EC8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{51D445C6-C540-4314-A258-E0C6ACD55843}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{59A2E0B8-5E8C-4E94-AC3D-32A350E34098}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{65454377-7410-45A0-87A9-D3015172DF85}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe | 
"{69A15707-3079-43BE-ADB2-98F94D590D1C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{69AEC758-F8D1-472E-B624-6150D6DEDA68}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7CFC8CB8-7B67-45ED-81ED-D6F39D1BE216}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7D66D715-6347-4E93-A8AF-2FC8FE7B5B83}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{802FE770-5E09-43F1-A88D-AB76ADF28D8D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{85A0192D-7F0F-46C7-8640-883B117553BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86546E40-6B2F-4B4B-B228-CFC3A4D841C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A786064-9A48-4E4A-9A73-8C63EF2C4A36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8D2AA2C5-7E48-4B98-94F1-9BA706D2EFBF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8EDBD29A-54EF-49FA-8580-959CDE7640AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9363B36B-5D96-4892-B837-62439F631AF4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9428CEBE-633F-4C9D-B0F8-BD59E513EA43}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{987BFA19-E98F-4BED-BAAC-3404A4ABA2AB}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe | 
"{AF265B7F-04C1-4D2A-B735-57E81E343B6C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B0F32199-5C57-4301-8356-D69F5E7C9216}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B746EBFA-980A-4F31-91BB-17644A1C1BED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B88EB4F2-5534-494C-A5CB-A8FD9BE0D2C6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{C469DC47-29AD-438B-AFF6-33332A35B763}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C73BE3D7-C400-4646-8FDA-19EC7536D812}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CC5C46A8-76C7-4C21-BFF1-B2C0E8206407}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D121B559-DFFB-44E9-98E7-847180C17F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D2DBCA15-6EC9-4102-B8B4-E25D9258509B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5B516AF-6F2D-4099-A241-9A05AC9C1BB0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe | 
"{D657575F-D298-4800-808D-022675C3A610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE2565AC-3170-470B-9FA6-F2AB963A1DC5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E1BE20A1-21CF-4CEC-826B-C152B0F213A9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe | 
"{EB0A0E7B-C89A-444F-B535-5102828E563F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC85DC9F-C060-4A03-A0B0-5FFD453056D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F6E59929-50D3-43B2-8FE7-A6AAF4806E90}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F7982282-E2A6-4494-947E-6AB984956DC9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe | 
"{FD717125-9F46-4C40-8798-DBEFB4697C57}" = protocol=6 | dir=out | app=system | 
"{FDF64B8D-7BEC-4D79-B128-4922DF5868A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{0189F497-CA4F-4410-9F79-081E93457C01}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{019B0491-38A1-4DDD-97D9-2F95AA7E3809}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{0679EC9E-26BE-441A-B388-9D489F2BEA85}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{0B3FA96B-2F2C-49D9-ADDC-5B0DA0FC8FE6}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{1CA3B6C8-398A-4BC2-9896-B864AEA3E3CF}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{2E2107C5-6FCF-45B8-B5AB-C55980A07087}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{7059C004-B8EE-4976-AC0B-F6FA0705D728}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{72C44185-9718-4E47-B67E-EF0266063E81}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"TCP Query User{8F53A3FE-AF85-42E9-B9C0-AFF0085E847B}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{978383DC-DB62-4ABA-A5E4-6C5E590843D3}C:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe | 
"TCP Query User{A122B942-3926-4759-A76D-C118C381EFDA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B349D102-EE54-49D6-A049-5719F49D1DBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{EED801C7-CD64-43C7-B198-40027AF1EC29}C:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe | 
"TCP Query User{F753519D-6FCC-441B-BCD6-2CB91691791E}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"TCP Query User{FF4FD776-164A-43D5-8290-28D6DF7057B1}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{0290F3BB-A9CE-46DC-BA5F-937D84ACC05C}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{0B7AD9A3-EFC6-4F3C-BE66-26890F13CF54}C:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe | 
"UDP Query User{154E3337-CDEB-4841-AE6C-9F5618ECE321}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{201F912E-77A1-41C3-89DC-C0F6A5F771D0}C:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_04\jre\bin\javaw.exe | 
"UDP Query User{5ACD792C-FFA3-4FF3-9854-A45BA1DBAD77}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{605FCB36-2198-4258-BB91-E82FD2C52330}C:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{6411673D-70D4-4356-9D36-439825948426}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6F494285-0B67-4F03-9F14-4189775BF86F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{8895DA9C-CFA9-49B3-9712-AED8105340E1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{B4A57173-EAB9-40EE-90FF-C44CE2A25D28}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B67F94B9-D2F5-4C18-A3BA-C8FDF84B8F2A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{CFDF755F-21A7-4726-9512-E111D007D310}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{D65223D4-BF2D-4A86-B4F1-53B2B5865609}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{EC7CB2E2-1E2E-4192-85AE-BD22CA98E2B4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{FB773212-3091-4B4F-8F11-F3D5C60C3AD4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21 (64-bit)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7BF099BD-10EE-4B04-A195-CAE2742C943E}" = Setup_VEP_x64
