| |
| |||||||
Log-Analyse und Auswertung: 95.com und Backdoor.AgentWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.01.2012, 18:01
| #1 |
| |  95.com und Backdoor.Agent Tachchen, Wie so viele habe ich mir um weihnachten was eingefangen >.< Ich hab ein Backdoor agend druff und dieses 95.com sowie mediashifting.com dingens Ich weiß das hier eigentlich nur Platt und neu hilft. Leider ist das aber aktuell keine Lösung für mich , da ich meine Abschlussarbeit auf dem Rechner schreibe ^^# also hier bekommt Ihr ein paar Logs in der Hoffung, dass Ihr mir helfen könnt. OTL Code:
ATTFilter OTL logfile created on: 09.01.2012 13:12:43 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***1f\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 44,13% Memory free 7,87 Gb Paging File | 5,51 Gb Available in Paging File | 70,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 296,08 Gb Total Space | 29,76 Gb Free Space | 10,05% Space Free | Partition Type: NTFS Computer Name: IBR42 | User Name: ***1| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.09 13:11:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***1\Downloads\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\***1\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.11.09 18:25:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.04 13:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.11 07:33:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.06.17 18:01:42 | 000,923,648 | ---- | M] () -- C:\Program Files (x86)\SensorsViewPro41\svservice.exe PRC - [2009.06.22 21:51:14 | 000,047,464 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe ========== Modules (No Company Name) ========== MOD - [2011.11.26 08:15:52 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.11.09 18:25:34 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.09.22 18:03:40 | 002,666,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll MOD - [2009.08.17 22:54:46 | 000,136,520 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office12\OUTLCTL.DLL MOD - [2009.02.27 16:40:05 | 001,421,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.DEU MOD - [2006.10.27 15:35:18 | 000,436,512 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office12\ADDINS\UMOUTL~1.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.25 10:10:33 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64) SRV:64bit: - [2010.03.30 10:02:08 | 000,189,304 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV:64bit: - [2010.03.30 10:01:06 | 000,143,224 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV:64bit: - [2010.03.30 09:59:54 | 000,335,224 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV:64bit: - [2009.10.08 23:00:00 | 003,650,344 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2009.08.20 14:52:26 | 000,145,792 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV:64bit: - [2009.07.24 08:08:00 | 000,280,128 | ---- | M] (iC ComPas GmbH & Co KG) [Auto | Running] -- C:\Program Files\SmartCase Logon+\System\logonuser.exe -- (LogonUserService) SRV:64bit: - [2009.07.14 02:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC) SRV:64bit: - [2009.07.14 02:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:64bit: - [2009.07.14 02:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC) SRV:64bit: - [2009.03.12 13:04:14 | 000,321,600 | ---- | M] (iC ComPas GmbH & Co KG) [Auto | Running] -- C:\Program Files\SmartCase Logon+\System\SmartyLog.exe -- (SmartyLogService) SRV:64bit: - [2008.07.29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2008.05.16 12:37:54 | 000,284,672 | R--- | M] (charismathics) [Disabled | Stopped] -- C:\Windows\SysNative\cmTCS64.exe -- (cmTCS64 Service) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.04 13:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.11.11 07:33:25 | 000,135,336 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.08.08 17:41:04 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010.06.17 18:01:42 | 000,923,648 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SensorsViewPro41\svservice.exe -- (SensorsVService) SRV - [2010.05.16 16:09:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.27 15:09:22 | 001,054,568 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.07.31 22:11:04 | 002,688,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\ATService.exe -- (ATService) SRV - [2009.07.30 09:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Disabled | Stopped] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV - [2009.07.21 17:31:20 | 000,062,312 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService) SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.07.01 13:40:00 | 000,324,672 | ---- | M] () [Auto | Running] -- C:\Programme\SmartCase Logon+\Password Manager\SmartCaseServer.exe -- (SmartCaseServer) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA) SRV - [2008.12.11 14:39:40 | 000,120,088 | ---- | M] (EMC Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.5\retrorun.exe -- (RetroExpLauncher) SRV - [2008.06.13 04:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service) SRV - [2007.02.12 23:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.11.04 20:33:18 | 000,349,072 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 13:36:34 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.03.04 13:36:34 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.01.19 12:12:08 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.01.19 12:12:07 | 000,043,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.01.18 22:07:54 | 000,018,944 | ---- | M] (3Dconnextion Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\3dxkmj.sys -- (KMJHidMini) DRV:64bit: - [2011.01.18 22:07:54 | 000,007,168 | ---- | M] (3Dconnextion Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\3dxshim.sys -- (KMJShim) DRV:64bit: - [2010.12.15 11:00:40 | 000,015,360 | ---- | M] (3Dconnextion Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\3dxhid.sys -- (3dxhid) DRV:64bit: - [2010.11.21 13:11:24 | 000,508,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.08.08 17:41:05 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010.08.08 17:41:03 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV:64bit: - [2010.08.08 17:40:53 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.08.08 17:40:44 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.05.11 23:04:54 | 000,014,696 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FJGSDisk.sys -- (FJGSDisk) DRV:64bit: - [2010.03.30 10:00:16 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.10.08 23:00:00 | 000,044,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wisdpen.sys -- (WISDPen) DRV:64bit: - [2009.10.08 23:00:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.10.08 23:00:00 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2009.09.10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.09.04 15:44:46 | 003,531,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.08.27 16:31:48 | 000,043,584 | ---- | M] (iC ComPas GmbH & Co KG ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fcrimg4.sys -- (fcrimg4) DRV:64bit: - [2009.08.27 09:11:02 | 000,023,040 | ---- | M] (Fujitsu America, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FjBtnDrv.sys -- (Fjbtndrv) DRV:64bit: - [2009.08.27 07:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.24 12:21:32 | 000,254,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.08.07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.31 23:10:26 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2009.07.17 14:01:36 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 01:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.07.10 05:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.03 