| |
| |||||||
Log-Analyse und Auswertung: Windows Verschlüsselungs TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2012, 07:34
| #1 |
| |  Windows Verschlüsselungs Trojaner Hallo, ich habe mir auch den Verschlüsselung Trojaner eingefangen. Wie ich jetzt hier in Forum gelesen habe, habe ich wohl zu viel selbst gebastellt. Habe mit Malwarebytes Anti Malware infizierte Objekte gelöscht. Ich kann mein Laptop ganz normal benutzen, meine Dataien sind jedoch alle Locked. Der Decrypt Helper schlägt nicht an. Bräuchte eure Hilfe. Die email mit dem Trojaner habe ich noch. Vielen Dank |
|
28.04.2012, 10:20
| #2 | |||
| /// Helfer-Team    | Windows Verschlüsselungs Trojaner Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
(alle vorhandenen Protokolle!)
Zitat:
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
kira
__________________ |
|
29.04.2012, 08:21
| #3 |
| | Windows Verschlüsselungs Trojaner Hallo,
__________________Zu 1. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Neuer Benutzer :: PC [Administrator] Schutz: Aktiviert 27.04.2012 08:44:17 mbam-log-2012-04-27 (08-44-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205525 Laufzeit: 6 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\TheBflix (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\data (PUP.BFlix) -> Keine Aktion durchgeführt. Infizierte Dateien: 12 C:\Users\Neuer Benutzer\AppData\Local\Temp\Temporary Internet Files\Content.IE5\R4Y3AI2Z\SoftonicDownloader_fuer_avira-antivir.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Neuer Benutzer\Downloads\SoftonicDownloader_fuer_librecad.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\ckempjombhlenljponlfmngepahogobe.crx (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Keine Aktion durchgeführt. C:\Users\Neuer Benutzer\AppData\Local\Temp\eclxgvcmzl.pre (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Neuer Benutzer\AppData\Local\Temp\pyywmeltfy.pre (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Neuer Benutzer\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Neuer Benutzer\AppData\Roaming\svchost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Neuer Benutzer :: PC [Administrator] Schutz: Aktiviert 27.04.2012 08:51:45 mbam-log-2012-04-27 (08-51-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205616 Laufzeit: 1 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{425F4A7C-739A-491F-9213-FF0E0643DC30} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\TheBflix (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\TheBflix\data (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\TheBflix\ckempjombhlenljponlfmngepahogobe.crx (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) locked-datainame.jpg.ctir jedoch jede Datai eine andere endung ( ctir, grln usw. ) Zu 2. otl.txt als anhang extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2012 07:56:14 - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Neuer Benutzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,98% Memory free
7,98 Gb Paging File | 5,88 Gb Available in Paging File | 73,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 312,22 Gb Free Space | 69,36% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Neuer Benutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D4DB1F-23A5-4B6D-BCFE-664F4015989B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23FD60E0-AE90-4A66-854B-0619F6F3C7EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{28BEC81D-284F-4555-ADCB-D588E8C9DD33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FBE6CBA-1240-40A5-AB40-4676F21D529C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39823CB4-7B5E-4241-AD30-39294F1D3D6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4022A5E9-B462-49D1-8032-98500417FEFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48C92E00-17A8-4021-AA3E-9AE7F5BEA7E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54995712-628B-4063-9B93-594EB6A97C58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AC28369-A2EC-481A-A41E-93F30E09BC3F}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B7884DE-0775-4D0B-BA5E-04FFDCD891B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E164BED-3371-4741-BFDC-05DFC26A61B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E96BC97-349E-44FB-AD54-DF5434E728C1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6140DDB2-B4CB-4779-B51F-EBF8E8DD1254}" = rport=445 | protocol=6 | dir=out | app=system |
"{668F7A6D-C03D-473D-8D68-B773766E62E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6BEB7C08-68D9-4AE8-88A8-62A3899D03C9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7174D2ED-DB0B-4839-8A6E-61311EABE599}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93DB591C-320A-4DC9-A456-4F228D27EAEA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9410C6B8-EDF4-4C3C-835D-AFD7997C5A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97AECAF6-0567-4F3C-9A3A-1D52B4A26FA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{B45B3C13-F740-49BE-B95C-9C3DB80642C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD71FC27-41D5-4FB1-95D1-E9C147126042}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2B10B42-8283-442F-9B55-0F967A35A846}" = rport=138 | protocol=17 | dir=out | app=system |
"{C76AD04E-08E8-4BAE-B785-1989438E02FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA131729-2F11-4DF9-BE49-D8328C52AFE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8C82A71-D49B-4EB5-8902-0632B35995C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDDF302A-79D5-4821-BC0F-4F423D59DAF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{F06E0B45-EB13-4742-AC5D-A13B11B25999}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128CF89-BCDD-48C1-97D5-F11EF266EFA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BFABBFC-61F0-4384-BF20-27CB3B36FF98}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{106FCFF3-1DF7-4DB2-8518-DD9BB8AFB2E9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{13C102BD-5D0A-4268-8928-46C7E14DBD7F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{152ED390-86F9-4AF5-855C-DA66F353FBD3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1662D4FF-A64F-419B-90B9-8F79FDDC478F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16AFD146-58ED-4138-B1E4-FA776ED2B28B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{184158D5-13B7-46EB-AFE3-C27F0AA39175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18961D6C-7A9A-4317-9584-E087EC6FAB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{18A353BA-EA51-443B-A53A-AEB41132819D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1E803E72-104A-47A7-A412-AA81A1487CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20A49DF5-FDA2-49E3-813C-FDA27BF1BC52}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{23E5A6B5-28DB-49A4-A083-C60627C69178}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{267D80B1-AD82-4494-A2CD-C1D1A9658D11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29410AF6-38E2-483C-8C61-ADC92D78B0B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2A4B0BDF-6A75-48E0-8221-2EAE40595D50}" = protocol=6 | dir=out | app=system |
"{33FC54ED-8577-4B88-8169-75B6F77B3878}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{348C9DF2-2E28-454F-B898-950D54CDBCB2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{351DE871-34D7-4170-8B55-E7D8529C803F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{359CD121-0DEC-4DD3-9873-46D396D08163}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{362B2231-7189-4DA2-B036-2B6B41FD1759}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{3AD1B28F-37D2-4CE3-8B8A-64D112247188}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3B9F0635-DE4C-4609-BE55-A43C27EA4B61}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{3BE346CE-18AA-4BBD-9C71-DE7211A94037}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3BF5D0A6-F4B3-44DC-972F-F15D5CA254A7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{3DC39B84-2044-4201-94B4-D724F55E0CD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{41686702-4C4D-4C45-A4DC-6CDE049CE3FF}" = dir=in | app=d:\setup\hpznui40.exe |
