| Nicklas64 | 09.09.2012 18:40 |
roper0dun.exe RunDLL Fehler immer nach dem Hochfahren von Windows 7, Exe gelöscht
Hallo, ich bekomme einen roper0dun.exe RunDLL Fehler nach dem Hochfahren von Windows 7 64-bit. Der Fehler ging erst los, seitdem AntiVir ausgeschlagen hat und ich über AntiVir die roper0dun.exe gelöscht habe. Die Log-Files aus dem Hilfepost zur Erstellung eines neuen Themas habe ich erstellt.
OTL (Name editiert): Code:
OTL logfile created on: 09.09.2012 18:56:55 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\***\Desktop\trojaner-board
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 58,35% Memory free
7,48 Gb Paging File | 5,24 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439,36 Gb Total Space | 353,20 Gb Free Space | 80,39% Space Free | Partition Type: NTFS
Drive D: | 492,06 Gb Total Space | 491,95 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 589,32 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.09 18:55:15 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\trojaner-board\OTL.exe
PRC - [2012.08.08 21:26:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.03 03:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.08.03 03:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.08.03 03:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.06.16 02:35:31 | 001,327,620 | ---- | M] (NCH Software) -- C:\Program Files (x86)\NCH Software\Talk\talk.exe
PRC - [2012.06.07 07:15:36 | 003,491,264 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012.05.08 20:20:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:20:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.09.05 19:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.17 22:32:58 | 000,810,096 | ---- | M] () -- C:\Users\***\AppData\Roaming\FileHunter\update.exe
PRC - [2011.03.17 10:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.12.25 19:04:47 | 000,520,192 | ---- | M] () -- C:\Programme\icPlus\Plugins\ICQSpamblocker\ICQSpamblocker.exe
PRC - [2010.12.25 19:04:30 | 000,548,864 | ---- | M] (Thinklabs) -- C:\Programme\icPlus\icPlus.exe
PRC - [2010.10.29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010.05.25 14:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.10 17:58:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.07.10 17:56:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.10 17:55:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.10 17:55:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.10 17:55:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.10 17:55:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.10 17:55:19 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.07.10 17:55:19 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.01.18 08:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
MOD - [2011.11.11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.09.05 19:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.17 22:32:58 | 000,810,096 | ---- | M] () -- C:\Users\***\AppData\Roaming\FileHunter\update.exe
MOD - [2010.12.25 19:04:47 | 000,520,192 | ---- | M] () -- C:\Programme\icPlus\Plugins\ICQSpamblocker\ICQSpamblocker.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.29 22:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2010.10.29 22:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010.05.07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010.05.07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010.05.07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010.05.07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010.05.07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009.04.22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.06 23:05:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.03 03:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.08.03 03:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.08.03 03:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.08.03 03:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.05.08 20:20:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:20:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.03.22 14:29:02 | 002,421,384 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.12.25 21:03:38 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.10 04:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.05.22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.05.08 20:20:57 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:20:57 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.23 13:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.18 08:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011.11.16 13:02:21 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.12 13:53:20 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.10.27 11:05:02 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.15 01:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.22 21:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.13 17:45:02 | 001,085,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.02.08 15:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 09 0F 0A D2 64 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{30835268-67C5-4141-B9CD-D11B6DF63E00}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3C8D076B-2914-4FBE-A158-AF26C1C7F7B8}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26736F7572636569643D69653726726C733D636F6D2E6D6963726F736F66743A656E2D55532669653D75746638266F653D75746638&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&k=0