16:51:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.06 23:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.05.13 21:13:00 | 000,058,400 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2009.05.05 20:09:42 | 000,019,968 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FscGabi.sys -- (FscGabi) DRV:64bit: - [2009.05.05 20:08:48 | 000,018,944 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FscBapi.sys -- (FscBapi) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.08.14 14:32:34 | 000,021,032 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.SYS -- (FBIOSDRV) DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2008.03.17 12:08:08 | 000,017,192 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2007.06.28 11:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64) DRV:64bit: - [2007.06.28 11:46:20 | 000,017,408 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcmx64.sys -- (nmwcdcmx64) DRV:64bit: - [2007.06.28 11:46:20 | 000,017,408 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcjx64.sys -- (nmwcdcjx64) DRV:64bit: - [2007.02.15 15:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid) DRV:64bit: - [2006.11.01 18:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 18:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2008.07.26 19:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | System | Running] -- C:\Program Files (x86)\SensorsViewPro41\drv\sensorsview32_64.sys -- (sensorsview) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 F6 E2 CA 72 14 CB 01 [binary data] IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.05.02 13:38:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2011.11.29 09:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.02 16:39:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files (x86)\Flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 18:25:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.09 00:44:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.02 16:39:08 | 000,000,000 | ---D | M] [2011.05.03 13:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***1\AppData\Roaming\mozilla\Extensions [2011.02.20 22:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***1\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.17 09:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***1\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2011.05.03 13:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***1\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} [2012.01.08 00:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions [2011.12.21 18:03:20 | 000,000,000 | ---D | M] (Telify) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\{6c5f349a-ddda-49ad-bdf0-326d3fe1f938} [2011.12.25 20:23:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.12.13 18:54:09 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2011.11.29 09:37:30 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\DeviceDetection@logitech.com [2011.12.19 18:21:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\foxyproxy@eric.h.jung [2011.12.17 14:01:23 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\piclens@cooliris.com [2011.02.17 10:09:41 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\***1\AppData\Roaming\mozilla\Firefox\Profiles\qoqtr3l5.default\extensions\tineye@ideeinc.com [2011.11.09 18:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.03 00:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.11.09 18:25:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.01 06:32:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 06:32:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 06:32:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 06:32:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 06:32:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 06:32:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***1\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***1\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***1\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\***1\AppData\Roaming\Mozilla\plugins\npatgpc.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Google Text & Tabellen = C:\Users\***1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3_0\ CHR - Extension: Logitech Scroll App = C:\Users\***1\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\3.0.29_0\ CHR - Extension: AT_KarimRashidV3 = C:\Users\***1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjcbfljkplgifccngillicohclloidg\3_0\ CHR - Extension: Skype Click to Call = C:\Users\***1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Evernote Web Clipper = C:\Users\***1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.1.20.4691_0\ O1 HOSTS File: ([2011.12.29 21:02:38 | 000,441,231 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: dragnic.com/bio540 bio O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 15167 more lines... O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [FjStrtAp] C:\Programme\Fujitsu\Utils\FjStrtAp.exe (Fujitsu Computer Systems Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\ScrollApp\KhalScroll.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SclStart.exe] C:\Programme\SmartCase Logon+\System\SclStart.exe (Fujitsu Technologies Solutions) O4:64bit: - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450..\Run: [FjWirSel] C:\Programme\Fujitsu\WirelessSelector\FJWSLauncher.exe (FUJITSU LIMITED) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.01.04 12:20:05 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\***1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.01.05 08:35:49 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\***1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.246.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rdmt.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E06C999-9105-4BBD-8DA7-CEC7EEDFDA11}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32021C4D-266B-47E8-9962-DB2AADB42255}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50776C2D-301A-4368-8F1C-463BB93B2B6A}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E50649-428F-492E-A0A6-D5E43A210ED6}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3044B50-0C2B-465E-A652-281815FE9041}: DhcpNameServer = 192.168.246.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\AutorunsDisabled - No CLSID value found O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-4262544425-3489078898-2591417369-2450 Winlogon: Shell - (C:\Users\***1\AppData\Local\94ad51d2\X) -C:\Users\***1\AppData\Local\94ad51d2\X () O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.07 20:35:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{07f8cb01-d463-11df-b969-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{07f8cb01-d463-11df-b969-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0f9ac295-cc64-11df-bbfa-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{0f9ac295-cc64-11df-bbfa-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0f9ac2a1-cc64-11df-bbfa-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{0f9ac2a1-cc64-11df-bbfa-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0f9ac2ad-cc64-11df-bbfa-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{0f9ac2ad-cc64-11df-bbfa-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{163209d6-8fd5-11df-af3b-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{163209d6-8fd5-11df-af3b-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{163209dc-8fd5-11df-af3b-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{163209dc-8fd5-11df-af3b-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{163209f6-8fd5-11df-af3b-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{163209f6-8fd5-11df-af3b-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{163209f8-8fd5-11df-af3b-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{163209f8-8fd5-11df-af3b-0026b65ad485}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4c5332aa-4f07-11e0-86e6-0026b65ad485}\Shell - "" = AutoRun O33 - MountPoints2\{4c5332aa-4f07-11e0-86e6-0026b65ad485}\Shell\AutoRun\command - "" = D:\EMP_UDSe.exe /autorun O33 - MountPoints2\{4f9ba0e7-940c-11df-b160-002326b94e5c}\Shell - "" = AutoRun O33 - MountPoints2\{4f9ba0e7-940c-11df-b160-002326b94e5c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4f9ba0ea-940c-11df-b160-002326b94e5c}\Shell - "" = AutoRun O33 - MountPoints2\{4f9ba0ea-940c-11df-b160-002326b94e5c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4f9ba1c4-940c-11df-b160-002326b94e5c}\Shell - "" = AutoRun O33 - MountPoints2\{4f9ba1c4-940c-11df-b160-002326b94e5c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4f9ba1fd-940c-11df-b160-002326b94e5c}\Shell - "" = AutoRun O33 - MountPoints2\{4f9ba1fd-940c-11df-b160-002326b94e5c}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.09 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Local\LogiShrd [2012.01.05 08:35:48 | 000,000,000 | -H-D | C] -- C:\Users\***1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.01.04 12:20:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011.12.31 11:13:46 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Roaming\Adobe Mini Bridge CS5 [2011.12.31 11:13:45 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.12.29 20:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.12.29 20:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.29 20:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.12.25 22:23:41 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Roaming\Malwarebytes [2011.12.25 22:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.25 22:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.25 22:23:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.25 22:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.25 22:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker 2003 DE [2011.12.25 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RPG Maker 2003 [2011.12.25 20:36:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2011.12.25 20:30:37 | 000,000,000 | -HSD | C] -- C:\Users\***1\AppData\Local\94ad51d2 [2011.12.19 16:46:19 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2011.12.19 16:42:49 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll [2011.12.17 14:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wuala OverlayIcons [2011.12.17 14:01:37 | 000,191,504 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll [2011.12.17 14:01:36 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll [2011.12.17 14:01:36 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll [2011.12.17 14:01:36 | 000,142,352 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll [2011.12.17 14:01:35 | 000,349,072 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys [2011.12.17 14:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wuala CBFS [2011.12.17 14:01:26 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Roaming\Wuala [2011.12.17 14:01:26 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Local\Wuala [2011.12.15 10:01:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.15 10:01:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.15 10:01:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.15 10:01:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.15 10:01:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.15 10:01:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.15 10:01:24 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.15 10:01:24 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.15 10:01:24 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.15 10:01:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.15 10:01:23 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.15 03:50:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.15 03:50:08 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.15 03:50:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.11 22:25:32 | 000,000,000 | ---D | C] -- C:\Users\***1\Documents\WISO Mein Geld [2011.12.11 22:17:59 | 000,000,000 | ---D | C] -- C:\Users\***1\AppData\Roaming\Buhl Data Service [2011.12.11 22:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Mein Geld 2012 [2011.12.10 18:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoHort [2011.12.10 18:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\cohort6 [2010.05.11 23:00:12 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.09 12:57:58 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.09 12:57:58 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.09 12:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.09 12:49:15 | 3167,653,888 | -HS- | M] () -- C:\hiberfil.sys [2012.01.09 12:40:23 | 000,027,273 | ---- | M] () -- C:\Users\***1\Documents\Malwarebytes_ Online Store.pdf [2012.01.09 12:39:42 | 000,031,748 | ---- | M] () -- C:\Users\***1\Documents\AKD-73615984675.pdf [2012.01.09 11:50:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262544425-3489078898-2591417369-2450UA.job [2012.01.08 08:12:50 | 001,180,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.08 08:12:50 | 000,897,520 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.08 08:12:50 | 000,227,662 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.08 08:12:50 | 000,044,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.08 08:12:50 | 000,021,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.08 08:07:17 | 699,825,566 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.06 10:35:03 | 000,001,027 | ---- | M] () -- C:\Users\***1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.05 08:40:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262544425-3489078898-2591417369-2450Core.job [2012.01.04 12:42:57 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.04 12:42:57 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.03 18:56:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.03 09:44:16 | 001,161,844 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.02 14:49:39 | 000,000,132 | ---- | M] () -- C:\Users\***1\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.29 21:02:38 | 000,441,231 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.26 08:24:45 | 005,178,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.26 08:17:58 | 001,769,472 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.12.22 23:11:35 | 000,323,584 | ---- | M] () -- C:\Users\***1\Documents\Verteiler_Privat.accdb [2011.12.19 19:20:01 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2011.12.18 16:54:22 | 000,000,600 | ---- | M] () -- C:\Users\***1\AppData\Local\PUTTY.RND [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.09 12:40:23 | 000,027,273 | ---- | C] () -- C:\Users\***1\Documents\Malwarebytes_ Online Store.pdf [2012.01.09 12:39:42 | 000,031,748 | ---- | C] () -- C:\Users\***1\Documents\AKD-73615984675.pdf [2012.01.09 00:44:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.06 10:35:03 | 000,001,027 | ---- | C] () -- C:\Users\***1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.05 19:08:25 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.12.22 23:10:19 | 000,323,584 | ---- | C] () -- C:\Users\***1\Documents\Verteiler_Privat.accdb [2011.12.19 21:06:31 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2011.12.17 14:01:26 | 000,000,883 | ---- | C] () -- C:\Users\***1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wuala.lnk [2011.12.02 18:46:31 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2011.12.02 16:30:58 | 000,245,310 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.12.02 