| |
| |||||||
Log-Analyse und Auswertung: Nach Verschlüsselungstrojaner: Schlüssel konnte nicht bestimmt werdenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.05.2012, 13:13
| #1 |
| |  Nach Verschlüsselungstrojaner: Schlüssel konnte nicht bestimmt werden Hallo Trojaner Board Team, Erst mal ein herzliches Dankeschön für euer Board und eure umfassende Hilfe vielen Usern gegenüber. Da ich mit meinem Problem nicht weiterkomme, habe ich euch nun zum „zerlegen „ den Verschlüsselungs Trojaner den ich am 03.05.2012 bekommen habe und dummerweise auch geöffnet hatte via Anleitung an eure Mail: virus@trojaner-board.de gesendet. Ich hoffe ich mache hier alles richtig. Der Trojaner hatte meine ganzen Daten verschlüsselt. nach entfernen des Trojaners vom System und Entschlüsselung vieler Daten durch einen Computerservices, blieben aber viele Dateien über, die am Ende nur 0Kb hatten und somit nichts mehr wert waren leider weiß ich nicht wie der Computerservice diese Daten entschlüsselt hat und vor allem nicht mit welchem Programm ( ich bekam keine Auskunft darüber ). Da der Computerservice alle Locked-Dateien gelöscht hatte, habe ich nur diese Locked-Dateien wieder Rekonstruiert und Separat auf eine kleine ex-Platte abgelegt die erst mal entschlüsselt unbrauchbar waren, die ich aber wieder benötige. Ich bin ehrlich und gestehe das ich nie eine Sicherung meiner Daten gemacht hatte. Glücklicherweise habe ich aber mal ein Teil der Daten als Kopie ( zum Arbeiten ) auf meinem Laptop abgelegt sodass ich ich nun doch einen Teil als Originale zur Verfügung habe, die ich zum wieder entschlüsseln ebenfalls als Kopie auf die kleine ex platte abgelegt habe. Diese Orig. Dateien sind in Datengrösse und Bezeichnung bis auf die Buchstabenendung abcd u.s.w. identisch mit den Locked Dateien. Nun aber zu meinem Problem: Nachdem ich nun sämtliche empfohlene Programme ausprobiert habe, habe ich es nicht geschafft meine Daten zu entschlüsseln. Vielversprechend war anfangs scareuncrypt: erzeugte einen Schlüssel, entschlüsselte die Dateien, beim öffnen waren dann aber nur Hieroglyphen zu sehen. Also Müll. Mit anderen Programmen hatte ich null Erfolg, da es entweder heißt Datenpaar unterschiedlich groß oder kann kein Schlüssel erzeugen. Zum Schluss habe ich das Programm Decrypthelper 0.5.3 vom „ König Matthias“ benutzt da es anscheinend einige gibt die Erfolg mit diesem Programm hatten. Allerdings bekomme ich auch hier nur die Meldung: „Schlüssel konnte nicht bestimmt werden“. Ich bin als Computerlaie mit meinem Latein am Ende, weiß nicht wo ich Fehler mache, aber ich möchte wie viele andere auch meine Daten, vor allem Schriftliche Dokumente und meine Bilder/Fotos wiederhaben. Hoffentlich könnt Ihr mir / anderen Helfen. Falls mir jemand helfen kann: Originaldateien sind vorhanden: zugehörige Locked-Dateien sind vorhanden: E-Mail mit Trojaner Anhang ist ebenfalls vorhanden. / Diese Dateien kann ich bei bedarf und zum analysieren auch gerne weiterleiten ( mit diskretion versteht sich, derweil es sich teilweise um vertrauliche Dokumente handelt ) Für eure Hilfe und Mühen schon mal ein herzliches Dankeschön vorab. Mit freundlichem Gruß. Ronny Schulz Geändert von ronsch (28.05.2012 um 13:20 Uhr) |
|
31.05.2012, 08:27
| #2 |
| | Nach Verschlüsselungstrojaner: Schlüssel konnte nicht bestimmt werden OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 31.05.2012 09:15:49 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\RS\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 77,58% Memory free 16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372,51 Gb Total Space | 263,23 Gb Free Space | 70,66% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 465,76 Gb Total Space | 17,65 Gb Free Space | 3,79% Space Free | Partition Type: NTFS Drive H: | 152,66 Gb Total Space | 144,82 Gb Free Space | 94,87% Space Free | Partition Type: NTFS Computer Name: RS-PC1TERMINAL | User Name: RS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\RS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Windows\CBTWlanSrv.exe () PRC - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WerSvc) -- C:\Windows\SysNative\wersvc.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc) -- C:\Windows\SysNative\pr2ah4nc.exe (CODEMASTERS) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SearchAnonymizer) -- C:\Users\RS\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESSERVICE64.EXE (TuneUp Software) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe () SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (CBTWlanSrv) -- C:\Windows\CBTWlanSrv.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (cxbu0x64) -- C:\Windows\SysNative\drivers\cxbu0x64.sys (HID Global Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\mod7700.sys (DiBcom SA) DRV:64bit: - (MODRC) -- C:\Windows\SysNative\drivers\modrc.sys (DiBcom S.A.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (azvusb) -- C:\Windows\SysNative\drivers\azvusb.sys (AzureWave Technologies, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV:64bit: - (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS) DRV:64bit: - (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) -- C:\Windows\SysNative\drivers\ps6ah4nc.sys (CODEMASTERS) DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.) DRV:64bit: - (EIO_XP) -- C:\Windows\SysNative\drivers\EIO64_XP.sys (ASUSTeK Computer Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (TuneUpUtilitiesDrv) -- C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0B0CtDyDyEtAtD0ByD0AyDtDzz0ByEyCtN0D0TzutBtDtCtBtDyDtBzz&cr=875777936 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0ACC0A1C-402D-1588-A4C3-496683E1FC29}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0B0CtDyDyEtAtD0ByD0AyDtDzz0ByEyCtN0D0TzutBtDtCtBtDyDtBzz&cr=875777936 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = Babylon Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D E0 9E 05 95 89 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - No CLSID value found IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0B0CtDyDyEtAtD0ByD0AyDtDzz0ByEyCtN0D0TzutBtDtCtBtDyDtBzz&cr=875777936 IE - HKCU\..