IE - HKCU\..\SearchScopes\{50DADF3E-3DA3-4C1A-8F0A-191826E2049F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{579A159A-7755-4020-8799-A70CC5CF0512}: "URL" = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_deDE423
IE - HKCU\..\SearchScopes\{96E3031C-038F-48E4-A879-C691FCFC7698}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{BE933924-5A43-4663-96F1-B4072B59C138}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{E08D673B-29A0-4919-ADB2-430F5FFB8F7B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F061FB34-5332-4189-AD3B-68515310F754}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=e59775a0-13c1-4d92-8b6f-28740b9f8bb4&pid=icqt&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wii-homebrew.com/"
FF - prefs.js..extensions.enabledAddons: compatibility@addons.mozilla.org:1.1
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledAddons: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:3.0
FF - prefs.js..extensions.enabledAddons: mozilla_cc@internetdownloadmanager.com:7.3.20
FF - prefs.js..extensions.enabledAddons: web2pdfextension@web2pdf.adobedotcom:1.1
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.3
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\***\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.08 20:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.11.21 05:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.12 17:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.06 23:05:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.06 23:05:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.08 20:31:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\***\AppData\Roaming\IDM\idmmzcc5 [2012.06.18 16:03:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.06 23:05:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.06 23:05:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\***\AppData\Roaming\IDM\idmmzcc5 [2012.06.18 16:03:42 | 000,000,000 | ---D | M]
[2010.10.05 23:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.01 19:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\liaa6tye.default\extensions
[2011.06.01 17:07:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\liaa6tye.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.09.01 19:41:27 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\liaa6tye.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012.05.18 00:15:19 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\liaa6tye.default\extensions\ich@maltegoetz.de
[2012.06.18 16:18:23 | 000,003,679 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\extensions\check-compatibility@dactyl.googlecode.com.xpi
[2012.02.23 12:21:57 | 000,164,722 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.08.23 13:03:33 | 000,010,449 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.04.03 21:45:09 | 000,023,087 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
[2012.07.25 16:46:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.30 09:07:32 | 000,000,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\searchplugins\conduit.xml
[2010.12.25 19:05:31 | 000,001,088 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\searchplugins\{267ED1EA-46D3-48EA-849C-0F7B86C03FFF}.xml
[2010.12.25 19:02:09 | 000,001,864 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\searchplugins\{5DD2D9EF-D20E-4FE1-A9B9-B502DE0AB325}.xml
[2010.12.25 19:02:09 | 000,002,071 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\searchplugins\{C369F9C0-22F4-4730-87D0-517023F9A0A5}.xml
[2010.12.25 19:02:09 | 000,002,182 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\liaa6tye.default\searchplugins\{E9C96E4D-9C10-4F9F-850D-AE98C2A2498C}.xml
[2012.09.06 23:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 23:05:52 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2011.11.21 05:29:00 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.02.12 17:17:41 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.06.18 16:03:42 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\***\APPDATA\ROAMING\IDM\IDMMZCC5
[2012.09.06 23:05:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.11.21 05:08:52 | 000,422,497 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14566 more lines...
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [icPlus] C:\Programme\icPlus\icPlus.exe (Thinklabs)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [Talk] C:\Program Files (x86)\NCH Software\Talk\talk.exe (NCH Software)
O4 - HKCU..\Run: [FileHunter Check for updates] C:\Users\***\AppData\Roaming\FileHunter\update.exe ()
O4 - HKCU..\Run: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: ????3?? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: ????3?????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: ????3?? - Reg Error: Value error. File not found