16:30:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.11.05 20:39:00 | 000,039,278 | ---- | C] () -- C:\Users\***1\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.10.17 13:06:04 | 000,004,096 | -H-- | C] () -- C:\Users\***1\AppData\Local\keyfile3.drm [2011.10.08 14:59:29 | 000,000,000 | ---- | C] () -- C:\Users\***1\AppData\Local\{8D708A48-5715-4EC2-9C1B-291E4DFC3B33} [2011.06.09 15:40:37 | 000,000,132 | ---- | C] () -- C:\Users\***1\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.05.17 10:55:37 | 000,023,040 | ---- | C] () -- C:\Users\***1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.06 19:35:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll [2011.03.18 09:27:35 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.03.18 09:27:33 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5350DN.INI [2011.03.18 09:27:05 | 000,000,062 | ---- | C] () -- C:\Windows\SysWow64\bd5350dn.dat [2011.03.18 09:26:32 | 000,000,235 | ---- | C] () -- C:\Windows\Brownie.ini [2011.03.18 09:26:11 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.03.03 13:08:04 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.18 13:48:29 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.01.18 13:47:56 | 000,881,548 | ---- | C] () -- C:\Windows\RON 2010 GERMAN Uninstaller.exe [2011.01.06 12:13:22 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2010.12.27 12:12:17 | 000,004,911 | ---- | C] () -- C:\Users\***1\AppData\Roaming\FjMenu1.XML [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.10.21 13:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2010.10.13 10:49:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.10.13 10:41:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll [2010.09.03 13:43:47 | 000,000,049 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2010.08.04 09:44:52 | 000,439,296 | ---- | C] () -- C:\Windows\sqlite3.exe [2010.08.04 09:44:52 | 000,432,128 | ---- | C] () -- C:\Windows\sqlite3.dll [2010.07.29 00:55:48 | 000,000,600 | ---- | C] () -- C:\Users\***1\AppData\Local\PUTTY.RND [2010.07.21 21:54:25 | 000,000,096 | ---- | C] () -- C:\Users\***1\AppData\Local\fusioncache.dat [2010.06.07 14:11:26 | 000,007,639 | ---- | C] () -- C:\Users\***1\AppData\Local\resmon.resmoncfg [2010.05.27 23:26:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.23 13:36:08 | 000,000,088 | RHS- | C] () -- C:\ProgramData\258E37D937.sys [2010.05.23 13:36:05 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.05.12 07:48:47 | 000,017,459 | ---- | C] () -- C:\Windows\LxFrame.ini [2010.05.12 07:29:47 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2010.05.12 06:56:18 | 000,055,960 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.05.11 23:00:12 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2010.05.11 23:00:11 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.05.11 21:37:24 | 001,161,844 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.08.27 07:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.27 07:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.27 07:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.27 07:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.21 20:37:50 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\QL58NF.DLL [2005.11.09 11:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC7.dll [2005.11.09 11:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC7.dll [2005.11.09 11:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC7.dll [2005.01.17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2004.05.06 13:07:32 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\dnt26VC7.dll [2004.05.06 13:05:04 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvmc26VC7.dll [2004.05.06 13:04:42 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dntvm26VC7.dll [2003.09.05 11:25:54 | 000,237,623 | ---- | C] () -- C:\Windows\SysWow64\dnt26.dll [2003.09.05 11:25:52 | 000,073,785 | ---- | C] () -- C:\Windows\SysWow64\dntvm26.dll [2003.09.05 11:03:30 | 000,077,882 | ---- | C] () -- C:\Windows\SysWow64\dntvmc26.dll [2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\SysWow64\W32btstp.dll [2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\W32btxlt.dll [1999.02.23 15:40:28 | 000,303,176 | ---- | C] () -- C:\Windows\SysWow64\TTFI6DE.dll ========== LOP Check ========== [2010.08.30 15:28:28 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\3Dconnexion [2010.06.21 13:03:10 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\AGFEO [2010.05.11 21:36:55 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\DAEMON Tools Lite [2011.07.15 17:10:09 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\Dr._Lauer_&_Karrenbauer_G [2012.01.02 15:05:54 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\GHISLER [2011.01.16 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\HTC [2010.05.16 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\inkscape [2010.05.12 08:05:56 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\Lexware [2010.05.11 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\Notepad++ [2011.12.29 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\Rainmeter [2010.05.17 18:32:40 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\Stardock [2010.05.20 19:02:34 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\uTorrent [2010.05.23 13:49:26 | 000,000,000 | ---D | M] -- C:\Users\***2\AppData\Roaming\WikidPad [2010.05.16 17:42:12 | 000,000,000 | ---D | M] -- C:\Users\***4\AppData\Roaming\Lexware [2011.03.28 14:23:37 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\.minecraft [2010.08.03 19:52:54 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\3Dconnexion [2010.07.15 06:29:16 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\3D_Art_und_Design [2010.08.08 17:52:27 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Acronis [2010.05.12 08:17:45 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\AGFEO [2011.08.25 10:43:19 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Autodesk [2010.10.24 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\AVM [2010.10.08 09:03:38 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\BaKoMa TeX [2010.08.04 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Blender Foundation [2011.12.11 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Buhl Data Service [2011.12.12 00:08:44 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Buhl Data Service GmbH [2010.11.21 13:35:55 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\DAEMON Tools Lite [2011.03.11 10:21:08 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Dr. Lauer & Karrenbauer GmbH [2011.03.09 22:00:54 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Dr._Lauer_&_Karrenbauer_G [2012.01.09 12:54:07 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Dropbox [2011.01.06 17:59:37 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\EPSON [2010.10.13 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Flock [2011.03.03 09:34:35 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\GetRightToGo [2010.06.02 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\GHISLER [2011.08.18 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\HTC [2011.06.14 10:12:04 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.06.02 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\inkscape [2011.11.11 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Kalypso Media [2011.04.26 07:35:14 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Leadertech [2010.10.13 10:51:19 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\leawo [2011.03.07 07:10:38 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Lexware [2011.11.21 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Lionhead Studios [2011.03.01 00:18:21 