\SearchScopes\{0ACC0A1C-402D-1588-A4C3-496683E1FC29}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&k=0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=220512_53all&babsrc=SP_ss&mntrId=8ae98b46000000000000bc05430b5a50 IE - HKCU\..\SearchScopes\{153B2A09-4F89-463A-AB21-96C4DF443499}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com.anonymize-me.de/?anonymto=687474703A2F2F7765627365617263682E61736B2E636F6D2F72656469726563743F636C69656E743D69652674623D4E524F266F3D313031393137267372633D63726D26713D7B7365617263685465726D737D266C6F63616C653D64655F4445&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937414446415F6465&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&k=0 IE - HKCU\..\SearchScopes\{70702855-838D-4602-812C-7E697436D21D}: "URL" = hxxp://search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2665693D7574662D382666723D6231696537&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&k=0 IE - HKCU\..\SearchScopes\{7315CAD8-BA08-4B5D-9B06-C0294BDEB3BE}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{7A4E360C-1E4A-41B6-B955-A064DA72F53C}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9F472711-FBF3-469E-92A9-269888CBE03C}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{BD424A25-99DE-47A4-8C1A-67B2D9FCFB76}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{E423C34F-EC7F-4B20-A1E1-9EFD46010A42}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=311ad0fd-0a7f-4c82-8800-d29b09dbb46a&pid=dvdsoft&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - Extension: FunDial = C:\Users\RS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\ CHR - Extension: Funmoods = C:\Users\RS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found. O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\RS\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29018606-55C1-4D0E-9E57-BD852701C035}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\nokiasuite.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27:64bit: - HKLM IFEO\powerdvd12.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\nokiasuite.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\powerdvd12.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{57585586-812e-11e0-aefc-001fc6d83c8b}\Shell - "" = AutoRun O33 - MountPoints2\{57585586-812e-11e0-aefc-001fc6d83c8b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{71e48df7-83d2-11e1-9086-001fc6d83c8b}\Shell - "" = AutoRun O33 - MountPoints2\{71e48df7-83d2-11e1-9086-001fc6d83c8b}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.05.31 09:13:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\RS\Desktop\OTL.exe [2012.05.29 11:46:45 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Local\Cimaware [2012.05.29 11:13:54 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.05.29 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.05.29 11:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.05.29 11:12:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.05.29 11:12:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.05.29 10:49:14 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\ShadowExplorer.com - About [2012.05.28 20:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.28 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.28 20:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.28 11:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.05.28 11:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.05.28 01:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Mail Recovery [2012.05.28 01:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS [2012.05.28 00:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly [2012.05.28 00:28:33 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\GetRightToGo [2012.05.28 00:04:03 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\YourFileDownloader [2012.05.27 23:47:56 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Local\za-ass-Software [2012.05.27 23:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\za-ass-Software [2012.05.27 22:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MunSoft [2012.05.27 21:28:04 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.27 21:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.05.27 21:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.05.27 21:26:36 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.05.27 21:26:36 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.05.23 11:22:40 | 000,000,000 | ---D | C] -- C:\Users\RS\Desktop\Insektenhotell [2012.05.22 12:16:26 | 000,000,000 | ---D | C] -- C:\Users\RS\Documents\scannenmitpowerpoint2007 [2012.05.22 11:46:55 | 000,000,000 | ---D | C] -- C:\Users\RS\Desktop\Kolbe Musik [2012.05.22 10:06:45 | 000,000,000 | ---D | C] -- C:\Users\RS\Desktop\Basteltips [2012.05.22 10:05:56 | 000,000,000 | ---D | C] -- C:\Users\RS\Desktop\tyco Arbeitsunfall [2012.05.16 07:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.16 07:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.16 07:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.14 07:22:54 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.14 07:22:45 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.14 07:22:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.14 07:22:42 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.08 23:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.05.08 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012.05.08 23:03:24 | 000,000,000 | ---D | C] -- C:\Users\RS\Documents\Nokia Suite [2012.05.07 15:51:42 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.05.05 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\Avira [2012.05.05 11:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.05 11:02:22 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.05 11:02:22 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.05 11:02:22 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.05 11:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.05 11:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.03 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\Malwarebytes [2012.05.03 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.03 21:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.03 20:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.05.03 19:38:19 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Local\Microsoft_Corporation [2012.05.03 17:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak [2012.05.03 17:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector [2012.05.03 17:26:33 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\Systweak [2012.05.03 17:26:32 | 000,018,816 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\SysNative\roboot64.exe [2012.05.03 17:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro [2012.05.03 14:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012.05.03 14:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2012.04.22 13:51:40 | 002,152,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFUpdate_01009.dll [2012.04.15 20:44:55 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.04.15 20:44:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.04.15 20:44:54 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.04.15 20:44:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.04.15 20:44:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.04.15 20:44:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.04.15 20:44:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.04.15 20:44:53 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.04.15 20:44:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.04.15 20:44:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.04.15 20:44:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.04.11 20:31:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.04.11 20:31:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.04.11 20:31:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.04.11 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar [2012.04.11 19:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.04.11 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.04.11 17:49:58 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Local\MediaShow [2012.04.11 17:45:51 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Local\MediaServer [2012.04.11 17:45:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2012.04.11 17:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2012.04.11 17:45:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12 [2012.04.11 17:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012.04.11 17:15:47 | 000,000,000 | ---D | C] -- C:\Users\RS\MediaEspresso [2012.04.11 17:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2012.04.11 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\WebApp [2012.04.11 14:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2012.04.11 14:56:23 | 000,750,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5412.dll [2012.04.11 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.04.11 14:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.04.11 14:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2012.04.11 14:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick [2012.04.11 14:39:34 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusbn.sys [2012.04.11 14:39:34 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwusbnci.dll [2012.04.11 14:39:31 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys [2012.04.11 14:39:31 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2012.04.11 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\RS\AVM_Driver [2012.04.11 11:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funk Software [2012.04.11 11:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Funk Software [2012.04.11 10:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.04.10 15:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink [2012.04.10 14:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.04.10 13:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink [2012.04.10 13:31:40 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\Opera [2012.04.10 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\RS\AppData\Roaming\OCS [2012.04.10 12:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 9 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2012.05.31 09:13:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\RS\Desktop\OTL.exe [2012.05.31 09:13:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.31 08:23:21 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 08:23:21 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 08:14:41 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.31 08:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.30 20:40:53 | 001,507,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.30 20:40:53 | 000,657,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.30 20:40:53 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.30 20:40:53 | 000,131,078 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.30 20:40:53 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.30 20:35:46 | 000,409,089 | ---- | M] () -- C:\Users\RS\Desktop\DHL_Marke_1_TUUQFU2BSA2 Aachen.pdf [2012.05.30 20:20:37 | 000,113,352 | ---- | M] () -- C:\Users\RS\Documents\Scan0001.