O8 - Extra context menu item: ????3?????? - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ7.2\ICQ6.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ7.2\ICQ6.5\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F0A0470-336C-449E-BB4E-8A18745E0629}: NameServer = 10.71.40.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F958C842-9AC1-4445-A7C2-EFCBF65DDEF7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.09 18:47:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\trojaner-board
[2012.09.06 23:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.06 23:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.04 00:17:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2012.09.01 19:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.01 19:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.01 18:10:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2012.09.01 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Geheimakte 3
[2012.09.01 18:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2012.09.01 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2012.09.01 18:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012.09.01 17:38:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Computerspiele
[2012.08.30 23:44:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2012.08.30 23:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2012.08.30 23:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVToolNix
[2012.08.18 20:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.15 16:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012.08.15 16:00:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeleOne GmbH
[2012.08.12 01:39:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LiliumWare
========== Files - Modified Within 30 Days ==========
[2012.09.09 18:59:59 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.09 18:59:59 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.09 18:58:45 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.09 18:58:45 | 000,698,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.09 18:58:45 | 000,652,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.09 18:58:45 | 000,148,798 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.09 18:58:45 | 000,121,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.09 18:52:23 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.09 18:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.09 18:52:04 | 3013,206,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.09 18:51:07 | 000,000,198 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.09.09 15:04:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 23:04:06 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.01 18:12:16 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001CC4.LCS
[2012.09.01 04:17:17 | 000,000,666 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2012.08.31 02:10:58 | 000,001,368 | ---- | M] () -- C:\Windows\wininit.ini
[2012.08.30 23:07:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 23:07:35 | 000,001,891 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.27 18:08:54 | 000,474,751 | ---- | M] () -- C:\Users\***\Desktop\Anschreiben von Philips.pdf
[2012.08.22 23:54:18 | 000,111,704 | ---- | M] () -- C:\Users\***\Desktop\glasfaser-info-big.jpg
[2012.08.18 20:52:11 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.17 22:30:16 | 005,412,031 | ---- | M] () -- C:\Users\***\Desktop\Y-TITTY - Der Letzte Sommer.mp3
[2012.08.16 10:49:13 | 000,417,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 18:45:39 | 000,000,600 | ---- | M] () -- C:\Users\***\PUTTY.RND
[2012.08.14 21:35:14 | 000,001,134 | ---- | M] () -- C:\Users\***\Desktop\DivX Plus Player.lnk
========== Files Created - No Company Name ==========
[2012.09.09 18:51:07 | 000,000,198 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.09.06 23:04:06 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.06 23:04:06 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.01 18:10:38 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001CC4.LCS
[2012.08.31 02:10:51 | 000,001,368 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.30 23:07:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 23:07:35 | 000,001,891 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.27 18:08:54 | 000,474,751 | ---- | C] () -- C:\Users\***\Desktop\Anschreiben von Philips.pdf
[2012.08.22 23:54:18 | 000,111,704 | ---- | C] () -- C:\Users\***\Desktop\glasfaser-info-big.jpg
[2012.08.18 20:52:11 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.17 22:27:12 | 005,412,031 | ---- | C] () -- C:\Users\***\Desktop\Y-TITTY - Der Letzte Sommer.mp3
[2012.08.14 21:35:14 | 000,001,134 | ---- | C] () -- C:\Users\***\Desktop\DivX Plus Player.lnk
[2012.08.08 22:08:24 | 000,000,245 | ---- | C] () -- C:\Users\***\.swfinfo
[2012.07.18 11:26:54 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.23 01:54:51 | 000,007,681 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.08.28 22:32:14 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{0C48C2E0-6E83-4BE7-8B1D-A13B45F53EF6}