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\LolClient [2010.07.15 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\MAXON [2010.10.21 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Meebo [2010.10.13 10:51:20 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Moyea [2010.12.17 11:53:09 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\MyPhoneExplorer [2010.06.03 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\MySQL [2010.05.31 14:00:43 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Notepad++ [2010.06.02 08:06:57 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\OkiData [2011.03.26 14:01:20 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\OpenOffice.org [2011.01.03 10:11:39 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\OPHI [2011.08.18 09:35:21 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Outlook [2011.01.31 10:25:57 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\PTGui [2011.08.30 11:22:30 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Rainmeter [2010.10.28 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\RFFlow [2011.07.16 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\SmartCase [2011.01.06 12:13:49 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\SoftMaker [2011.12.31 11:13:45 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.06.14 16:49:58 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\STV Software [2010.07.29 00:26:00 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\syntevo [2010.10.03 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\T-Mobile [2010.10.03 22:47:39 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\T-Mobile Internet Manager [2011.10.25 21:48:27 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\TeamViewer [2011.06.14 14:00:16 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Thunderbird [2011.03.05 18:26:53 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\TS3Client [2010.07.21 21:57:30 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Turbine [2011.11.21 10:22:45 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Unity [2011.03.06 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\uTorrent [2011.01.18 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\ValuSoft [2010.06.10 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\webex [2011.12.26 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\***1\AppData\Roaming\Wuala [2010.09.22 07:59:05 | 000,000,000 | ---D | M] -- C:\Users\***3\AppData\Roaming\3Dconnexion [2011.03.09 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\***3\AppData\Roaming\AGFEO [2011.03.09 22:35:16 | 000,000,000 | ---D | M] -- C:\Users\***3\AppData\Roaming\Dr._Lauer_&_Karrenbauer_G [2011.03.09 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\***3\AppData\Roaming\HTC [2010.09.22 07:59:54 | 000,000,000 | ---D | M] -- C:\Users\***3\AppData\Roaming\Lexware [2011.10.15 20:49:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Boernert :: IBR42 [limitiert] Schutz: Aktiviert 09.01.2012 13:05:56 mbam-log-2012-01-09 (13-05-56).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 881866 Laufzeit: 4 Stunde(n), 41 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\boernert\AppData\Local\94ad51d2\X -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\***1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\33159a6-4efb22e4 (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\42cfd830-72a50a54 (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\193226f3-37293504 (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\tmp\U\000000c0.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\tmp\U\800000cb.@ (Backdoor.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ich Danke euch schon mal im Voraus ^^ |
|
09.01.2012, 18:02
| #2 |
| | 95.com und Backdoor.Agent OTL-Extra
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.01.2012 13:12:43 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***1\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 44,13% Memory free
7,87 Gb Paging File | 5,51 Gb Available in Paging File | 70,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296,08 Gb Total Space | 29,76 Gb Free Space | 10,05% Space Free | Partition Type: NTFS
Computer Name: IBR42 | User Name: ***1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- Reg Error: Value error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found
[HKEY_USERS\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files (x86)\Git\bin\wish.exe" "C:\Program Files (x86)\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files (x86)\Git\bin\wish.exe" "C:\Program Files (x86)\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{16F0AD47-07B5-4F14-83DE-7F2E3107F029}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2001197F-7545-41F7-9078-E8D23B3BBEAF}" = 3Dconnexion Plug-In for Photoshop CS3 - CS5
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D093918-3EA6-43FE-ADD5-32DE22EE9B5E}" = SmartCase Logon+
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}" = Autodesk DirectConnect 2010 R1 (64-bit)
"{47374ACF-9023-40e7-9830-ECED0DCBC3DC}" = Autodesk Maya 2011 English Documentation 64-bit
"{4B1CF482-AD0E-48F3-8032-BCF5F071C123}" = O2Micro Flash Memory Card Windows Driver
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4B714EBA-F7DF-4467-B38F-5D3DFBD29674}" = 3Dconnexion Add-In for Solid Edge V18 - ST3
"{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"{52099562-C109-0407-BFF1-1C19149A8749}" = Autodesk 3ds Max Design 2012 64-bit - German
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{56119275-AA50-426D-975B-8FA0049DC648}" = 3Dconnexion Add-In for SolidWorks 2005 - 2011 (x64)
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}" = FRITZ!Fernzugang
"{65E1D8B2-9DB9-402A-99E5-FCCC960B7989}" = 3Dconnexion Add-In for Inventor 11 - 2012
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6B99AF03-2668-4572-BD3D-8C7A5D103065}" = AuthenTec Fingerprint Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}" = Autodesk Maya 2011 64-bit
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FE53C9A-9952-4B99-AB10-2EEBDBF5102F}" = 3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D463D0-2B13-4181-9512-B27004B1151A}" = Autodesk Revit Architecture 2011 x64
"{9DD58519-340D-467E-9988-1E55472A3FC1}" = ScBios64
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}" = Shock Sensor Utility
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1BD6E2C-9CF1-4710-A0A9-16C8BFE19058}" = 3Dconnexion LCD Applets for SpacePilot PRO (x64)
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC00C393-AEC9-4D4F-822F-373617A0F234}" = 3Dconnexion Plug-In for NX v3.0 - v8.0
"{CDB93CCB-95AE-4464-B4CF-D07CE8997EA9}" = 3Dconnexion Plug-In for 3ds Max v9 - 2012
"{D28EFBA5-1664-4B79-946A-000BE950E8E2}" = Schnell-Deinstallations-Tool für Autodesk Product Design Suite 2012
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DCF772BF-D826-4561-9290-6B43271429BF}" = 3DxWinCore (x64)
"{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}" = Autodesk MatchMover 2011 64-bit
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E28D2D28-4A78-4A5D-B626-E63030DDFF3D}" = cmTSS64
"{E4751034-CCD4-4881-8174-B692B095629C}" = 3Dconnexion Plug-In for Maya v8.5 - 2012
"{E551BB39-D6F9-4BF8-9F68-E3ADE936D3C0}" = 3Dconnexion Add-On for XSI v5.0 - 2011
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{ED6D1938-2629-4298-9B31-8A75F7CEC8A0}" = Fujitsu Button Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F469B548-030B-41CD-BD46-D37A7EC9A530}" = Logitech LCD Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0365BFF3019A5A8F602931AC51B181DF57EC0773" = Windows-Treiberpaket - iC Compas GmbH & Co KG fcrimg4 LegacyDriver (06/15/2009 2.4.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk 3ds Max Design 2012 64-bit - German" = Autodesk 3ds Max Design 2012 64-bit - German
"Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit
"Autodesk Inventor 2011" = Autodesk Inventor 2011 Deutsch
"Autodesk Revit Architecture 2011 SP2" = Autodesk Revit Architecture 2011 x64 Update 2
"Autodesk Revit Architecture 2011 x64" = Autodesk Revit Architecture 2011 x64
"DWG TrueView 2011" = DWG TrueView 2011
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Shop for HP Supplies" = Shop for HP Supplies
"Sn1" = Logitech Scroll App 3.0
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (WIHE)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AF342A7-A435-4980-940A-9DA4AD48E399}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel Application for Supervisor
"{1910EF67-D4B8-4561-9252-4F2EFF2E17AE}" = 3Dconnexion Plug-in for Acrobat 3D
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20A919F9-7F71-49EE-845E-5B23861EBD96}" = Lexware financial office premium 2011
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional
"{2490C89D-902F-44A8-87F1-B8186A7A59C0}" = ZAM-QuickFind-MSOutlook2007
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2E3EBFFD-951C-48D1-8BB3-DA4E26080222}" = HP Systemwartung für HP Designjet 111 series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel Application
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48413BF3-5934-4ED3-8F1B-49D250BBF5AC}" = Prison Tycoon 4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C76CEF-4D69-40ED-83AE-42F9001B4C6A}" = ClientVoraussetzungen64
"{5DA312DD-E32C-4FD4-AFCC-A0A798397EE2}" = ZAM-ExportAssistent-MSExcel2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60D78A18-CDE1-4B99-8306-D08BA685CDD8}" = RPG Maker 2003 Deutsch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A7A8BA6-2D9E-4CF9-AF61-CFB6225BCB8B}" = Lexware Admintools Premium
"{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{7650F538-6274-44EA-8F50-843479073333}" = EPSON USB Display
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77AC436C-D5D1-4CAA-AF22-7B11D25DE9E7}" = WINTERHELLER Professional Planner Free Version (DE)
"{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK
"{7BDAF291-3153-41C0-A8F6-51C105BA553E}" = Brother HL-5350DN
"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3
"{7EB211F2-7D8B-4A01-887B-276A227431CA}" = HP Webregistrierung
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{852252AE-F555-4BA1-B451-4E4C230D18F2}" = 3Dconnexion Extension for SketchUp
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5FDB1A-7B6C-491E-98DD-123CD7825D90}" = ZAM-KontakteExport-MSOutlook2007
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8E125268-38C1-417E-A2F5-F8F8916D3A23}" = Google AdWords Editor
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF23011-599F-4854-8D15-6111A9550385}" = Datenaktualisierung
"{9DE25321-90A9-4D3C-B492-08FD5B52F15F}" = Google AdWords Editor
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A5831698-3BD7-4F13-B345-AA3F6E404FFE}" = C3530 Twain Driver for 64 bit Operating System
"{A76B3415-A348-4BE9-B22B-96B801D82907}" = ZAM-Master
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxWare 10 Beta 9 (64-bit)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE3C99DD-9CF3-4271-8B81-0A5692C9AC0C}" = ZAM-Manager
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2F6E826-D180-4770-B24B-0FAC25DB2D96}" = C3500 Series MFP
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics-Add-In (32 Bit)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EC283568-F242-4207-917E-83AA705324AE}" = ZAM-VerteilerAssistent-MSWord2007
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5A954ED-07FE-4DFB-8763-F4AD47D79218}_is1" = Presenter version 1.27
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"AirlineTycoon2_is1" = Airline Tycoon 2 v1.01
"Android SDK Tools" = Android SDK Tools
"ArgoUML" = ArgoUML 0.30.1
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blend_3.0.1938.0" = Microsoft Expression Blend 3
"Blender" = Blender (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CoPlot_is1" = CoPlot 6.400
"DBox II - Bootmanager" = DBox II - Bootmanager
"Design_6.0.1739.0" = Microsoft Expression Design 3
"DeskUpdate_is1" = DeskUpdate 4.11
"Digital Clock GT-7_is1" = Digital Clock GT-7 1.0
"DivX Setup.divx.com" = DivX-Setup
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3
"Git_is1" = Git 1.7.0.2-preview20100309
"HP Designjet 111 Printer Series" = HP Designjet 111 Printer Series
"Impulse" = Impulse
"Inkscape" = Inkscape 0.47
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel for Supervisor
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel
"InstallShield_{4B1CF482-AD0E-48F3-8032-BCF5F071C123}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{D2F6E826-D180-4770-B24B-0FAC25DB2D96}" = C3500 Series MFP
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Iomega StorCenter" = Iomega StorCenter
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiKTeX 2.8" = MiKTeX 2.8
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Offerte_L" = Offerte_L
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Pen Tablet Driver" = Stifttablett
"PhotoFit_feel" = PhotoFit
"Picasa 3" = Picasa 3
"POM-QM for Windows (Version 3)" = POM-QM for Windows (Version 3)
"PTGui" = PTGui Pro Trial 9.0.1
"Rainmeter" = Rainmeter
"Recover Data for OST to PST_is1" = Recover Data for OST to PST
"RON 2010 GERMAN" = Politik Simulator 2 - Rulers of Nations
"SensorsView Pro 4.1" = SensorsView Pro 4.1
"SFF View" = SFF View
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"SmartGit 1.5_is1" = SmartGit 1.5.4
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Excel Protection Remover
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TextMaker Viewer" = TextMaker Viewer
"tksuite_tksuite_server" = AGFEO TK-Suite Server (Client Update)
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
"XMind" = XMind
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4262544425-3489078898-2591417369-2450\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"CGoban 3" = CGoban 3
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Meebo Notifier" = Meebo Notifier
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
"Wuala" = Wuala
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
09.01.2012, 19:11
| #3 |
| | 95.com und Backdoor.AgentCode:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: FUJITSU
BIOS Manufacturer: FUJITSU // Phoenix Technologies Ltd.
System Manufacturer: FUJITSU SIEMENS
System Product Name: LifeBook T4310
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 241):
0x03813000 \SystemRoot\system32\ntoskrnl.exe
0x03DFC000 \SystemRoot\system32\hal.dll
0x00BB1000 \SystemRoot\system32\kdcom.dll
0x00C70000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBF000 \SystemRoot\system32\PSHED.dll
0x00CD3000 \SystemRoot\system32\CLFS.SYS
0x00D31000 \SystemRoot\system32\CI.dll
0x00E61000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F05000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0107B000 \SystemRoot\System32\Drivers\sptd.sys
0x011DA000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F14000 \SystemRoot\system32\drivers\ACPI.sys
0x0102F000 \SystemRoot\system32\drivers\msisadrv.sys
0x01039000 \SystemRoot\system32\drivers\vdrvroot.sys
0x01046000 \SystemRoot\system32\drivers\pci.sys
0x011E3000 \SystemRoot\System32\drivers\partmgr.sys
0x00F6B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F74000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F80000 \SystemRoot\system32\drivers\volmgr.sys
0x00F95000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x00E39000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\vmbus.sys
0x00C3C000 \SystemRoot\system32\drivers\winhv.sys