~PDF [2012.05.29 11:13:45 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.05.29 11:13:45 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.05.28 20:32:00 | 000,001,274 | ---- | M] () -- C:\Users\RS\Desktop\Spybot - Search & Destroy.lnk [2012.05.28 00:33:25 | 000,302,425 | ---- | M] () -- C:\Users\RS\AppData\Local\funmoods-speeddial.crx [2012.05.28 00:33:25 | 000,031,470 | ---- | M] () -- C:\Users\RS\AppData\Local\funmoods.crx [2012.05.28 00:17:46 | 000,006,060 | ---- | M] () -- C:\user.js [2012.05.27 21:28:04 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.27 21:28:04 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.27 21:26:10 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.05.27 21:26:10 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.05.27 20:46:49 | 000,000,117 | ---- | M] () -- C:\Windows\SysWow64\decoder_del.2.bat [2012.05.27 18:41:24 | 000,000,157 | ---- | M] () -- C:\Windows\SysWow64\decoder_del.1.bat [2012.05.27 18:33:21 | 000,000,163 | ---- | M] () -- C:\Windows\SysWow64\decoder_del.bat [2012.05.22 12:20:21 | 000,001,356 | ---- | M] () -- C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.05.22 12:15:57 | 000,297,104 | ---- | M] () -- C:\Users\RS\Desktop\scanner.zip [2012.05.22 11:49:16 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.05.22 09:05:23 | 000,000,188 | ---- | M] () -- C:\Users\RS\defogger_reenable [2012.05.15 03:36:06 | 000,429,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.09 00:14:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.08 23:37:55 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.05.08 15:19:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.08 15:19:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.08 12:25:47 | 000,003,157 | ---- | M] () -- C:\Users\RS\Desktop\Nero BackItUp.lnk [2012.05.07 15:51:42 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.05.04 18:17:11 | 000,000,022 | ---- | M] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb [2012.05.04 18:15:54 | 000,000,017 | ---- | M] () -- C:\Users\RS\AppData\Local\resmon.resmoncfg [2012.05.04 18:15:15 | 000,000,221 | ---- | M] () -- C:\Users\RS\Desktop\Call of Duty Modern Warfare 2.url [2012.05.04 18:14:55 | 000,671,384 | ---- | M] () -- C:\Users\RS\Documents\Scan0002.~PDF [2012.05.04 18:14:55 | 000,026,112 | ---- | M] () -- C:\Users\RS\Documents\Abwesenheitsinformation.oft [2012.05.04 18:11:51 | 000,088,335 | ---- | M] () -- C:\Users\RS\Wappen_Ellwangen_Jagst.png [2012.05.04 18:11:51 | 000,047,761 | ---- | M] () -- C:\Users\RS\safe_image.png [2012.05.04 18:11:51 | 000,002,051 | ---- | M] () -- C:\Users\RS\BW.jpg [2012.05.04 18:11:51 | 000,001,814 | ---- | M] () -- C:\Users\RS\logo.gif [2012.05.04 18:11:51 | 000,001,232 | ---- | M] () -- C:\Users\RS\Deutschlandflagge mit Bundesadler.jpg [2012.04.22 13:51:40 | 002,152,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFUpdate_01009.dll [2012.04.22 13:51:38 | 000,759,296 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\UMDF\PCCSWpdDriver.dll [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012.04.11 19:58:32 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.04.11 17:45:39 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2012.04.11 17:37:10 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2012.04.11 14:56:22 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk [2012.04.11 14:56:22 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk [2012.04.11 14:56:22 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk [2012.04.10 19:11:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.04.10 15:17:09 | 000,001,345 | ---- | M] () -- C:\Users\RS\Desktop\Media Center.lnk [2012.04.10 15:00:31 | 000,000,999 | ---- | M] () -- C:\Users\RS\Desktop\DVD Shrink 3.2.lnk [2012.04.10 12:42:19 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Audials 9.lnk [2012.04.05 12:34:28 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.04.04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.04.04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.30 20:35:27 | 000,409,089 | ---- | C] () -- C:\Users\RS\Desktop\DHL_Marke_1_TUUQFU2BSA2 Aachen.pdf [2012.05.29 11:13:45 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.05.29 11:13:45 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.05.29 11:13:44 | 000,002,217 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.05.28 20:32:00 | 000,001,274 | ---- | C] () -- C:\Users\RS\Desktop\Spybot - Search & Destroy.lnk [2012.05.28 00:33:30 | 000,302,425 | ---- | C] () -- C:\Users\RS\AppData\Local\funmoods-speeddial.crx [2012.05.28 00:33:30 | 000,031,470 | ---- | C] () -- C:\Users\RS\AppData\Local\funmoods.crx [2012.05.27 20:46:47 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\decoder_del.2.bat [2012.05.27 18:41:23 | 000,000,157 | ---- | C] () -- C:\Windows\SysWow64\decoder_del.1.bat [2012.05.27 18:33:13 | 000,000,163 | ---- | C] () -- C:\Windows\SysWow64\decoder_del.bat [2012.05.22 12:15:57 | 000,297,104 | ---- | C] () -- C:\Users\RS\Desktop\scanner.zip [2012.05.22 09:05:23 | 000,000,188 | ---- | C] () -- C:\Users\RS\defogger_reenable [2012.05.09 00:14:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2012.05.08 23:37:55 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.05.08 12:25:47 | 000,003,157 | ---- | C] () -- C:\Users\RS\Desktop\Nero BackItUp.lnk [2012.05.04 18:17:11 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb [2012.05.04 18:15:54 | 000,000,017 | ---- | C] () -- C:\Users\RS\AppData\Local\resmon.resmoncfg [2012.05.04 18:15:15 | 000,000,221 | ---- | C] () -- C:\Users\RS\Desktop\Call of Duty Modern Warfare 2.url [2012.05.04 18:14:55 | 000,671,384 | ---- | C] () -- C:\Users\RS\Documents\Scan0002.~PDF [2012.05.04 18:14:55 | 000,113,352 | ---- | C] () -- C:\Users\RS\Documents\Scan0001.