[2011.01.20 18:12:57 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011.01.16 20:21:14 | 000,000,666 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2011.01.10 18:06:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.12.19 20:23:21 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010.12.19 18:33:55 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.12.19 18:19:59 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2010.12.14 00:35:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.12.02 21:29:20 | 000,000,600 | ---- | C] () -- C:\Users\***\PUTTY.RND
[2010.11.30 21:52:13 | 000,000,210 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss
[2010.11.12 13:51:38 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.11.12 13:51:36 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.11.12 13:51:36 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.10.08 18:47:31 | 000,245,227 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.10.08 18:47:31 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.10.05 23:54:13 | 001,594,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2011.09.12 01:07:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apowersoft
[2010.12.14 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2012.02.18 22:34:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2010.12.19 20:23:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.04.01 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.myavatareditor.MyAvatarEditor.6C70FE1C32C5A720658ABA78363E87592FD88E3E.1
[2010.12.03 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen
[2011.11.08 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2012.09.09 18:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DMCache
[2010.12.03 19:51:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\doas
[2010.12.19 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2012.08.03 23:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.08.05 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileHunter
[2010.12.19 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2010.12.19 18:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO
[2010.12.25 20:33:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
[2010.12.25 19:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\icPlus
[2011.11.23 01:07:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.08.21 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDM
[2010.12.14 00:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.08.28 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.08.30 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2010.12.03 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\oald8
[2010.12.25 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2010.12.25 19:02:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.07.22 18:06:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outertech
[2012.05.03 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Phoner
[2012.09.01 18:10:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2011.02.02 00:39:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Raptr
[2010.11.30 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.19 04:21:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.08.15 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeleOne GmbH
[2010.10.05 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.04.18 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WiiQt
[2010.12.19 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xi
[2011.11.21 03:09:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\YCanPDF
[2012.09.05 20:27:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extras (Name editiert): Code:
OTL Extras logfile created on: 09.09.2012 18:56:55 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\***\Desktop\trojaner-board
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 58,35% Memory free
7,48 Gb Paging File | 5,24 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439,36 Gb Total Space | 353,20 Gb Free Space | 80,39% Space Free | Partition Type: NTFS
Drive D: | 492,06 Gb Total Space | 491,95 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 589,32 Gb Free Space | 42,18% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5C4A1B-6719-419B-AF55-DB05B5B1447D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CC10C13-189B-482A-AF7B-A0D31D1ACFAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F91EEA1-14E6-43C7-B674-5C8F1DB8CF38}" = lport=8001 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{219901BE-40B4-4892-AD26-2536B39F5946}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{3133131A-5DC9-461D-8AC6-7373D75206CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A863641-AA7F-427D-B4A2-28611873E248}" = rport=139 | protocol=6 | dir=out | app=system |
"{3AC5EF58-D170-42DE-866F-0D96E84F5F99}" = lport=8003 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{3AD42846-3C25-43EE-9FD6-AAAF5F405850}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C887DA3-7FE9-4A93-BBCA-9A5EE3DF8134}" = lport=138 | protocol=17 | dir=in | app=system |