"{4349A1B5-2029-465B-B3B4-B5C7680E4C1D}" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{43F03D4E-6F7A-4AD2-8197-B2442F238C03}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47DED6F0-7C64-41F1-838A-67FED88108D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{480B1598-5C65-429A-8EC8-70631147AF5A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4B5D37D8-B8BD-49A8-AFEF-F7701764F532}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4E61D2EE-D750-4AA9-BBBF-1B516A32BB65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{4E6AE036-DB1E-4B65-866D-4055D2204D22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{4F3E7321-65EB-40E5-92EC-0BDD5D01B744}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\imbooster\imbooster.exe |
"{505192A5-F8A1-4020-8180-C2614541884B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{5265C6F2-1BEC-4547-BB88-4AA019D905CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58454E9A-17ED-4AEA-B900-3332E2F86E7C}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe |
"{586B3D02-D2A4-417E-A18B-764D3DB1ACE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AC935B4-F096-46A6-9E19-627EEA3FAE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B14190B-92B3-4CCC-97BC-5B0AC17952B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{5B18171E-2823-4767-A0B4-3D37E9F72F03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{60C42214-13CC-46AE-A1D7-D20434E274D9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{62AD2752-9FAC-4875-B64F-A2BCCABEE84A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{6722778D-64F6-45D9-A9BE-08BC989B301C}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{678A1533-6792-4CF2-870A-1EE6D5B367BA}" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{684D5ED3-F4EE-43D7-8208-D76449E865E8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{686930D7-CD80-4C7C-9B08-886E2BA79238}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{6CB58F29-B10C-4317-B6A6-E34C4C34F607}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6D312D91-49A6-462B-B33C-781DB6BB3F33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{6E68628F-88D1-4DCB-8722-31BF0E549828}" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{71EDAD8B-6F4A-40C5-94F6-800E104C120C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75DF8FBE-77E1-4B03-9A65-3D5F83228E64}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{76F45C3C-87DD-4F21-8E26-8802A1444C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{7791FA09-037B-4184-97CB-788CF0722E73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{78457569-3603-4778-B798-8ED5882D9477}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{79FE6949-CC16-4521-9977-DD90676D7D2B}" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{7AC781CF-0755-4339-B849-1DAD21155A18}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{7CBB27B0-F38A-48C5-B985-68632BFD437C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{7E61B12F-2135-4D25-AC73-2333CF152FF6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7F332556-500A-4667-8612-6C0C6CF2E277}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7FD0DB08-BC3B-44F2-A026-E09F8036130D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{80E2A346-D698-4CCA-9803-8E1AA4538AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe |
"{81065564-482E-4158-A372-6A97AF1298A2}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\imbooster\imbooster.exe |
"{8CE57601-80C9-4E84-B058-1EF04C7BFECF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{93136109-FDC7-42B2-ACA2-0CB551015CD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{934BE8DB-7615-41D7-BDC7-465E13369591}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{97DD680D-5721-466B-BC1C-854B25E167DA}" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{997322D7-9308-4B6A-BEFF-E5D167830A58}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99B962A7-28D7-4D5D-8A41-ABD24CECD8D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9ABAC3FA-096C-41F7-B2FC-95577EFFFF77}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9B2279F8-0AD6-4A43-9FF5-76CE420FBBF7}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9BA1812A-AAB2-4756-B9CD-A75C59A16B22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9F3328B0-8568-4A35-9DDC-15024F78CF97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A223F7F3-CDFA-44E6-92E0-7DB6259BD0C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A53ACEE5-5D05-435F-8777-C9F38D89BF97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A7CDC3E0-55EE-4C5C-8540-193938617E5B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{AAF5AC9D-A0A1-4EF0-9DA9-5A3BE422C576}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{AEBCFBB5-7E6A-498C-B177-438BD4F309C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B01CB180-1D0C-45BB-B647-DD0F658189A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3304F70-8ABE-4437-9B38-8C3819246337}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{B52D2A7D-7FDF-4DC6-80FC-7209F54B8177}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B84F0A83-738E-4648-A653-6CF451E5A9AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB152A58-EF1F-46AB-B0EB-FFB943A1FD65}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{BE15908B-D99D-4323-8437-0778BAF63CB5}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{C9FC7EE5-0B32-49B4-8CA5-E47C49FE4DC7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CEE59BF6-6329-49DF-8A97-F968C358EE42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{D0872C89-DDF0-45AB-A84A-5FA0019B4858}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D2620F0B-5CCD-4613-A3D9-208BA964E704}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D344FFA6-E2C9-41D9-81E0-A23171A0B27D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D3C14C6E-2452-490E-9367-3A887EC6D967}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{DB95004E-210A-437F-945D-2B690E3DF517}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E0E7E666-9D0F-4FF2-B015-C231AC9CB971}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{E272D937-A8F8-414C-9580-325EB78D081C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{E663205F-3C97-4429-A069-3ED55A2D2F9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{EC10C37B-4CFF-4C3E-9687-36CEC399CBA5}" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{EF2FEEC9-FED6-4858-8535-D9DFF69F7DA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F324FEDD-FFDE-4CB0-AA86-246A304C7E5F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{14ABBD4B-7C7B-41C3-9AB8-694F80EBA47E}C:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"TCP Query User{2E7F433A-4947-4299-85F5-C5AEC08F30D1}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"TCP Query User{39303114-998B-45A4-B13B-BB23EF9EBFDE}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"TCP Query User{3CBE3624-9218-42BB-BF09-708149564D13}C:\program files (x86)\contronics\homeputer cl light\visuwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\visuwin.exe |
"TCP Query User{444FAAB9-1BD1-477C-B885-BAEB68DB4685}C:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe |
"TCP Query User{57A7DA32-F3FE-4EC3-8B1E-6D0C513DAC04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{5A725996-D5E1-4081-9389-F3D05A0A0DFA}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe |
"TCP Query User{6E92588B-8E61-4578-AC82-64B2C20F9D03}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{6F1FA7B1-2A5A-43F3-98E2-C22A95840A6E}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"TCP Query User{86347259-D883-400F-848F-6C36369BEC1E}C:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"TCP Query User{8FC2B47F-A52C-4D88-89E3-27D6F7C17ED2}C:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe |
"TCP Query User{94F1FF2A-058F-4BE6-B4CD-1B885738EBF6}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{AC7A6E8D-CA6F-4423-B389-B4E08E01CA2B}C:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe |
"TCP Query User{B7E51936-1CBA-4FAB-A8F3-9919092419AB}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{C73128BB-18DD-42AC-AD5D-1905C85D15A2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{D3E7FD56-3330-4045-9AD8-75C9A1521A42}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe |
"TCP Query User{D9A35F23-7C93-4B59-B0D0-505BF455D0ED}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F1A2AB2C-28E5-47E7-8774-5A0EBB9C5AED}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{114E55B9-B2FA-499B-99E9-FB6E80081F5C}C:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe |
"UDP Query User{13D32F69-60F0-4FA1-97E3-8AC9A2BC23A9}C:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"UDP Query User{1FF652FD-07E8-4F09-A972-1BB364AB7E8C}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe |
"UDP Query User{2BD22B8F-A2EF-49DD-869B-FA98D30233B7}C:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe |
"UDP Query User{3E6620E7-E527-4D54-8386-543BD5C36B0F}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{47AF6A1A-620C-4A15-8F3A-421D63E8C1D2}C:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe |
"UDP Query User{4BF72E90-147D-4444-85F5-089451BD64DC}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{5D0D9A7B-3FD6-4E34-AF0E-B39506783869}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{62EB5929-469D-4B1A-B78C-D10B147E02A7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{65967891-3ABB-4AF2-95A7-85FF1F086EB1}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe |
"UDP Query User{785BCB6D-E42E-4636-BDBE-BF722BC02C38}C:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"UDP Query User{848A202E-C282-4AB9-BFD5-81DD3BF1FBDB}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{862B4703-A748-4464-AA70-8766548B23D8}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"UDP Query User{8D6287CE-51D7-426C-B97D-F273CFA4BD9D}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"UDP Query User{98309936-4585-4103-92F2-AC60B5D6F641}C:\program files (x86)\contronics\homeputer cl light\visuwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\visuwin.exe |
"UDP Query User{C281CD1B-C57D-45E4-8DB5-81CF347F4E5C}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"UDP Query User{DA49B929-07D5-40E8-9C72-A9B3497EB50E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{DC2AD791-3D60-4360-B123-02159E2BAC1F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6140C8C0-05CB-427B-9D45-7445CE833FC1}" = WBFS Manager 2.2.2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5794F702-8B55-4C38-9EFE-EE8D7D97EF8D}" = Meine Anlauttabelle
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71310D9B-7555-44FE-914C-A1B55CB7BC5D}" = Scrapbook
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A89131FD-3D18-4DA8-84C8-622423011B51}_is1" = ALNO AG Küchenplaner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}" = Iminent
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCC662D1-01A8-4034-B67D-2AD91F723154}" = Acer Arcade Instant On
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD011F34-749C-47E0-BA48-6009412C4789}" = ArcSoft Print Creations
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BabylonToolbar" = Babylon toolbar on IE
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"BrowserCompanion" = BrowserCompanion
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Firstload" = Firstload
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"German Truck Simulator" = German Truck Simulator 1.00
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"homeputer CL FHZ Light_is1" = homeputer CL 4.0 FHZ Light
"homeputer CL Studio_is1" = homeputer CL Studio Version 4.0
"Identity Card" = Identity Card
"IMBoosterARP" = Iminent
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5794F702-8B55-4C38-9EFE-EE8D7D97EF8D}" = Meine Anlauttabelle
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia Suite" = Nokia Suite
"QCad" = QCad
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 12.0" = RealPlayer
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"VLC media player" = VLC media player 1.1.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2011 13:03:58 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:58 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:59 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:59 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:59 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:04:00 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:04:00 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:04:00 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 14:16:55 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 14:16:55 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 26.04.2012 06:21:54 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 26.04.2012 06:21:54 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.04.2012 06:47:38 | Computer Name = PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 26.04.2012 06:47:38 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.04.2012 06:48:08 | Computer Name = PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 26.04.2012 06:59:15 | Computer Name = PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 27.04.2012 01:47:06 | Computer Name = PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 27.04.2012 02:58:33 | Computer Name = PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 27.04.2012 03:03:27 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 29.04.2012 01:31:37 | Computer Name = PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
Zu 3 Code:
ATTFilter 3D-Viewer-innoplus INNOVA-engineering GmbH 29.10.2011 2,74MB 13.01.16 Acer Arcade Deluxe CyberLink Corp. 31.10.2010 97,0MB 3.1.7319 Acer Backup Manager NewTech Infosystems 31.10.2010 456MB 2.0.1.28 Acer Bio Protection Egis Technology Inc. 31.10.2010 106,3MB 6.2.54 Acer Crystal Eye Webcam Suyin Optronics Corp 31.10.2010 5.2.7.1 Acer eRecovery Management Acer Incorporated 06.09.2009 4.05.3003 Acer GameZone Console Oberon Media, Inc. 06.09.2009 5.1.0.2 Acer GridVista Acer Inc. 31.10.2010 3.01.0730 Acer PowerSmart Manager Acer Incorporated 06.09.2009 4.06.3004 Acer Registration Acer Incorporated 31.10.2010 1.02.3006 Acer ScreenSaver Acer Incorporated 31.10.2010 1.11.0715 Acer Updater Acer Incorporated 06.09.2009 1.01.3014 Acer VCM Acer Incorporated 06.09.2009 4.05.3000 Acrobat.com Adobe Systems Incorporated 06.09.2009 1,61MB 1.6.65 Adobe Acrobat 4.0 10.11.2010 Adobe AIR Adobe Systems Inc. 07.09.2009 1.5.0.7220 Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 09.11.2010 6,00MB 10.2.161.23 Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 13.04.2012 6,00MB 11.2.202.233 Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 13.04.2012 6,00MB 11.2.202.233 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 15.06.2011 165,4MB 10.1.0 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 19.11.2011 11.6.3.633 ALNO AG Küchenplaner ALNO AG 29.10.2011 0.99a Apple Application Support Apple Inc. 07.