~PDF [2012.05.04 18:14:55 | 000,026,112 | ---- | C] () -- C:\Users\RS\Documents\Abwesenheitsinformation.oft [2012.05.04 18:11:51 | 000,088,335 | ---- | C] () -- C:\Users\RS\Wappen_Ellwangen_Jagst.png [2012.05.04 18:11:51 | 000,047,761 | ---- | C] () -- C:\Users\RS\safe_image.png [2012.05.04 18:11:51 | 000,002,051 | ---- | C] () -- C:\Users\RS\BW.jpg [2012.05.04 18:11:51 | 000,001,814 | ---- | C] () -- C:\Users\RS\logo.gif [2012.05.04 18:11:51 | 000,001,232 | ---- | C] () -- C:\Users\RS\Deutschlandflagge mit Bundesadler.jpg [2012.05.03 17:27:01 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe [2012.04.11 19:58:32 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.04.11 17:45:39 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2012.04.11 14:56:22 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk [2012.04.11 14:56:22 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk [2012.04.11 14:56:22 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk [2012.04.11 14:39:35 | 000,013,202 | ---- | C] () -- C:\Windows\instwcli.inf [2012.04.11 14:39:34 | 000,015,565 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusbn.bin [2012.04.10 15:17:09 | 000,001,345 | ---- | C] () -- C:\Users\RS\Desktop\Media Center.lnk [2012.04.10 15:00:31 | 000,000,999 | ---- | C] () -- C:\Users\RS\Desktop\DVD Shrink 3.2.lnk [2012.04.10 12:42:19 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Audials 9.lnk [2012.03.19 14:51:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.10.27 15:28:39 | 000,012,800 | ---- | C] () -- C:\Users\RS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.22 18:48:36 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.01.22 18:48:36 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2010.12.04 18:26:06 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2010.11.28 15:05:59 | 000,260,932 | ---- | C] () -- C:\Windows\hpwins20.dat.temp [2010.11.28 15:05:58 | 000,001,360 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp [2010.11.22 00:04:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.11.21 22:01:00 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat [2010.11.21 21:25:04 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2010.11.21 20:49:52 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.11.21 19:51:07 | 000,000,239 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2010.11.21 19:48:48 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.11.21 18:46:42 | 001,526,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.21 17:47:10 | 000,106,496 | ---- | C] () -- C:\Windows\CBTWlanSrv.exe [2010.11.21 17:47:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\acs.exe [2010.11.20 23:45:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.20 20:04:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.05.04 10:13:57 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\AD ON Multimedia [2010.11.21 19:51:07 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\Cherry [2012.05.04 18:15:43 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\DAEMON Tools Lite [2012.05.05 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\driveridentifier [2012.05.28 00:29:50 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\GetRightToGo [2012.05.05 10:59:20 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\MOBackup [2012.05.09 00:17:56 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\Nokia [2012.04.10 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\OCS [2012.05.04 10:14:00 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\OpenCandy [2012.04.10 13:31:40 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\Opera [2012.05.08 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\PC Suite [2012.05.05 10:59:19 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\PDF Experte 7 [2012.05.05 10:59:19 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\PDF Experte 7 Professional 7 [2011.04.20 12:16:39 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\PriceGong [2010.11.21 21:16:45 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\RapidSolution [2012.05.03 17:27:07 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\Systweak [2011.07.29 13:44:26 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\TeamViewer [2012.05.29 11:13:32 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\TuneUp Software [2012.04.11 15:49:07 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\WebApp [2012.05.29 10:49:14 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\ShadowExplorer.com - About [2012.05.28 00:04:03 | 000,000,000 | ---D | M] -- C:\Users\RS\AppData\Roaming\YourFileDownloader [2012.05.20 15:42:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.05.2012 09:15:49 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\RS\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 77,58% Memory free
16,00 Gb Paging File | 14,01 Gb Available in Paging File | 87,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,51 Gb Total Space | 263,23 Gb Free Space | 70,66% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465,76 Gb Total Space | 17,65 Gb Free Space | 3,79% Space Free | Partition Type: NTFS
Drive H: | 152,66 Gb Total Space | 144,82 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
Computer Name: RS-PC1TERMINAL | User Name: RS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095C3635-7554-48B5-B4AC-0FF9DF88A921}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0D3DEE54-29BE-4500-8F88-A7E5C15A6F12}" = lport=137 | protocol=17 | dir=in | app=system |
"{13B049B6-04A6-4548-99F7-0A60F231981C}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) |
"{1E64AC78-8727-4816-AE3B-F14618B51A9C}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) |
"{1EEEE385-1624-4305-B320-22087A6C4EE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{26486E09-4E5A-4898-B1A1-5A61A7C635C7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27BF9E75-2675-43D4-8503-99C84900EEA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{29989691-3B92-4C7D-904F-B8B3D5C07A47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AB2A8D6-23C1-4BB2-A2BB-94244FD622F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CCEDAA6-0242-4217-9F32-3C7B96EBC7A9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2DD3798D-1ACD-440F-9032-7A6EABAA5E1E}" = rport=137 | protocol=17 | dir=out | app=system |