"{3DE18509-4780-4BC6-B9CD-464B50ED5CBA}" = lport=8001 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{40915612-8E9B-4B1D-AA96-AB36EA5776C6}" = lport=8009 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{40C899E9-0ABF-46A7-AC42-73080D6682BD}" = lport=8006 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{4ED04827-B3E3-4C39-A0BE-6553C677815F}" = lport=8004 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{51EB3A6B-D4CF-4427-98BF-70C59B54F3CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53670BBC-93DB-4095-8EBD-7E59FD8445A3}" = lport=8004 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{58969C14-CE42-41A8-89A4-7CA1CB7D5FEB}" = rport=50001 | protocol=17 | dir=out | name=vuze |
"{5A75BF8B-148D-48C0-A794-FB08BB0268F9}" = lport=8003 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{63D82F4C-99CB-4932-AF0E-87A981E3AD52}" = lport=8000 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{6BC9EF18-A7B7-4CF6-9700-2EBE53213A63}" = lport=8006 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{71DC16DE-8C24-4361-9280-9811A5B99DAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{77B78FB0-41EA-4749-912D-D2319E626BFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{792521E7-1E7D-4FE4-9184-7B3D4AD16B35}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A2EBD8C-E453-4F03-8BE8-6E345C6D783A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{83517F09-92C7-444D-8B8F-CA412D7A9558}" = lport=137 | protocol=17 | dir=in | app=system |
"{89B492F8-BF20-401E-BFC8-F508807FA471}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8EA263CA-661D-43D7-BD2B-67DAF111B648}" = lport=50001 | protocol=17 | dir=in | name=vuze |
"{9102337C-A506-47A2-AB13-216A3A0C8725}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{951CDE1D-ED29-445A-AE02-BB193090F380}" = lport=8009 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{966E0C01-1D4C-41E9-A76F-635CEC717B86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96B8889B-93A0-4D4E-B1D8-1D0EC63F2AC3}" = lport=8008 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{9734373F-97A1-4514-B087-B0F635519BF1}" = lport=8002 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{97DF1327-FEE7-4351-94E8-CB2A172A8341}" = rport=138 | protocol=17 | dir=out | app=system |
"{98F0BC79-3CE8-4472-93BD-4C8EC2103FA0}" = lport=445 | protocol=6 | dir=in | app=system |
"{991A0C0C-E3C3-465C-AE70-E74ADCA00878}" = rport=50001 | protocol=6 | dir=out | name=vuze |
"{9B60BB90-5F74-489B-8BF8-E828956A3C58}" = lport=8000 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{9D900473-3A25-4355-9049-0EEDD091ABA7}" = lport=8007 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{A244A1F0-6702-4117-9607-05BFF366E370}" = rport=137 | protocol=17 | dir=out | app=system |
"{B030DF5C-9058-492C-AB9E-BD346845FC8D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0A27EB6-7022-4082-A689-C305EAC510E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B35DC98F-C6B8-45D9-9C31-AADFFBFA368D}" = lport=8008 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{B9085746-24E5-46DB-BD63-94D2F6EEECC2}" = lport=50001 | protocol=6 | dir=in | name=vuze |
"{BC5BE961-73C2-4810-8FD5-9FE75BC5A0D1}" = lport=8005 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{BD2688F7-0205-431C-BC4F-290B51F5F931}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C809E248-307F-437E-A373-347D3963903F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C89A32EE-FB3F-4C0D-AF2A-51054A9EDE2C}" = lport=5070 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{D2DAA003-A2EF-4A79-9320-B4100248A037}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D31707CB-06CA-4451-8B4A-ECE602B692A2}" = lport=8007 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{D812281E-3672-40F8-A1CB-2626FA22CE1B}" = lport=5070 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{D933622A-CB6F-4B38-B71E-464045B39B44}" = lport=8005 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\talk\talk.exe |
"{DB6E650E-CA8D-4C67-A637-2D36AD44F892}" = lport=8002 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"{E6FDD264-A00C-43CE-99EE-7B825B141501}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0344D9A4-BE50-4D6C-80EA-BAC2163744F3}" = protocol=6 | dir=out | app=system |
"{04973DF8-2CF2-4537-B94C-C024F3523D9B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{0CB778F9-98AD-4AD6-9243-520128648621}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{12C6C235-8460-465C-92E7-8E0D1BF1BE50}" = protocol=6 | dir=in | app=c:\program files (x86)\apowersoft\video download capture\video-download-capture.exe |
"{15F4CF57-64F4-41E1-BF44-B3724DDD4079}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{18EC58F1-564F-4974-BCB8-3943D9C2AA80}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{1A2A4B0F-ADF7-407A-9F97-98B1FFC0B701}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{29CD07A0-0AB2-46EC-B4DD-C9655D3A2D39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31A2AC21-EC04-49E2-BE58-320C86BE7B92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{35141C13-66BC-4359-8513-3185C561E130}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{3A615FA3-6FB4-42FE-BFDC-52ADD15AA599}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AA034EA-1E00-4687-9AFE-BD824DFCFC33}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3B5F09D6-BCE7-4858-9201-AD613EA49D99}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{3EE55CDB-5BD5-4F7D-97A1-42B9C3CFEC04}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\filehunter\pumpa.exe |