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 07.03.2012 24,5MB 5.1.1.4 Apple Software Update Apple Inc. 19.07.2011 2,38MB 2.1.3.127 ArcSoft Print Creations ArcSoft 01.06.2011 ArcSoft Print Creations - Scrapbook ArcSoft 01.06.2011 Ask Toolbar Ask.com 13.03.2012 4,26MB 1.14.1.0 Ask Toolbar Updater Ask.com 13.03.2012 1.2.0.20007 Avira Free Antivirus Avira 26.04.2012 105,9MB 12.0.0.898 AVM FRITZ!Box Dokumentation AVM Berlin 30.10.2011 AVM FRITZ!Box Druckeranschluss AVM Berlin 30.10.2011 AVM FRITZ!Box Monitor AVM Berlin 31.10.2011 AVM FRITZ!Box USB-Fernanschluss AVM Berlin 22.11.2010 2.2.1.0 Babylon toolbar on IE 22.02.2012 BitTorrent BitTorrent Inc. 22.02.2012 7.6.0 BittorrentBar_DE Toolbar BittorrentBar_DE 22.02.2012 Bonjour Apple Inc. 12.10.2011 2,04MB 3.0.0.10 Broadcom Gigabit NetLink Controller Broadcom Corporation 06.09.2009 0,45MB 12.26.01 BrowserCompanion 25.04.2012 CCleaner Piriform 28.04.2012 3.18 Conduit Engine Conduit Ltd. 29.10.2011 CyberLink PowerDVD 10 CyberLink Corp. 07.11.2010 216MB 10.0.1705 CyberLink PowerDVD 9 CyberLink Corp. 07.11.2010 204MB 9.0.1719 DVDVideoSoftTB Toolbar DVDVideoSoftTB 01.11.2011 6.3.3.3 ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 17.02.2012 133.661MB 13.0.0.8086p eSobi v2 esobi Inc. 06.09.2009 20,4MB 2.0.4.000274 Firstload Lumaris.net 31.01.2012 8,79MB Free Audio CD to MP3 Converter version 1.3.12.908 DVDVideoSoft Ltd. 01.11.2011 35,0MB Free M4a to MP3 Converter 7.0 ManiacTools.com 13.03.2012 3,95MB FRITZ!DSL64 07.11.2010 7,66MB German Truck Simulator 1.00 20.11.2010 1.00 Glary Utilities 2.44.0.1450 Glarysoft Ltd 26.04.2012 18,8MB 2.44.0.1450 Google Chrome Google Inc. 01.06.2011 18.0.1025.162 Google Earth Google 25.11.2011 92,7MB 6.1.0.5001 Google Toolbar for Internet Explorer Google Inc. 23.03.2012 7.3.2710.138 homeputer CL 4.0 FHZ Light contronics GmbH 27.04.2012 12,7MB homeputer CL Studio Version 4.0 contronics GmbH 27.04.2012 16,2MB HP Customer Participation Program 14.0 HP 22.02.2012 14.0 HP Imaging Device Functions 14.0 HP 22.02.2012 14.0 HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5 HP 22.02.2012 14.0 HP Smart Web Printing 4.60 HP 22.02.2012 4.60 HP Solution Center 14.0 HP 22.02.2012 14.0 HP Update Hewlett-Packard 22.02.2012 3,98MB 5.003.001.001 iCloud Apple Inc. 07.03.2012 33,2MB 1.1.0.40 Identity Card Acer Incorporated 31.10.2010 1.00.3001 Iminent Iminent 01.06.2011 4.10.0.0 Intel® Matrix Storage Manager Intel Corporation 31.10.2010 iPhone Explorer Marx Softwareentwicklung (Germany) 11.01.2011 4,87MB 0.9.8.0 iTunes Apple Inc. 07.03.2012 158,9MB 10.6.0.40 Java(TM) 6 Update 22 (64-bit) Oracle 14.11.2010 90,7MB 6.0.220 Java(TM) 6 Update 31 Oracle 15.02.2012 95,1MB 6.0.310 Launch Manager Acer Inc. 31.10.2010 3.0.03 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 26.04.2012 18,0MB 1.61.0.1400 Meine Anlauttabelle Cornelsen Verlag GmbH und Co. OHG 25.02.2012 4,34MB 1.00.0000 Merriam Websters Spell Jam Oberon Media 31.10.2010 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.11.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.11.2010 2,94MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 14.02.2012 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Suite Activation Assistant Microsoft Corporation 06.09.2009 8,37MB 2.9 Microsoft Security Essentials Microsoft Corporation 01.08.2011 2.1.1116.0 Microsoft Silverlight Microsoft Corporation 15.02.2012 166,3MB 4.1.10111.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 31.10.2010 1,72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 07.11.2010 0,24MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 07.11.2010 0,21MB 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.11.2010 0,20MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 12.06.2011 0,77MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.06.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 07.11.2010 0,77MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.11.2010 0,59MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.11.2010 0,57MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08.11.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.04.2012 12,3MB 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft Corp. 13.04.2012 0,92MB 3.0.5305.0 MobileMe Control Panel Apple Inc. 09.11.2011 12,9MB 3.1.8.0 Mozilla Firefox (3.6.13) Mozilla 05.03.2011 3.6.13 (de) MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.11.2010 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 07.11.2010 1,33MB 4.20.9876.0 MyWinLocker Egis Technology Inc. 06.09.2009 47,9MB 3.1.72.0 Nero 10 ClipartPack Nero AG 08.11.2010 26,6MB 10.2.10000.11.0 Nero 10 Menu TemplatePack 1 Nero AG 08.11.2010 59,8MB 10.2.10000.0.0 Nero 10 Menu TemplatePack 2 Nero AG 08.11.2010 182,9MB 10.2.10000.0.0 Nero 10 Menu TemplatePack 3 Nero AG 08.11.2010 242MB 10.2.10000.0.0 Nero 10 Movie ThemePack 1 Nero AG 08.11.2010 51,2MB 10.2.10000.11.0 Nero 10 Movie ThemePack 2 Nero AG 08.11.2010 313MB 10.2.10000.12.0 Nero 10 Movie ThemePack 3 Nero AG 08.11.2010 167,6MB 10.2.10000.0.0 Nero 10 Movie ThemePack 4 Nero AG 08.11.2010 100,8MB 10.2.10000.11.0 Nero 10 PiP EffectPack 1 Nero AG 08.11.2010 73,9MB 10.2.10000.0.0 Nero 10 Sample ImagePack Nero AG 08.11.2010 5,86MB 10.2.10000.11.0 Nero 10 Sample Videos Nero AG 08.11.2010 42,0MB 10.2.10000.11.0 Nero 10 Video TransitionPack 1 Nero AG 08.11.2010 32,6MB 10.2.10000.0.0 Nero BackItUp 10 Nero AG 08.11.2010 109,4MB 5.6.10600.6.100 Nero Burning ROM 10 Nero AG 08.11.2010 167,4MB 10.2.10500.7.100 Nero BurnRights 10 Nero AG 08.11.2010 6,14MB 4.2.10300.0.102 Nero CoverDesigner 10 Nero AG 08.11.2010 77,2MB 5.2.10400.4.100 Nero DiscSpeed 10 Nero AG 08.11.2010 7,20MB 6.2.10200.0.100 Nero Express 10 Nero AG 08.11.2010 164,4MB 10.2.10500.7.100 Nero InfoTool 10 Nero AG 08.11.2010 8,07MB 7.2.10200.4.100 Nero MediaHub 10 Nero AG 08.11.2010 178,8MB 1.2.10800.14.100 Nero Multimedia Suite 10 Platinum HD Nero AG 08.11.2010 2.680MB 10.5.10000 Nero Recode 10 Nero AG 08.11.2010 92,3MB 4.8.10400.3.100 Nero RescueAgent 10 Nero AG 08.11.2010 6,49MB 3.2.10300.3.100 Nero SoundTrax 10 Nero AG 08.11.2010 95,0MB 4.8.10200.1.100 Nero StartSmart 10 Nero AG 08.11.2010 142,1MB 10.2.10400.5.100 Nero Update Nero AG 08.11.2010 1,44MB 1.0.0018 Nero Vision 10 Nero AG 08.11.2010 223MB 7.2.14000.4.100 Nero WaveEditor 10 Nero AG 08.11.2010 76,0MB 5.8.10200.1.100 Nokia Connectivity Cable Driver Nokia 04.11.2011 4,21MB 7.1.48.0 Nokia Suite Nokia 04.11.2011 3.2.100.0 NTI Backup Now 5 NewTech Infosystems 06.09.2009 466MB 5.1.2.627 NTI Media Maker 8 NewTech Infosystems 06.09.2009 766MB 8.0.12.6623 Nuvoton CIR Device Driver Nuvoton Technology Corporation 06.09.2009 3,28MB 8.60.1000 NVIDIA Drivers NVIDIA Corporation 31.10.2010 1.4 NVIDIA PhysX NVIDIA Corporation 31.10.2010 120,0MB 9.09.0428 OCR Software by I.R.I.S. 14.0 HP 22.02.2012 14.0 PC Connectivity Solution Nokia 04.11.2011 20,8MB 11.5.13.0 QCad 25.11.2011 QuickTime Apple Inc. 09.11.2011 73,3MB 7.71.80.42 Ravensburger tiptoi 25.03.2011 RealPlayer RealNetworks 23.11.2010 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 31.10.2010 6.0.1.5930 Rundum-Betrachter-innoPlus INNOVA-engineering GmbH Dresden 29.10.2011 2,25MB 12.00.0203 Safari Apple Inc. 14.03.2012 104,3MB 5.34.54.16 SCHLECKER Foto Digital Service 05.09.2011 Shop for HP Supplies HP 22.02.2012 14.0 Skype Click to Call Skype Technologies S.A. 29.10.2011 14,4MB 5.6.8442 Skype™ 5.5 Skype Technologies S.A. 29.10.2011 17,0MB 5.5.124 Star Defender 4 Oberon Media 31.10.2010 Synaptics Pointing Device Driver Synaptics Incorporated 31.10.2010 14.0.0.3 VLC media player 1.1.5 VideoLAN 24.12.2011 1.1.5 WBFS Manager 2.2.2 WBFS 31.12.2010 0,88MB 2.2.2 WBFS Manager 3.0 AlexDP 31.12.2010 3.0 Welcome Center Acer Incorporated 31.10.2010 1.00.3005 WIDCOMM Bluetooth Software Broadcom Corporation 31.10.2010 144,3MB 6.2.0.9700 Wildlife Park 2 Horses Deep Silver 25.05.2011 2.00 Windows Live Anmelde-Assistent Microsoft Corporation 31.10.2010 1,94MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 31.10.2010 14.0.8064.0206 Windows Live Sync Microsoft Corporation 31.10.2010 2,80MB 14.0.8064.206 Windows Live-Uploadtool Microsoft Corporation 31.10.2010 0,22MB 14.0.8014.1029 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 04.11.2011 08/22/2008 7.0.0.0 WinRAR 07.11.2010 WISO Steuer 2011 Buhl Data Service GmbH 28.02.2011 18.00.6928 www.Freeware-download.com Toolbar www.Freeware-download.com 29.10.2011 6.2.2.4 Yahoo! Software Update 01.06.2011 Yahoo! Toolbar 01.06.2011 gruß christoph |