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{93D17967-5683-C13A-618A-B3450604C49F}" = ccc-utility64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{E3221314-64D7-476C-B33A-04EE6C48430B}" = Soluto
"{F31F1F66-5685-4C21-906E-20CB74C7BCDF}" = Smart Technology Programming Software 7.0.24.8
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FED99701-A3A5-CE6B-4D04-DECF94784B89}" = ATI Catalyst Install Manager
"22E9BDA3055D3CF9D7BBF6DE1E6ED6BD4AA20F30" = Windows-Treiberpaket - Qualcomm Atheros Communications Inc. Net  (12/20/2012 10.0.0.222)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"CCE36AEB18DE386BC572E0CC545EF2D4B081D2F5" = Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net  (12/20/2012 10.0.0.222)
"CCleaner" = CCleaner
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{06104EB1-967F-B7FB-0462-7412FC41FCB7}" = CCC Help Greek
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B8A74C0-67FF-955F-8875-0D3BFB3212B2}" = Catalyst Control Center Localization All
"{10E402DF-BF76-F1D8-FE5D-34BD0E3583C3}" = CCC Help Finnish
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}" = Reader for PC
"{135F66BD-34FD-42A9-D673-81222A0894A3}" = CCC Help Japanese
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1DDCE98D-822A-70D5-E4C7-856EF821C7DA}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28407C82-2730-D107-606C-EAC5AB783EEA}" = Catalyst Control Center Graphics Full New
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{31CE8192-EA0D-64FE-44A6-40D734E38EEC}" = CCC Help Chinese Traditional
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{33339326-BC0E-7C60-A791-12B4AB2A0400}" = CCC Help Dutch
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35A752A8-0944-187D-6EFD-39EE0C55D72A}" = Catalyst Control Center Graphics Previews Common
"{35D112C4-9AB9-61DB-E0A4-F710F8D5325B}" = CCC Help Danish
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F9CFC1F-6F82-EB76-D329-AA36B1B5B7D6}" = CCC Help English
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5114A61F-F081-D40E-1C46-ECF0EF28A447}" = ccc-core-static
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A59F3D7-4958-BA8C-452C-0C24EE70E9BB}" = CCC Help Hungarian
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63059735-CA97-FDFB-0E7A-3B8D81572EFD}" = Application Profiles
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
"{653B181B-1A7E-E83B-6F1C-E1857FF871E4}" = CCC Help Norwegian
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73552E64-2A9B-860C-1230-BD49FC5302A8}" = Catalyst Control Center Core Implementation
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D0CA2AD-3A7D-AAC4-9485-C4A9CDEB9AA2}" = CCC Help Italian
"{7FC5979A-DE2B-0000-DFE6-0B423C151F5B}" = CCC Help Russian
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8594B956-55D6-DAA0-405D-A84D92198CBA}" = CCC Help Turkish
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884498F9-3430-A5AD-E518-6CDBD1E2C2C6}" = CCC Help Thai
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{94167E23-CADF-A30C-2962-C769FCAFCA00}" = CCC Help Korean
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A86CB6C-B3AE-D212-7310-711CC4B72DE3}" = Catalyst Control Center Graphics Full Existing
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8A4A406-4127-CCB2-7249-7E84F27B59E6}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B22615EE-2963-CB47-E043-B0BCC322A628}" = CCC Help Spanish
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4320558-EC97-3860-9C25-E8E2E9D490C8}" = CCC Help French
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8A09003-7FAB-4D48-99DD-DC2A734EC9FA}" = Remote Play with PlayStation 3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCCB84FD-C8EC-ECA1-70C3-A429CBD1E64E}" = Catalyst Control Center Graphics Previews Vista
"{CF214A6D-3290-1EAC-C33D-2CB0C867F551}" = CCC Help Swedish
"{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD2781E9-C64C-EC9D-3147-9D19495BDFD4}" = CCC Help Polish
"{DD6033FA-AA60-D93A-3E24-1787707C681B}" = Catalyst Control Center InstallProxy
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4D0AD3B-0496-68DC-B093-2DF506988E99}" = CCC Help Chinese Standard
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
"{E9FE79DA-E79B-A2DB-1178-74C6881C6521}" = CCC Help German
"{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F32B1F08-4042-08A6-DA31-FD3CF56F2A77}" = Catalyst Control Center Graphics Light
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"Audacity_is1" = Audacity 2.0.3
"conduitEngine" = Conduit Engine
"Der Fluch des Goldes XS" = Der Fluch des Goldes XS
"Digital Editions" = Adobe Digital Editions
"EPSON Scanner" = EPSON Scan
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.752
"Google Chrome" = Google Chrome
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"RocketDock_is1" = RocketDock 1.3.5
"Roller Coaster World" = Roller Coaster World
"Schatzjäger" = Schatzjäger
"Smart Defrag 2_is1" = Smart Defrag 2
"SONICHEROES" = SONIC HEROES
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinRAR archiver" = WinRAR Archivierer
"Wondershare Photo Story Platinum_is1" = Wondershare Photo Story Platinum 3.4.1.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3837161293-2504035848-2858964587-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker81" = GameMaker 8.1
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2013 03:29:24 | Computer Name = vulkano82 | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 26.06.2013 06:43:06 | Computer Name = vulkano82 | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.210.11 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 11f0    Startzeit:
 01ce7259b480a599    Endzeit: 20    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:
 2d70a7d5-de4d-11e2-9030-78843c306873  
 