"{472B93FB-DB7C-4280-B577-239C5C29F3C1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{49F2BA33-E238-4390-BED5-FA8BE0CAA268}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5045054C-EDA8-40CA-8D0A-806D8BECDC84}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{57AD5656-5034-4EA0-913A-9810A0BDECBE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57C99E45-293E-41F9-8F48-59EBDACCB440}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{5BB85DE8-FBB9-4734-AB65-4257CA2DAB29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{5D86CCE3-3121-45CB-A58C-1D68C0B713EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{5EBC39EA-6B0F-419B-9B99-C6C619D518B3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq6.5\icq.exe |
"{6087D050-6311-40C4-9489-5607F0243BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"{623F6561-F3DE-4F7C-9A89-72E79517ADFD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{63BF3481-C0EE-4FCD-88C5-99F3E9439D3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{6CCCFB55-8EBD-4DD7-BF74-F15E0052012D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{6E30EF6F-ABED-417A-9CF8-5CAFF2F800C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6EEC4660-2B24-4E82-B042-137BD8287801}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{6EED3F91-6C40-47E3-BC7B-6FFF9B364A07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{708D6538-689E-4A01-BADF-F45F929D507F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7175D198-0947-4CBE-B454-BFDE98B71865}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{73EF0DA7-8815-4CE8-B4D5-AB6F793A22BD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{74FFAE74-110A-41B0-9D62-CE94E75D42C9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{77514165-2CDD-41F1-B4AA-09B9F83C236B}" = protocol=17 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"{79360123-6C19-47CD-8D7D-621193569258}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{79575B8A-88D5-4BD1-A18E-D2458A3843E5}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{803A6718-2F0A-4034-92BB-F4E4C020F506}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84B4AFA3-A09C-4766-97F0-DCCEFBCE988E}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{898F99FB-3D34-49F1-BD63-D7DC978334D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BB592F6-DA25-4C2D-BA6F-1ABBD8414FEB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8C6B2D74-5717-4B5C-81CF-43D8B235697A}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{8D36D31B-8AEF-4546-A6F8-F03207C19045}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8F3000AB-5174-4575-8341-C7A8DE38CDBB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8F903652-C71A-474F-B9DE-A1E223A37523}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93981D7D-389D-47F3-8228-FE833210CA33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{978D7132-B371-4EA3-ADDC-89B8612C1CFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9DFFFA31-5F53-44F3-A5B7-A669AD48926E}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{A37667F1-3D37-4361-9366-9094A664C1E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A48CD69A-E1D8-4F21-A241-984991CB207B}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{ABC8A51D-6497-4AB2-ACFA-E729661C6A30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC17C351-2C61-46DD-A022-7EC1AC662E5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{AD51A068-5C63-456A-91F4-7176B6359351}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{AFC4E26E-7597-44B4-B674-170A41A998F7}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{B121B0B7-76F2-47F3-BEEB-71D384EA07BF}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{B73A2B91-C3A8-4914-A264-20C56F79091D}" = protocol=17 | dir=in | app=c:\program files (x86)\apowersoft\video download capture\video-download-capture.exe |
"{B9C814B6-BFFC-4CC4-8C4E-77DDA4034C36}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{BC9E4128-4044-4852-91DA-56F083FC7FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq6.5\icq.exe |
"{BDA3E212-3D92-47F8-9DE2-CF3FB391B011}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE9245B4-1C0C-451B-B2E7-1BE3437EF5F6}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C51B0E2B-76A2-4B6D-9193-9EBCB4EA830B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{C74EEF26-3773-4EAC-8308-20EA486427ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{CFE90404-5772-4633-8999-95324F37C842}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq6.5\icq.exe |
"{D01C3680-F21B-4C28-A9FF-EE7386524450}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D408F353-D3E0-41AD-93D1-39E34C3DA99F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{D517EDFB-2A1F-46E7-93E3-954037D2B0A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D63F172E-B668-49AD-9E6C-207EA3EC8385}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{DA56EF00-EF13-4665-80FF-D9B113DA5B29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA5C9028-CE89-47C6-A522-4C6DE0AC9B21}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC612F87-1CB0-4D65-A348-BE6E08BF417C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD37DF1C-4373-4D1E-ADA4-17ECCB029CA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE5C12F5-CC28-49ED-8F77-46163CA6A256}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\filehunter\pumpa.exe |