|
29.04.2012, 09:21
| #4 | |
| /// Helfer-Team | Windows Verschlüsselungs Trojaner 1. Windows im abgesicherten Modus starten: ♦ PC neu starten ♦ Drücke gleich mehrmals die F8-Taste. Am besten mehrmals und schnell nacheinander drücken. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. 2. folgende Objekte deinstallieren - manche "nur" überflüssig, andere davon sogar Adware Zitat:
starte im normalen Modus neu auf 4. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
29.04.2012, 18:17
| #5 |
| | Windows Verschlüsselungs Trojaner Habe alles gelöscht, hier nochmals die olt.txt als anhang und hier die extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2012 18:57:02 - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Neuer Benutzer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,56% Memory free
7,98 Gb Paging File | 5,78 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 311,95 Gb Free Space | 69,30% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Neuer Benutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D4DB1F-23A5-4B6D-BCFE-664F4015989B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23FD60E0-AE90-4A66-854B-0619F6F3C7EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{28BEC81D-284F-4555-ADCB-D588E8C9DD33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FBE6CBA-1240-40A5-AB40-4676F21D529C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39823CB4-7B5E-4241-AD30-39294F1D3D6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4022A5E9-B462-49D1-8032-98500417FEFC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48C92E00-17A8-4021-AA3E-9AE7F5BEA7E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54995712-628B-4063-9B93-594EB6A97C58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AC28369-A2EC-481A-A41E-93F30E09BC3F}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B7884DE-0775-4D0B-BA5E-04FFDCD891B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E164BED-3371-4741-BFDC-05DFC26A61B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E96BC97-349E-44FB-AD54-DF5434E728C1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6140DDB2-B4CB-4779-B51F-EBF8E8DD1254}" = rport=445 | protocol=6 | dir=out | app=system |
"{668F7A6D-C03D-473D-8D68-B773766E62E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6BEB7C08-68D9-4AE8-88A8-62A3899D03C9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7174D2ED-DB0B-4839-8A6E-61311EABE599}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93DB591C-320A-4DC9-A456-4F228D27EAEA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9410C6B8-EDF4-4C3C-835D-AFD7997C5A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97AECAF6-0567-4F3C-9A3A-1D52B4A26FA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{B45B3C13-F740-49BE-B95C-9C3DB80642C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD71FC27-41D5-4FB1-95D1-E9C147126042}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2B10B42-8283-442F-9B55-0F967A35A846}" = rport=138 | protocol=17 | dir=out | app=system |
"{C76AD04E-08E8-4BAE-B785-1989438E02FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA131729-2F11-4DF9-BE49-D8328C52AFE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8C82A71-D49B-4EB5-8902-0632B35995C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDDF302A-79D5-4821-BC0F-4F423D59DAF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{F06E0B45-EB13-4742-AC5D-A13B11B25999}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128CF89-BCDD-48C1-97D5-F11EF266EFA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BFABBFC-61F0-4384-BF20-27CB3B36FF98}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{106FCFF3-1DF7-4DB2-8518-DD9BB8AFB2E9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{13C102BD-5D0A-4268-8928-46C7E14DBD7F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{152ED390-86F9-4AF5-855C-DA66F353FBD3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1662D4FF-A64F-419B-90B9-8F79FDDC478F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16AFD146-58ED-4138-B1E4-FA776ED2B28B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{184158D5-13B7-46EB-AFE3-C27F0AA39175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18961D6C-7A9A-4317-9584-E087EC6FAB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{18A353BA-EA51-443B-A53A-AEB41132819D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1E803E72-104A-47A7-A412-AA81A1487CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20A49DF5-FDA2-49E3-813C-FDA27BF1BC52}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{23E5A6B5-28DB-49A4-A083-C60627C69178}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{267D80B1-AD82-4494-A2CD-C1D1A9658D11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29410AF6-38E2-483C-8C61-ADC92D78B0B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2A4B0BDF-6A75-48E0-8221-2EAE40595D50}" = protocol=6 | dir=out | app=system |
"{33FC54ED-8577-4B88-8169-75B6F77B3878}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{348C9DF2-2E28-454F-B898-950D54CDBCB2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{351DE871-34D7-4170-8B55-E7D8529C803F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{359CD121-0DEC-4DD3-9873-46D396D08163}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{362B2231-7189-4DA2-B036-2B6B41FD1759}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{3AD1B28F-37D2-4CE3-8B8A-64D112247188}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3B9F0635-DE4C-4609-BE55-A43C27EA4B61}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{3BE346CE-18AA-4BBD-9C71-DE7211A94037}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{3BF5D0A6-F4B3-44DC-972F-F15D5CA254A7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{3DC39B84-2044-4201-94B4-D724F55E0CD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{41686702-4C4D-4C45-A4DC-6CDE049CE3FF}" = dir=in | app=d:\setup\hpznui40.exe |
"{4349A1B5-2029-465B-B3B4-B5C7680E4C1D}" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{43F03D4E-6F7A-4AD2-8197-B2442F238C03}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47DED6F0-7C64-41F1-838A-67FED88108D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{480B1598-5C65-429A-8EC8-70631147AF5A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{4B5D37D8-B8BD-49A8-AFEF-F7701764F532}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4E61D2EE-D750-4AA9-BBBF-1B516A32BB65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{4E6AE036-DB1E-4B65-866D-4055D2204D22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{4F3E7321-65EB-40E5-92EC-0BDD5D01B744}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\imbooster\imbooster.exe |
"{505192A5-F8A1-4020-8180-C2614541884B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{5265C6F2-1BEC-4547-BB88-4AA019D905CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58454E9A-17ED-4AEA-B900-3332E2F86E7C}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe |
"{586B3D02-D2A4-417E-A18B-764D3DB1ACE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AC935B4-F096-46A6-9E19-627EEA3FAE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B14190B-92B3-4CCC-97BC-5B0AC17952B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{5B18171E-2823-4767-A0B4-3D37E9F72F03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{60C42214-13CC-46AE-A1D7-D20434E274D9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{62AD2752-9FAC-4875-B64F-A2BCCABEE84A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{6722778D-64F6-45D9-A9BE-08BC989B301C}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{678A1533-6792-4CF2-870A-1EE6D5B367BA}" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{684D5ED3-F4EE-43D7-8208-D76449E865E8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{686930D7-CD80-4C7C-9B08-886E2BA79238}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{6CB58F29-B10C-4317-B6A6-E34C4C34F607}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6D312D91-49A6-462B-B33C-781DB6BB3F33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{6E68628F-88D1-4DCB-8722-31BF0E549828}" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{71EDAD8B-6F4A-40C5-94F6-800E104C120C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75DF8FBE-77E1-4B03-9A65-3D5F83228E64}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{76F45C3C-87DD-4F21-8E26-8802A1444C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{7791FA09-037B-4184-97CB-788CF0722E73}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{78457569-3603-4778-B798-8ED5882D9477}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{79FE6949-CC16-4521-9977-DD90676D7D2B}" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{7AC781CF-0755-4339-B849-1DAD21155A18}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{7CBB27B0-F38A-48C5-B985-68632BFD437C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{7E61B12F-2135-4D25-AC73-2333CF152FF6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7F332556-500A-4667-8612-6C0C6CF2E277}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7FD0DB08-BC3B-44F2-A026-E09F8036130D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{80E2A346-D698-4CCA-9803-8E1AA4538AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\mmserver\iminent.mmserver.exe |
"{81065564-482E-4158-A372-6A97AF1298A2}" = protocol=6 | dir=out | app=c:\program files (x86)\iminent\imbooster\imbooster.exe |
"{8CE57601-80C9-4E84-B058-1EF04C7BFECF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{93136109-FDC7-42B2-ACA2-0CB551015CD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{934BE8DB-7615-41D7-BDC7-465E13369591}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{97DD680D-5721-466B-BC1C-854B25E167DA}" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{997322D7-9308-4B6A-BEFF-E5D167830A58}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99B962A7-28D7-4D5D-8A41-ABD24CECD8D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9ABAC3FA-096C-41F7-B2FC-95577EFFFF77}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9B2279F8-0AD6-4A43-9FF5-76CE420FBBF7}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9BA1812A-AAB2-4756-B9CD-A75C59A16B22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9F3328B0-8568-4A35-9DDC-15024F78CF97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A223F7F3-CDFA-44E6-92E0-7DB6259BD0C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A53ACEE5-5D05-435F-8777-C9F38D89BF97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{A7CDC3E0-55EE-4C5C-8540-193938617E5B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{AAF5AC9D-A0A1-4EF0-9DA9-5A3BE422C576}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{AEBCFBB5-7E6A-498C-B177-438BD4F309C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B01CB180-1D0C-45BB-B647-DD0F658189A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3304F70-8ABE-4437-9B38-8C3819246337}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{B52D2A7D-7FDF-4DC6-80FC-7209F54B8177}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B84F0A83-738E-4648-A653-6CF451E5A9AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB152A58-EF1F-46AB-B0EB-FFB943A1FD65}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{BE15908B-D99D-4323-8437-0778BAF63CB5}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{C9FC7EE5-0B32-49B4-8CA5-E47C49FE4DC7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CEE59BF6-6329-49DF-8A97-F968C358EE42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{D0872C89-DDF0-45AB-A84A-5FA0019B4858}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D2620F0B-5CCD-4613-A3D9-208BA964E704}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D344FFA6-E2C9-41D9-81E0-A23171A0B27D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D3C14C6E-2452-490E-9367-3A887EC6D967}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{DB95004E-210A-437F-945D-2B690E3DF517}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E0E7E666-9D0F-4FF2-B015-C231AC9CB971}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{E272D937-A8F8-414C-9580-325EB78D081C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{E663205F-3C97-4429-A069-3ED55A2D2F9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{EC10C37B-4CFF-4C3E-9687-36CEC399CBA5}" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"{EF2FEEC9-FED6-4858-8535-D9DFF69F7DA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F324FEDD-FFDE-4CB0-AA86-246A304C7E5F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{14ABBD4B-7C7B-41C3-9AB8-694F80EBA47E}C:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"TCP Query User{2E7F433A-4947-4299-85F5-C5AEC08F30D1}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"TCP Query User{39303114-998B-45A4-B13B-BB23EF9EBFDE}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"TCP Query User{3CBE3624-9218-42BB-BF09-708149564D13}C:\program files (x86)\contronics\homeputer cl light\visuwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\visuwin.exe |
"TCP Query User{444FAAB9-1BD1-477C-B885-BAEB68DB4685}C:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe |
"TCP Query User{57A7DA32-F3FE-4EC3-8B1E-6D0C513DAC04}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{5A725996-D5E1-4081-9389-F3D05A0A0DFA}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe |
"TCP Query User{6E92588B-8E61-4578-AC82-64B2C20F9D03}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{6F1FA7B1-2A5A-43F3-98E2-C22A95840A6E}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"TCP Query User{86347259-D883-400F-848F-6C36369BEC1E}C:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"TCP Query User{8FC2B47F-A52C-4D88-89E3-27D6F7C17ED2}C:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe |
"TCP Query User{94F1FF2A-058F-4BE6-B4CD-1B885738EBF6}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{AC7A6E8D-CA6F-4423-B389-B4E08E01CA2B}C:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe |
"TCP Query User{B7E51936-1CBA-4FAB-A8F3-9919092419AB}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{C129F27B-17DA-4CC9-A501-06E7C04EEBDA}C:\program files (x86)\contronics\homeputer cl studio\visuwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\contronics\homeputer cl studio\visuwin.exe |
"TCP Query User{C73128BB-18DD-42AC-AD5D-1905C85D15A2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{D3E7FD56-3330-4045-9AD8-75C9A1521A42}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe |
"TCP Query User{D9A35F23-7C93-4B59-B0D0-505BF455D0ED}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{F1A2AB2C-28E5-47E7-8774-5A0EBB9C5AED}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{114E55B9-B2FA-499B-99E9-FB6E80081F5C}C:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\microsoft\windows\temporary internet files\content.ie5\0t2ofai6\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe |
"UDP Query User{13D32F69-60F0-4FA1-97E3-8AC9A2BC23A9}C:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\apps\2.0\oy305p8e.0wn\2thto9ga.zta\frit..tion_8488884cfbcefd60_0002.0002_9409db79b3f040fd\fritzbox-usb-fernanschluss.exe |
"UDP Query User{1FF652FD-07E8-4F09-A972-1BB364AB7E8C}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4server.exe |
"UDP Query User{2BD22B8F-A2EF-49DD-869B-FA98D30233B7}C:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl studio\fhz2000if.exe |
"UDP Query User{3E6620E7-E527-4D54-8386-543BD5C36B0F}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{47AF6A1A-620C-4A15-8F3A-421D63E8C1D2}C:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\fhz2000if.exe |