"{33AC9654-CF64-4806-9F5D-2939A1D1461A}" = lport=139 | protocol=6 | dir=in | app=system |
"{33C04EA3-DC47-4615-9A1C-7A8524C55453}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53B54A8A-0422-43B0-B3F9-A9B4E11B5BD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57818F3A-834F-4BDA-A528-2074952D17A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{57DE27C9-5D90-4F43-9CF2-8EBAE8990886}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62CAFB34-72A1-4296-A46B-A42C898EAF8D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{63A0FBE5-1337-4776-9DC7-28629DBB7A0E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6E649934-5621-4787-8287-9DCD197B429E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{70EACCB2-96FB-415B-9B0D-5B59FEE9CFF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77F19058-BFA4-4074-9776-C4718AB01BB8}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{79870624-4C0B-4258-A42E-A71722A241BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{7FE41D14-F3B3-4F3B-B21C-A25E06B4972A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{87448457-4D21-40C4-B2CF-8ECE36C46D86}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8957D492-D2B2-4B7D-83FC-EAAAB52FF2E4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B3CF40B-0A37-4651-A6A1-9109B2318163}" = rport=445 | protocol=6 | dir=out | app=system |
"{938EBD58-963E-43A9-87E2-F0CA88F99F13}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96B12C97-B71F-4A20-B361-16E91AC6C041}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B570023-1495-4940-8E3C-FD4D0EC08E70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A60F6850-8C28-4410-8A12-E1261ABE5B42}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B398E632-AA4F-4D15-90C9-A030EB10D826}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B652FA61-61B3-4D82-B7CE-24FF653825A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{B9732959-D8AD-40F4-8BC9-67E35FCDB427}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA3F8555-4C9A-4DAA-9764-CBF1E8159BD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C47EAD3D-E350-488F-9AD7-CA4BA122889D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C49DFDF1-5450-4A83-AB17-8038506B1716}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C898A906-0385-487A-A95E-08413B317F2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D53C679B-CAA6-4788-96BF-2B200841EB68}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{D6C9C4F2-ECC3-4690-93D4-C517021B9731}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D8520F72-41E0-48A3-8249-BC1C87F86920}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DB45B716-EEF0-4E71-B6D9-4E4AEB15C4D2}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{DC70B3BA-09E9-4F65-AB59-638341F1C16E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4999D36-208D-4B50-BE04-006917E49B7E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F8A43918-1068-4595-93EC-398E7F00EBA8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD490058-051F-4C8E-9050-C6D3595DCE10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDB88CED-EC99-457F-9616-B0B3FDFFB620}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0537F403-3615-4238-9473-4A3BD8CF765A}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{069780A8-945B-431B-BFB3-F9BCAD3F9385}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{07FE9A02-4148-4BD7-8AFA-4376D0584F06}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{0854BCD8-E2C0-46BA-9213-F6FAE77D56C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A16B6C0-D0C2-4C02-AF97-7F2A8640D401}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{0A206DF3-B24C-44BB-B308-6B2FBC2861F5}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{0A5BCD10-3867-4A98-8047-4F9A7E1A55E2}" = protocol=6 | dir=out | app=system |
"{0C248A46-659C-424C-8991-7564B8AEB3F9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{0F948CA1-E625-4D65-84DB-FA289EB2E593}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FF8147D-2051-4838-81C0-F9527D39602C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{10EE3379-8B8B-4AAF-AAE7-9AEC5D896BB9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{110939C9-AB5B-407F-A4B3-AC135FEAFFEB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{16480BE5-ECF5-4C3F-8346-BA1F7EF0AF2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{181E3626-1C0C-4213-A6EF-D0F540AE03D7}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe |
"{18F50AED-FC45-4989-9664-F18C83456457}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1A1878AF-2D48-4A18-9749-FE0E2084ACB6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1CD5CB97-9F58-4C3A-A852-8CB7821A98EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1F769212-6D02-407B-8EBC-6DAA6193B691}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{235927AA-3FCF-45EA-A2E3-AC3741F2A3F4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{241553A3-BEE4-467C-A44E-DA384A47A844}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{267BC45D-16BE-45B2-907D-93B5F7EA64CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D5DD6BD-57D3-4289-8891-C414A5D9F4D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3052BDCA-B6FB-4AFD-8C32-FA8906F58DF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{31563D3D-FC0A-4297-BC17-9D0BFE60DFB5}" = dir=in | app=c:\program files (x86)\common files\pctv systems\streamingserver\strmserver.exe |
"{3514DCA9-7206-4F51-85DB-6270EC7B2968}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{38463D22-2378-4613-B0D7-7E0CBF98A7BA}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{3926EE61-5210-4AFB-B90D-3FD90681E0D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{39DC35FA-D32D-40E1-81CF-F34A4B305940}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{3A4D88B5-292E-41D3-889B-17AC2C5B8980}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{3A6C7B42-F385-4648-ADB6-48ADBFC2A188}" = dir=in | app=c:\program files (x86)\common files\pctv systems\pvr\videocontrol.exe |