"{DFA6DD20-D432-4B5F-82C7-855305BF23D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{E4AD7C81-62E5-4929-87F7-47E1319B95A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{E6165BB2-BC95-481C-88D1-8D89F3C61BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{E855E01E-F966-4FA2-9E9C-0B2FD09A35AC}" = protocol=6 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"{EC2DC129-E4AB-4851-83F6-E68469774D2B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq6.5\icq.exe |
"{EC50237C-55FB-43EE-B175-530C89E16F6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EEDA72A7-C759-4C1A-BDB2-C37EDF684844}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F106D476-CF12-4303-B678-83215B36FE55}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F2CC6AC4-22E4-4E0B-BA05-F42EB9B48882}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F5B7C600-DD43-4AAE-89A7-A1FDDFC2381D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6E078E1-B1D9-4D7B-B913-71CE5ABD0F25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{FC9D6365-469A-439D-84B0-38C4DA5721D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FF04781F-B75B-4433-97CD-A1032379301A}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{0E02593C-8088-41F1-AFCB-FF57ABCB0627}C:\users\***\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\filehunter\pumpa.exe |
"TCP Query User{210F3EDB-4F52-459B-8078-80A2FEE0D924}C:\program files (x86)\apowersoft\video download capture\video-download-capture.exe" = protocol=6 | dir=in | app=c:\program files (x86)\apowersoft\video download capture\video-download-capture.exe |
"TCP Query User{338A4DD7-CC2B-4760-A7D9-BF04DBA90548}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{58C19550-7FC3-4C20-97DF-8D7BA99044AA}C:\program files (x86)\phoner\phoner.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"TCP Query User{68F940A4-1C0B-4C7B-8113-11240FE05F5D}C:\program files\xi\netxfer\nettransport.exe" = protocol=6 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe |
"TCP Query User{7F18D5D2-A006-4683-9578-9C42320FB538}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{877FE1A0-CC11-481D-A140-12D1C7276C28}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{8ABB861D-893D-44D2-A6CE-2223559B4664}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9286CF8F-E258-4F1A-963C-E5F8CF5FD3C1}C:\program files (x86)\nch software\talk\talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"TCP Query User{9C73EBC2-955A-46A7-ACCA-2E552327DADE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{A1C0C2D4-B579-40DA-A480-3F9AA1F48FCA}C:\program files (x86)\counterpath\x-lite 4\x-lite4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counterpath\x-lite 4\x-lite4.exe |
"TCP Query User{B675F8C7-382A-46E0-A27F-CA86BCB84A05}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{BFAC8577-36E9-4B6C-AF1F-2E72DF0C1F21}C:\program files (x86)\nch software\talk\talk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"TCP Query User{F095F132-2118-4F31-B7E5-075718EC8362}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{F4C82A9D-6E1C-4013-8969-1F2D3A98D945}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{FB1870D0-59D2-4355-9EF7-D95AAED35670}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FF3C4E06-95EC-4E14-B68C-6EBAF36A6170}C:\program files (x86)\cesarftp\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cesarftp\server.exe |
"UDP Query User{037A466A-7078-4F2D-8001-B650D7CAD882}C:\program files (x86)\cesarftp\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cesarftp\server.exe |
"UDP Query User{0B566EC1-1314-440D-8344-F38D758D8CF1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{21127E5D-2538-47B4-B0D7-29CC3A418367}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{3296F2C2-F0ED-4824-94F7-F295E323A691}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{4A9A138A-EABF-4655-B586-E101079E8278}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{51B31A36-C22C-4E56-97FC-CEFCAFD73F38}C:\users\***\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\filehunter\pumpa.exe |
"UDP Query User{636D0724-F085-4537-B2F5-1A5B61D68905}C:\program files\xi\netxfer\nettransport.exe" = protocol=17 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe |
"UDP Query User{ACBCA028-952A-475C-AF86-A0B08F865D9E}C:\program files (x86)\nch software\talk\talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"UDP Query User{B98660FA-1C9B-4859-AC9F-50EA2554B64A}C:\program files (x86)\phoner\phoner.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"UDP Query User{B9F64E79-6722-40AC-8952-C726A17AF5D6}C:\program files (x86)\nch software\talk\talk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nch software\talk\talk.exe |
"UDP Query User{CA0312DB-4A6E-444A-AED7-A07F840FF454}C:\program files (x86)\apowersoft\video download capture\video-download-capture.exe" = protocol=17 | dir=in | app=c:\program files (x86)\apowersoft\video download capture\video-download-capture.exe |
"UDP Query User{CCA63BCC-A98D-4CE7-B17A-20F12EE0678A}C:\program files (x86)\counterpath\x-lite 4\x-lite4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counterpath\x-lite 4\x-lite4.exe |