"UDP Query User{4BF72E90-147D-4444-85F5-089451BD64DC}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{5D0D9A7B-3FD6-4E34-AF0E-B39506783869}C:\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{62EB5929-469D-4B1A-B78C-D10B147E02A7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{65967891-3ABB-4AF2-95A7-85FF1F086EB1}C:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.exe |
"UDP Query User{785BCB6D-E42E-4636-BDBE-BF722BC02C38}C:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"UDP Query User{848A202E-C282-4AB9-BFD5-81DD3BF1FBDB}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{862B4703-A748-4464-AA70-8766548B23D8}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"UDP Query User{8D6287CE-51D7-426C-B97D-F273CFA4BD9D}C:\program files (x86)\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty black ops\blackops.exe |
"UDP Query User{98309936-4585-4103-92F2-AC60B5D6F641}C:\program files (x86)\contronics\homeputer cl light\visuwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl light\visuwin.exe |
"UDP Query User{C281CD1B-C57D-45E4-8DB5-81CF347F4E5C}C:\users\neuer benutzer\appdata\local\wscntfy.exe" = protocol=17 | dir=in | app=c:\users\neuer benutzer\appdata\local\wscntfy.exe |
"UDP Query User{DA49B929-07D5-40E8-9C72-A9B3497EB50E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{DC2AD791-3D60-4360-B123-02159E2BAC1F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{ECF71ADE-D447-4649-BB1F-439D0A28EB79}C:\program files (x86)\contronics\homeputer cl studio\visuwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\contronics\homeputer cl studio\visuwin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6140C8C0-05CB-427B-9D45-7445CE833FC1}" = WBFS Manager 2.2.2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{5794F702-8B55-4C38-9EFE-EE8D7D97EF8D}" = Meine Anlauttabelle
"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71310D9B-7555-44FE-914C-A1B55CB7BC5D}" = Scrapbook
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A89131FD-3D18-4DA8-84C8-622423011B51}_is1" = ALNO AG Küchenplaner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}" = Iminent
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCC662D1-01A8-4034-B67D-2AD91F723154}" = Acer Arcade Instant On
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD011F34-749C-47E0-BA48-6009412C4789}" = ArcSoft Print Creations
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BitTorrent" = BitTorrent
"BrowserCompanion" = BrowserCompanion
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Firstload" = Firstload
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"German Truck Simulator" = German Truck Simulator 1.00
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"IMBoosterARP" = Iminent
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5794F702-8B55-4C38-9EFE-EE8D7D97EF8D}" = Meine Anlauttabelle
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia Suite" = Nokia Suite
"QCad" = QCad
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 12.0" = RealPlayer
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"VLC media player" = VLC media player 1.1.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2011 13:03:58 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:58 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:59 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:59 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:03:59 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:04:00 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:04:00 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 13:04:00 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 14:16:55 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 28.09.2011 14:16:55 | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 29.04.2012 12:39:51 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:39:52 | Computer Name = PC | Source = DCOM | ID = 10005
Description =
Error - 29.04.2012 12:39:54 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:39:54 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:39:54 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:39:54 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:39:54 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:39:54 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:40:09 | Computer Name = PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 29.04.2012 12:42:26 | Computer Name = PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
[/code] |
|
30.04.2012, 00:49
| #6 | |||
| /// Helfer-Team | Windows Verschlüsselungs Trojaner 1. Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Code:
ATTFilter Avira + Microsoft Security Essentials
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software : -> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software 2. kannst auch deinstallieren: Zitat:
Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum? Code:
ATTFilter O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=27361110p106l0313z185t48m2a261
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=27361110p106l0313z185t48m2a261
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=27361110p106l0313z185t48m2a261
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=27361110p106l0313z185t48m2a261
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=27361110p106l0313z185t48m2a261
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.de/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=77&ru=http%3A%2F%2Fmy.ebay.de%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyEbay%3D%26gbh%3D1%26guest%3D1&pageType=3984
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de___DE405
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{74171200-F9AE-465B-BE8D-EBFF120F065E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=8315e656-15ec-4656-bb00-459bae9dca33&apn_sauid=ADB1F90B-4392-4800-B3BD-54A78E15EE42
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://de.search.yahoo.com/firefox/?fr=ffbr-sfp"
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://de.ask.com/?l=dis&o="
FF - prefs.js..extensions.enabledItems: webbooster@iminent.com:4.20.0
FF - prefs.js..extensions.enabledItems: {26647ca4-a2a7-4eac-8a72-761aa9141de7}:3.2.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.9.0.3
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.10.30 19:58:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com
[2012.02.23 11:35:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com
[2012.04.26 11:50:31 | 000,002,333 | ---- | M] () -- C:\Users\Neuer Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\d2p85ttn.default\searchplugins\locked-askcom.xml.qoji
[2012.04.26 11:50:31 | 000,000,935 | ---- | M] () -- C:\Users\Neuer Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\d2p85ttn.default\searchplugins\locked-conduit.xml.pnjw
[2011.06.02 16:16:10 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll洀 䘀椀氀攀猀 ⠀砀㠀㘀⤀ File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
[2012.04.29 18:52:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.29 18:41:41 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.29 18:41:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:40C6B258
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
5. starte Malwarebytes Anti-Malware -> Funde aus Quarantäne löschen -> Vollständiger Suchlauf wählen -> Funde löschen lassen -> Scanergebnis hier posten! 6. erneut einen Scan mit OTL:
__________________ --> Windows Verschlüsselungs Trojaner |
|
30.04.2012, 18:23
| #7 |
| | Windows Verschlüsselungs Trojaner Zu 1 Alles Klaar. Zu 2 habe Avira deinstalliert. Zu 3 habe keine Einträge zugefügt oder geändert ? Zu 4 Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{26647ca4-a2a7-4eac-8a72-761aa9141de7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647ca4-a2a7-4eac-8a72-761aa9141de7}\ deleted successfully.