"{3BF7DCFF-ACD5-4887-9D12-5DFC0DDE9E7F}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{4549C043-9347-4249-96E4-34FC8CADF2A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{4DCBA270-64D9-4476-A86D-00AE69A45F80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4E9CC381-8CB5-4F4A-BC1A-9E1E1E150E17}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{50653E48-5A4D-488B-B0EF-1D5DD69723D6}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{50E4CB21-5571-431B-95E3-E7DC7F430A0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5219863E-63C5-425F-AFB7-BA022682D1C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52DF4689-DAED-4BB5-9C25-6362DD7E0E0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{5368A294-8C75-425C-A3E1-869AB3813FC1}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{54DFFB17-B7B8-4AA1-8890-5E2DAD16E6DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{582A0A46-D51D-4B08-9FC6-6D86988F60A3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59AB141F-54B5-4E50-B81E-2D561E93BE3A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5A9D1986-BFCC-4AB4-9ACD-52C14ADA2B40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{5C48E633-D152-4B22-9273-6C67D425255A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CE65999-53F5-4E55-B28C-DD86A9D636CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{630B1449-3723-42DE-B7BF-19A3FD1CDFA1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{645D87AB-90CC-4CD4-9757-201CFC065D41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{66D56368-A1C8-4CF1-9F0C-5DD1F4A04F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6701CB79-0BC3-4060-8377-B7C9CE157780}" = dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{6AAA3E9C-15BC-4CDB-B89E-A5346E989C4F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DF6169E-5B98-4933-97F9-8D5BF964811D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6FCB404E-63B0-4444-8E16-F3F638ED0CEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7035430C-F33E-48CC-93A0-97064F15DA0B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{715AD1AF-A28F-400B-ADCE-7B35C2596ADE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74638EAE-0A76-41AD-AD29-B5160A82CCEE}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{7AD8B864-C6CE-4286-A5F5-66EC1D687BC8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AF53B37-90F8-4CFD-AF73-96BAE501D426}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{7D24DBF9-6702-4A0E-A67D-9C15FCC30830}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81546DB7-A036-42F6-8305-EE8E04CD4C2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{87D01E7B-9FFB-4658-8DB5-8D4020787986}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8F09FD2A-BB51-421B-944E-5CC40714675C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9045B192-9429-4608-817D-746426E19FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{90F0ED00-2FF6-47D6-A3C7-55C8F8F18BED}" = dir=in | app=c:\users\rs\appdata\local\temp\7zs604c\ojj4600_full_13\setup\hpznui40.exe |
"{944FC345-ED1A-458D-91D9-451CD656610F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{949A5630-5746-4251-805E-88C6C411E3D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9557F186-40C0-49C8-8E5A-0E7F9D37F3DF}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{95D42DCA-B77B-4FCA-A449-0B9DDBDCDC56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{965A73F8-CC60-4D65-9545-0B95DCC4D261}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{977FFE44-9976-4E18-B9E4-35C22B8E2EE9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{9E0735E6-8861-4E03-8499-094A89747251}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A5D488C6-8C95-4289-88BA-C597496112BE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AD81C985-7675-42D1-A773-620C76E1E9EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE92C26B-6F54-4BAD-B66D-89B974584043}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF1E8FF6-AD98-4C4C-BBCE-BAF38A25399C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0F8A133-3543-42E1-819C-B145D977663B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B37B5A74-976C-4635-A0C7-4FEE057B1908}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B535488B-BEEF-4918-A6E6-66D82A085A8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{BBB7EA2E-7430-48B3-A616-222F77D4063D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BFA1646C-3321-45F0-BD4F-A7DAA8A7C5AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C165D25E-5988-40CB-8662-2D1A4E627A31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C254C737-5CE4-4BEF-BBA0-31AC3F28AFEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{CB658745-1B7D-423C-BE46-568FDFE7B736}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{CE7A4340-C22A-411F-82B4-D65DA11EFC57}" = dir=in | app=c:\program files (x86)\pctv systems\tvcenter\tvcenter.exe |
"{CFB0DF51-1B6D-48CE-8543-9C7160F48EAF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D429B465-4D6C-4D5F-9229-95641FED6830}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D52715E9-1815-4986-97B5-D7B5BE7237F3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D8006926-36A2-4D67-9032-5957459A0B40}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{DB28E2FD-3617-4845-A4AA-6475A79A13D3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCDAAC7A-A3E0-49E4-9A35-070C69F79D8A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E06B1E0F-07BA-47BF-992E-292E3AA35094}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{E4F6E2F5-0DFF-4D98-A38A-3C2B091DED91}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E51E9A38-7E0F-4A4F-94A2-37BDEC14EF3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E8C252C2-A6C6-431C-84CE-B528392BE529}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{EE8E2B52-C76B-4CD1-AB64-1734493FF208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F35FE8A9-6ADA-4E82-88DA-9182B3B8FE8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F43211F4-59D6-412C-A568-96652346F34C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F50687D1-5D60-430E-85FC-E2DD893D661E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6AB039D-9A4E-4AFC-9B65-A9AE73580D85}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{F849FF66-7B21-465A-80C5-9414B1A61A59}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{FA63F13E-3A7F-4F63-97F2-078174E3A2EF}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{735D8C00-B4F1-4A73-BEF1-8E2BEB9D2C2F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8B3BB1E9-8F1C-4274-BFE0-18123FFBE06C}C:\program files (x86)\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt\dirt.exe |