Error - 26.06.2013 10:30:35 | Computer Name = vulkano82 | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 26.06.2013 10:30:36 | Computer Name = vulkano82 | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 27.06.2013 12:24:26 | Computer Name = vulkano82 | Source = Application Hang | ID = 1002
Description = Programm KSP.exe, Version 4.1.2.1635 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c4    Startzeit: 01ce73312a6e26c6

Endzeit:
 338    Anwendungspfad: C:\Program Files (x86)\KSP\KSP.exe    Berichts-ID: 036e2ae7-df46-11e2-b76c-78843c306873

 
Error - 28.06.2013 10:35:39 | Computer Name = vulkano82 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0x920  Startzeit der fehlerhaften Anwendung: 0x01ce740cc1170dab
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 005acaea-e000-11e2-910e-78843c306873
 
Error - 29.06.2013 16:20:46 | Computer Name = vulkano82 | Source = Application Hang | ID = 1002
Description = Programm KSP.exe, Version 4.1.2.1635 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 145c    Startzeit:
 01ce74e6004408cb    Endzeit: 151    Anwendungspfad: C:\Program Files (x86)\KSP\KSP.exe    Berichts-ID:
 b189e412-e0f8-11e2-867e-78843c306873  
 
Error - 30.06.2013 12:33:55 | Computer Name = vulkano82 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KSP.exe, Version: 4.1.2.1635, Zeitstempel:
 0x514e9809  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000222b2  ID des fehlerhaften Prozesses:
 0xc64  Startzeit der fehlerhaften Anwendung: 0x01ce75ad8bbdb23e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\KSP\KSP.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 daadc0d1-e1a2-11e2-9651-78843c306873
 
Error - 02.07.2013 12:06:29 | Computer Name = vulkano82 | Source = VSS | ID = 8194
Description = 
 
Error - 03.07.2013 06:58:12 | Computer Name = vulkano82 | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Excel: Rejected Safe Mode action : Excel konnte zuletzt 
nicht korrekt gestartet werden. Das Starten von Excel im abgesicherten Modus hilft
 Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm
 erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert
 sein.  Möchten Sie Excel im abgesicherten Modus starten?.
 
[ Media Center Events ]
Error - 12.11.2011 12:12:29 | Computer Name = vulkano82 | Source = MCUpdate | ID = 0
Description = 17:12:20 - Fehler beim Herstellen der Internetverbindung.  17:12:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.06.2012 05:00:48 | Computer Name = vulkano82 | Source = MCUpdate | ID = 0
Description = 11:00:48 - Fehler beim Herstellen der Internetverbindung.  11:00:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.06.2012 05:01:14 | Computer Name = vulkano82 | Source = MCUpdate | ID = 0
Description = 11:00:54 - Fehler beim Herstellen der Internetverbindung.  11:00:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 03.07.2013 05:11:26 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 03.07.2013 05:51:54 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 03.07.2013 05:54:02 | Computer Name = vulkano82 | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 03.07.2013 05:54:02 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 03.07.2013 05:54:35 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Soluto PCGenome Core Service erreicht.
 