C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{26647ca4-a2a7-4eac-8a72-761aa9141de7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647ca4-a2a7-4eac-8a72-761aa9141de7}\ not found.
File C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74171200-F9AE-465B-BE8D-EBFF120F065E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74171200-F9AE-465B-BE8D-EBFF120F065E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "data:text/plain,browser.startup.homepage=hxxp://de.search.yahoo.com/firefox/?fr=ffbr-sfp" removed from browser.startup.homepage
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "BittorrentBar_DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.ask.com/?l=dis&o=" removed from browser.startup.homepage
Prefs.js: webbooster@iminent.com:4.20.0 removed from extensions.enabledItems
Prefs.js: {26647ca4-a2a7-4eac-8a72-761aa9141de7}:3.2.2.0 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6 removed from extensions.enabledItems
Prefs.js: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4}:3.9.0.3 removed from extensions.enabledItems
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\d2p85ttn.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\d2p85ttn.default\searchplugins\locked-askcom.xml.qoji moved successfully.
C:\Users\Neuer Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\d2p85ttn.default\searchplugins\locked-conduit.xml.pnjw moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components_20 folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26647ca4-a2a7-4eac-8a72-761aa9141de7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647ca4-a2a7-4eac-8a72-761aa9141de7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{26647ca4-a2a7-4eac-8a72-761aa9141de7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647ca4-a2a7-4eac-8a72-761aa9141de7}\ not found.
File download.com\tbwww..dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GlaryInitialize.job moved successfully.
ADS C:\ProgramData\Temp:40C6B258 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Neuer Benutzer\Desktop\cmd.bat deleted successfully.
C:\Users\Neuer Benutzer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: Neuer Benutzer
->Temp folder emptied: 8658341 bytes
->Temporary Internet Files folder emptied: 930551782 bytes
->Java cache emptied: 9062134 bytes
->FireFox cache emptied: 86144235 bytes
->Google Chrome cache emptied: 11663418 bytes
->Apple Safari cache emptied: 4271104 bytes
->Flash cache emptied: 3429 bytes
User: Public
%systemdrive% .tmp files removed: 14113 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110804168 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.108,00 mb
OTL by OldTimer - Version 3.2.42.1 log created on 04302012_160027
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter www.malwarebytes.org
Datenbank Version: v2012.04.29.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Neuer Benutzer :: PC [Administrator]
Schutz: Aktiviert
30.04.2012 16:18:19
mbam-log-2012-04-30 (16-18-19).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397962
Laufzeit: 1 Stunde(n), 34 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\Neuer Benutzer\Documents\Locked\Downloads\Magix Fotos auf CD & DVD 10 Deluxe HD\( crack ) loader.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Neuer Benutzer\Downloads\SoftonicDownloader_fuer_librecad.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
beides als Anhang |
|
30.04.2012, 18:44
| #8 | |
| /// Helfer-Team | Windows Verschlüsselungs TrojanerZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
30.04.2012, 20:44
| #9 |
| | Windows Verschlüsselungs Trojaner ich habe nur Sims 2 mit zusatzspiel von meiner Tochter drauf. das sind Originalspiele. Sowie ein Spiel Wildlife Park 2 und German Truck simulator. ich wüsste nicht wo die einträge her kommen. Habe aber das Laptop gebraucht jedoch schon vor über 2 Jahren gekauft. |
|
30.04.2012, 22:25
| #10 |
| /// Helfer-Team | Windows Verschlüsselungs Trojaner bevor wir noch weitere Schritte einleiten, empfehle ich Dir eine Anleitung von uns jetzt zu befolgen: Die verschlüsselten Dateien mit DecryptHelper von Matthias zu entschlüsseln. (Java wird benötigt) Wiederherstellung der verschlüsselten Dateien (Rechnung.exe, Realtecdriver.exe Schadsoftware) Zur Info :-> http://www.youtube.com/watch?v=OQyqS...2&feature=plcp - alternativ: Avira Ransom File Unlocker oder Tool von Dr. Web (bitte postet uns Eure Ergebnisse! Danke) Erfolgsberichte erwünscht!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.05.2012, 07:06
| #11 |
| | Windows Verschlüsselungs Trojaner Hat super geklappt, Vielen, Vielen Dank !!!  |
|
01.05.2012, 21:04
| #12 | |
| /// Helfer-Team | Windows Verschlüsselungs Trojaner 1. Empfehlung: Zitat:
2. reinige dein System mit CCleaner:
3. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 7. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 8. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (01.05.2012 um 21:13 Uhr) |
|
| Themen zu Windows Verschlüsselungs Trojaner |
| anti, anti malware, decrypt, email, forum, helper, infizierte, laptop, malwarebytes, objekte, schlägt, troja, trojane, trojaner, verschlüsselung, verschlüsselung trojaner, verschlüsselungs, verschlüsselungs trojaner, windows, windows verschlüsselungs trojaner |
.
Linear-Darstellung