"UDP Query User{D2A86366-F5B0-4932-A1F5-0F3B4C6BD3AD}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{D419E298-0C72-4FB0-B7EF-80CA99FF167C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D52EFBFD-CB20-464A-ACF7-D6A5242337BF}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{ECC5BCD3-CE45-412E-9EDD-C6A9BF43DF89}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{FED66BFC-BEF0-4A8B-A5C0-8FDD94D47318}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E34002C7-8CE7-3F76-B36C-09FA973BC4F6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CyberGhost VPN_is1" = CyberGhost VPN
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"LameACM" = Lame ACM MP3 Codec
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SearchAnonymizer" = SearchAnonymizer
"VistaGlazz_is1" = VistaGlazz 2.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B407A54-6CF2-42B5-B419-E900B2E36972}" = 1500
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57660847-B1F7-35BD-9118-F62EB863A598}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{765BF404-2FEE-492B-9E7F-A55143796EF1}" = Geheimakte 3
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7.3
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB8B34DE-4A49-9295-2B2F-9F739A82A463}" = My Avatar Editor
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9370463-B35E-473F-BB0D-4FC572A1F9DF}" = MAGIX Video easy SE
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D73A0AA4-BF06-49A5-9DAC-6940DDBB5898}" = Focus on Grammar
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E04DD0A9-D08C-4B80-AEBF-E6B4FB8D4F71}" = ASUS WLAN Card Utilities/Driver
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bejeweled 31.0.8.6128" = Bejeweled 3
"CesarFTP 0.99g_is1" = CesarFTP 0.99g
"com.myavatareditor.MyAvatarEditor.6C70FE1C32C5A720658ABA78363E87592FD88E3E.1" = My Avatar Editor
"conduitEngine" = Conduit Engine
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup" = DivX-Setup
"Free Video Dub_is1" = Free Video Dub version 2.0.12.706
"GLVIEW3" = OpenGL Extensions Viewer 3.0
"Guid" = Logitech Productivity Software
"HotspotShield" = Hotspot Shield 2.67
"icPlus" = icPlus
"ICQSpamblocker" = ICQSpamblocker
"Internet Download Manager" = Internet Download Manager
"LameACM" = Lame ACM MP3 Codec
"Logitech Vid" = Logitech Vid HD
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"MKVToolNix" = MKVToolNix 5.7.0
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCH_DE Toolbar" = NCH DE Toolbar
"NFOPad" = NFOPad 1.64
"NSIS_doas" = Das große Oxford Wörterbuch
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QUICKfind" = QUICKfind server v1.1
"Revo Uninstaller" = Revo Uninstaller 1.90
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Simplyzip" = Simplyzip (remove only)
"Talk" = Express Talk
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinPcapInst" = WinPcap 4.1.1
"X Codec Pack" = X Codec Pack
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery
"FileHunter" = FileHunter
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.09.2012 14:51:39 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.09.2012 15:06:30 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 05.09.2012 15:18:52 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\simplyzip\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\simplyzip\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 06.09.2012 14:06:12 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 06.09.2012 17:51:55 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\simplyzip\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\simplyzip\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.09.2012 15:03:19 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.09.2012 14:33:25 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\simplyzip\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\simplyzip\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 08.09.2012 14:36:02 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.09.2012 18:47:08 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 09.09.2012 08:50:30 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\simplyzip\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\simplyzip\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 13.01.2011 15:34:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:34:48 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
[ System Events ]
Error - 02.09.2012 12:01:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 05.09.2012 14:28:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SearchAnonymizer erreicht.
Error - 05.09.2012 14:28:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 06.09.2012 13:49:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SearchAnonymizer erreicht.
Error - 06.09.2012 13:49:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 07.09.2012 14:41:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SearchAnonymizer erreicht.
Error - 07.09.2012 14:41:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.09.2012 19:12:08 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 08.09.2012 19:12:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 08.09.2012 19:12:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
< End of report >
Ich bitte um Hilfe, vielen Dank. |