0x012B0000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x013CC000 \SystemRoot\system32\drivers\atapi.sys
0x013D5000 \SystemRoot\system32\drivers\ataport.SYS
0x01200000 \SystemRoot\system32\drivers\msahci.sys
0x0120B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x0121B000 \SystemRoot\system32\drivers\amdxata.sys
0x01226000 \SystemRoot\system32\drivers\fltmgr.sys
0x01272000 \SystemRoot\system32\drivers\fileinfo.sys
0x01286000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01423000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01640000 \SystemRoot\System32\Drivers\msrpc.sys
0x0169E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016B9000 \SystemRoot\System32\Drivers\cng.sys
0x0172B000 \SystemRoot\System32\drivers\pcw.sys
0x0173C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0186E000 \SystemRoot\system32\drivers\ndis.sys
0x01961000 \SystemRoot\system32\drivers\NETIO.SYS
0x019C1000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01ABC000 \SystemRoot\System32\drivers\tcpip.sys
0x01CC0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01D0A000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01DF3000 \SystemRoot\system32\drivers\FBIOSDRV.SYS
0x01A00000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A10000 \SystemRoot\system32\drivers\volsnap.sys
0x01E34000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x01FA0000 \SystemRoot\System32\Drivers\spldr.sys
0x01FA8000 \SystemRoot\SysWOW64\speedfan.sys
0x01FB2000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01A5C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E00000 \SystemRoot\System32\Drivers\mup.sys
0x01E12000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01E1B000 \SystemRoot\system32\DRIVERS\FJGSDisk.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01E1E000 \SystemRoot\system32\DRIVERS\disk.sys
0x0183A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04193000 \SystemRoot\system32\DRIVERS\fcrimg4.sys
0x041A2000 \SystemRoot\system32\drivers\cdrom.sys
0x041CC000 \SystemRoot\System32\Drivers\Null.SYS
0x041D5000 \SystemRoot\System32\Drivers\Beep.SYS
0x041DC000 \SystemRoot\System32\drivers\vga.sys
0x04000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04025000 \SystemRoot\System32\drivers\watchdog.sys
0x04035000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0403E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04047000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04050000 \SystemRoot\System32\Drivers\Msfs.SYS
0x041EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01746000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01AA4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01768000 \SystemRoot\system32\drivers\afd.sys
0x0446C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x044B1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x044BA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x044E0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x044F6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x0450A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04519000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04534000 \SystemRoot\system32\drivers\vpcvmm.sys
0x0458B000 \SystemRoot\system32\drivers\termdd.sys
0x0459F000 \??\C:\Program Files (x86)\SensorsViewPro41\drv\sensorsview32_64.sys
0x045A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04400000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0440C000 \SystemRoot\system32\drivers\mssmbios.sys
0x04417000 \SystemRoot\System32\drivers\discache.sys
0x04602000 \SystemRoot\system32\drivers\csc.sys
0x04685000 \SystemRoot\System32\Drivers\dfsc.sys
0x046A3000 \??\C:\Windows\system32\drivers\cbfs3.sys
0x046FC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0470D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x0472F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04755000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04E98000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x048F2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04853000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x048A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x048BA000 \SystemRoot\system32\drivers\HDAudBus.sys
0x055A0000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0568A000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05600000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0560D000 \SystemRoot\system32\drivers\1394ohci.sys
0x0564B000 \SystemRoot\system32\DRIVERS\FjBtnDrv.sys
0x05651000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0566A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05673000 \SystemRoot\system32\DRIVERS\FUJ02B1.sys
0x04E00000 \SystemRoot\system32\drivers\i8042prt.sys
0x05675000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04E1E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x048DE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04E63000 \SystemRoot\system32\DRIVERS\serial.sys
0x049E6000 \SystemRoot\system32\DRIVERS\wisdpen.sys
0x0476B000 \SystemRoot\System32\Drivers\axww1wfu.SYS
0x047AE000 \SystemRoot\System32\Drivers\akrp7svo.SYS
0x05684000 \SystemRoot\system32\DRIVERS\FUJ02E3.sys
0x057F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05851000 \SystemRoot\system32\DRIVERS\avmnwim.sys
0x058BB000 \SystemRoot\system32\drivers\CompositeBus.sys
0x058CB000 \SystemRoot\system32\DRIVERS\dne64x.sys
0x058F7000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x058FA000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x058FC000 \SystemRoot\system32\DRIVERS\3dxkmj.sys
0x05908000 \SystemRoot\system32\DRIVERS\3dxshim.sys
0x05910000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05926000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0594A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05956000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05985000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x059A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x059C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x059DB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x059E6000 \SystemRoot\system32\drivers\swenum.sys
0x05800000 \SystemRoot\system32\drivers\ks.sys
0x05843000 \SystemRoot\system32\DRIVERS\FscGabi.sys
0x059E8000 \SystemRoot\system32\drivers\umbus.sys
0x04426000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x049F0000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x059FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01600000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x05EA7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05F01000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05F0F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05F1C000 \SystemRoot\system32\DRIVERS\MTConfig.sys
0x05F26000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x05F2E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06C18000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05F43000 \SystemRoot\system32\drivers\portcls.sys
0x05F80000 \SystemRoot\system32\drivers\drmk.sys
0x06DF9000 \SystemRoot\system32\drivers\ksthunk.sys
0x05FA2000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x06C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x05FC9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0405B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05FD7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x05E00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05E1D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00930000 \SystemRoot\System32\ATMFD.DLL
0x05E2B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05E41000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x02880000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x02939000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x02951000 \SystemRoot\System32\Drivers\bthport.sys