Error - 03.07.2013 05:54:35 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Soluto PCGenome Core Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 03.07.2013 05:54:48 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 03.07.2013 05:55:04 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 03.07.2013 05:55:04 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%1058
 
Error - 03.07.2013 05:56:47 | Computer Name = vulkano82 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
 
< End of report >
         


Alt 03.07.2013, 12:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Zitat:
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
Ne Idee was das sein könnte?

Wer hat dir MS-Office installiert, aus welcher Quelle stammt das wohl?
__________________
--> FBDownloader wieder entdeckt

Alt 03.07.2013, 12:51   #7
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Zitat:
Ne Idee was das sein könnte?

Wer hat dir MS-Office installiert, aus welcher Quelle stammt das wohl?
ich versteh jetzt nicht ganz was du meinst.

Alt 03.07.2013, 12:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Was bitte ist an der Frage, woher dein MS-Office stammt nicht zu verstehen?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2013, 12:56   #9
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



ganz normal gekauft

Alt 03.07.2013, 13:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Lustigerweise ist kmservice/srvany aber ein typisches Merkmal einer gecrackten Office-Installation

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2013, 13:04   #11
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



mein ms office ist aber legal

edit: und ich weiss nicht warum der smiley : o ist.

Alt 03.07.2013, 13:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



kmservice/srvany ist wie gesagt ein typisches Merkmal von einem gecrackten Office, da kannst du noch 100 mal sagen, dass dein Office angeblich legal sei.

Wenn du es nicht deinstallieren willst dann stell ich den Support eben ein.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2013, 13:12   #13
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



ich weiss nicht was da los ist, ich weiss nur das mein vater mir ms office installiert hat und da irgendwas mit rabatt war, aber es war ganz legal gekauft

Alt 03.07.2013, 13:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



Wie auch immer kmservice/srvany ist im Log zu sehen
Solange Illegales drauf ist, geht es nit weiter
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2013, 13:24   #15
Galaxyman20
 
FBDownloader wieder entdeckt - Standard

FBDownloader wieder entdeckt



ich finde es schade dass einem hier eiskalt vorwürfe gemacht werden, illegale software zu haben
kann dieses srvany vielleicht irgendwie anders draufgekommen sein?

Antwort

Themen zu FBDownloader wieder entdeckt
about, browser, config, einstellungen, entdeck, entdeckt, entfernt, firefox, gen, geändert, heute, internet, kleine, kleinen, langer, neue, neue seite, neustart, probleme, rechts, schonmal, search.fbdownloader.com, seite, startseite, symbole, taskleiste, windows



Ähnliche Themen: FBDownloader wieder entdeckt


  1. Mailwarebytes hat Trojan.DNSChanger entdeckt, nach Neustart wieder da
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (3)
  2. Mailwarebytes hat Trojan.DNSChanger entdeckt. Kommt nach Neustart immer wieder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (9)
  3. Fbdownloader wie bekomme ich ihn wieder los?
    Log-Analyse und Auswertung - 03.09.2014 (27)
  4. Snapdo wieder entdeckt
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (9)
  5. http://search.fbdownloader.com/?channel=de Ist es gefährlich und wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (1)
  6. fbdownloader nach PC-Neustart wieder aktiv!
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (22)
  7. Debian entdeckt alte ImageMagick-Lücke wieder
    Nachrichten - 04.09.2013 (0)
  8. fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (7)
  9. Fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (9)
  10. Problem mit FBDownloader
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (13)
  11. fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (1)
  12. fbdownloader
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (21)
  13. Schadsoftware HDD-Repair entdeckt und entfernt, jetzt alles wieder gut?
    Log-Analyse und Auswertung - 31.08.2011 (5)
  14. Laptop langsam, "sbs_ve_ambr" immer wieder entdeckt und selbstverschickte Emails?
    Log-Analyse und Auswertung - 05.06.2011 (13)
  15. Trojaner entdeckt / gelöscht, am Folgetag neuen entdeckt (Trojan.Downloader, Trojan.Vundo)
    Plagegeister aller Art und deren Bekämpfung - 30.07.2010 (6)
  16. Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (14)
  17. Backdoor.Agent und Worm.AutoRun entdeckt - gelöscht - aber trotzdem wieder da
    Plagegeister aller Art und deren Bekämpfung - 10.09.2009 (15)

Zum Thema FBDownloader wieder entdeckt - hallo, früher (ca.vor 5 monaten) hatte ich schonmal probleme mit dem fbdownloader. jede neue seite im browser war search.fbdownloader.com und bei jedem neustart erscheinte ein pop-up, das mir sagte, ich - FBDownloader wieder entdeckt...
Archiv
Du betrachtest: FBDownloader wieder entdeckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.