0x029DD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02C50000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x02FAF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x02FC0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x02FC9000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x02C00000 \SystemRoot\system32\drivers\BthEnum.sys
0x02C10000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x02800000 \SystemRoot\system32\drivers\luafv.sys
0x02823000 \SystemRoot\system32\drivers\WudfPf.sys
0x02C30000 \SystemRoot\system32\DRIVERS\acpials.sys
0x02844000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x02C3A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x072B5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07308000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0731B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07333000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x074E3000 \SystemRoot\system32\drivers\HTTP.sys
0x075AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x075DD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0742D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0747B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0733D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07200000 \SystemRoot\System32\DRIVERS\srv.sys
0x073A6000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x07CBD000 \SystemRoot\system32\drivers\peauth.sys
0x07D63000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07D6E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07D80000 \??\C:\Windows\system32\drivers\mbam.sys
0x07C00000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x774D0000 \Windows\System32\ntdll.dll
0x47770000 \Windows\System32\smss.exe
0xFF7F0000 \Windows\System32\apisetschema.dll
0xFFD40000 \Windows\System32\autochk.exe
0xFF600000 \Windows\System32\setupapi.dll
0xFF5A0000 \Windows\System32\Wldap32.dll
0xFF500000 \Windows\System32\clbcatq.dll
0xFF420000 \Windows\System32\advapi32.dll
0x773B0000 \Windows\System32\kernel32.dll
0x776A0000 \Windows\System32\psapi.dll
0xFF350000 \Windows\System32\usp10.dll
0xFF240000 \Windows\System32\msctf.dll
0xFF1A0000 \Windows\System32\comdlg32.dll
0xFF170000 \Windows\System32\imm32.dll
0xFEF60000 \Windows\System32\ole32.dll
0x77690000 \Windows\System32\normaliz.dll
0xFEEF0000 \Windows\System32\gdi32.dll
0x772B0000 \Windows\System32\user32.dll
0xFEE70000 \Windows\System32\difxapi.dll
0xFEE50000 \Windows\System32\sechost.dll
0x77160000 \Windows\System32\urlmon.dll
0xFEE30000 \Windows\System32\imagehlp.dll
0xFED90000 \Windows\System32\msvcrt.dll
0x77000000 \Windows\System32\wininet.dll
0xFE000000 \Windows\System32\shell32.dll
0x76DF0000 \Windows\System32\iertutil.dll
0xFDFF0000 \Windows\System32\nsi.dll
0xFDEC0000 \Windows\System32\rpcrt4.dll
0xFDE70000 \Windows\System32\ws2_32.dll
0xFDDF0000 \Windows\System32\shlwapi.dll
0xFDD10000 \Windows\System32\oleaut32.dll
0xFDD00000 \Windows\System32\lpk.dll
0xFDCC0000 \Windows\System32\cfgmgr32.dll
0xFDC50000 \Windows\System32\KernelBase.dll
0xFDBB0000 \Windows\System32\comctl32.dll
0xFDB90000 \Windows\System32\devobj.dll
0xFDA20000 \Windows\System32\crypt32.dll
0xFD9E0000 \Windows\System32\wintrust.dll
0xFD9D0000 \Windows\System32\msasn1.dll
0x75F70000 \Windows\SysWOW64\normaliz.dll
Processes (total 87):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
640 csrss.exe
696 C:\Windows\System32\wininit.exe
732 csrss.exe
772 C:\Windows\System32\services.exe
796 C:\Windows\System32\lsass.exe
804 C:\Windows\System32\lsm.exe
916 C:\Windows\System32\svchost.exe
968 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
112 C:\Windows\System32\winlogon.exe
460 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
504 C:\Windows\System32\conhost.exe
760 C:\Program Files\Fingerprint Sensor\ATService.exe
1060 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1528 WUDFHost.exe
1652 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\spoolsv.exe
1860 C:\Windows\System32\svchost.exe
1960 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1992 C:\Windows\System32\svchost.exe
2020 C:\Windows\System32\CISVC.EXE
1480 C:\Windows\System32\svchost.exe
1900 C:\Windows\System32\svchost.exe
1228 C:\Program Files\SmartCase Logon+\System\logonuser.exe
2084 C:\Windows\System32\svchost.exe
2172 C:\Program Files (x86)\SensorsViewPro41\svservice.exe
2236 C:\Windows\System32\TCPSVCS.EXE
2256 C:\Program Files\SmartCase Logon+\Password Manager\SmartCaseServer.exe
2284 C:\Program Files\SmartCase Logon+\System\SmartyLog.exe
2348 C:\Windows\System32\Pen_Tablet.exe
2396 C:\Windows\System32\svchost.exe
2444 C:\Windows\System32\wisptis.exe
2808 C:\Windows\System32\svchost.exe
1068 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3028 C:\Windows\System32\SearchIndexer.exe
520 C:\Windows\System32\taskhost.exe
2916 C:\Windows\System32\wisptis.exe
2404 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
3080 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
3160 C:\Windows\System32\WTablet\Pen_TabletUser.exe
3176 C:\Windows\System32\Pen_Tablet.exe
3440 C:\Windows\System32\dwm.exe
3480 C:\Windows\explorer.exe
3608 C:\Windows\System32\igfxtray.exe
3616 C:\Windows\System32\hkcmd.exe
3624 C:\Windows\System32\igfxpers.exe
3636 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3644 C:\Program Files\Apoint2K\Apoint.exe
3668 C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
3700 C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
3716 C:\Program Files\SmartCase Logon+\System\SclStart.exe
3752 C:\Program Files\Logitech\ScrollApp\KhalScroll.exe
3768 C:\Windows\System32\igfxsrvc.exe
3796 C:\Program Files\Fujitsu\WirelessSelector\FJWSLauncher.exe
3820 C:\Users\***1\AppData\Roaming\Dropbox\bin\Dropbox.exe
4052 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
2576 C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
1336 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2844 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4300 C:\Program Files\Apoint2K\ApMsgFwd.exe
4452 C:\Program Files\Apoint2K\Hidfind.exe
4608 C:\Program Files\Apoint2K\ApntEx.exe
4980 C:\Windows\System32\conhost.exe
5076 C:\Windows\System32\mobsync.exe
4576 C:\Windows\System32\svchost.exe
5100 C:\Program Files\Fujitsu\Utils\FjDspMon.exe
3400 C:\Program Files\Fujitsu\Utils\FjEvents.exe
3020 C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
4344 C:\Windows\System32\igfxext.exe
4108 C:\Program Files (x86)\Skype\Phone\Skype.exe
1824 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
5168 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3888 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4552 C:\Windows\System32\audiodg.exe
5036 C:\Windows\System32\SearchProtocolHost.exe
5888 C:\Windows\System32\SearchFilterHost.exe
5920 C:\Windows\explorer.exe
4604 dllhost.exe
4560 dllhost.exe
5204 C:\Users\***1\Downloads\MBRCheck.exe
3012 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`808cd800 (NTFS)
PhysicalDrive0 Model Number: FUJITSUMJA2320BHG2, Rev: 00000018
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 827A2BC8C9449A2D8597F2BB23A09E978057B4D3
Done!
|
|
09.01.2012, 21:08
| #4 |
| | 95.com und Backdoor.Agent Feini, nach stunden des Kampfes ist es wieder Sauber  |
|
| Themen zu 95.com und Backdoor.Agent |
| .com, 800000cb.@, adobe, antivir, avira, backdoor, backdoor.0access, bho, browser, dateisystem, desktop, explorer, firefox, format, google earth, heuristiks/extra, heuristiks/shuriken, hängen, langs, logfile, mozilla, neu, object, plug-in, programme, realtek, registry, reverse, safer networking, scan, senden, software, studio, trojan.ransom.gen, usb, visual studio, webcheck, windows, wiso |
Linear-Darstellung