"TCP Query User{B9300405-6296-4D52-A9F5-DF620718D603}C:\program files (x86)\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\shared files\programs\strmserver\strmserver.exe |
"TCP Query User{E09C2FD7-A6F4-418D-A339-1E66872AF9DE}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"UDP Query User{59B63014-C07D-4ADB-BC1B-E5E850C91C59}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"UDP Query User{BA0A8C2C-5D08-4E01-AFC0-C588B80AE2AB}C:\program files (x86)\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\shared files\programs\strmserver\strmserver.exe |
"UDP Query User{C332C034-7796-4EAF-BC7D-437420513689}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E99DC2EA-2688-4826-8128-3A40FD7FD8B6}C:\program files (x86)\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt\dirt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{266CCC48-9AA1-404E-A1CB-558E8CC46F69}" = Windows OEM Preinstallation Kit
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8C633FD-8719-448F-9A55-F04CFDD53E67}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"SearchAnonymizer" = SearchAnonymizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 3.9
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A2C7C34A-AA73-48AB-9A06-6880F9906640}" = GloboFleet CC Plus
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF1EC979-D1D4-11D5-B96B-0050BA1B9371}" = USB Storage Device v1.14e035
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DA078193-6951-49D6-9702-0E92B569E182}" = Audials
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 7 Professional
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"7-Zip" = 7-Zip 9.20
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVMWLANCLI" = AVM FRITZ!WLAN
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Mail Recovery" = Easy Mail Recovery
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Google Chrome" = Google Chrome
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"McAfee Security Scan" = McAfee Security Scan Plus
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Nokia Suite" = Nokia Suite
"Office14.SingleImage" = Microsoft Office Professional 2010
"Router Installationsprogramm und Monitor_is1" = Router Installationsprogramm und Monitor
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"xvid" = XviD MPEG-4 Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2647101694.www.pcspeedup.com" = PCSpeedUp
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.11.2011 07:01:02 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 09.11.2011 07:30:52 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 10.11.2011 04:59:52 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 14.11.2011 03:21:07 | Computer Name = RS-PC1Terminal | Source = Windows Backup | ID = 4104
Description =
Error - 16.11.2011 08:58:33 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 21.11.2011 08:46:03 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 22.11.2011 06:59:23 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 25.11.2011 11:17:17 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 28.11.2011 05:14:55 | Computer Name = RS-PC1Terminal | Source = Windows Backup | ID = 4104
Description =
Error - 01.12.2011 04:50:34 | Computer Name = RS-PC1Terminal | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
[ Media Center Events ]
Error - 04.05.2012 19:13:56 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 01:13:56 - Fehler beim Herstellen der Internetverbindung. 01:13:56
- Serververbindung konnte nicht hergestellt werden..
Error - 04.05.2012 20:14:02 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 02:14:02 - Fehler beim Herstellen der Internetverbindung. 02:14:02
- Serververbindung konnte nicht hergestellt werden..
Error - 14.05.2012 17:47:49 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 23:47:49 - Fehler beim Herstellen der Internetverbindung. 23:47:49
- Serververbindung konnte nicht hergestellt werden..
Error - 14.05.2012 18:47:55 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 00:47:55 - Fehler beim Herstellen der Internetverbindung. 00:47:55
- Serververbindung konnte nicht hergestellt werden..
Error - 14.05.2012 19:48:00 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 01:48:00 - Fehler beim Herstellen der Internetverbindung. 01:48:00
- Serververbindung konnte nicht hergestellt werden..
Error - 14.05.2012 20:48:05 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 02:48:05 - Fehler beim Herstellen der Internetverbindung. 02:48:05
- Serververbindung konnte nicht hergestellt werden..
Error - 25.05.2012 17:57:15 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 23:57:15 - Fehler beim Herstellen der Internetverbindung. 23:57:15
- Serververbindung konnte nicht hergestellt werden..
Error - 25.05.2012 18:57:22 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 00:57:22 - Fehler beim Herstellen der Internetverbindung. 00:57:22
- Serververbindung konnte nicht hergestellt werden..
Error - 25.05.2012 19:57:27 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 01:57:27 - Fehler beim Herstellen der Internetverbindung. 01:57:27
- Serververbindung konnte nicht hergestellt werden..
Error - 25.05.2012 20:57:32 | Computer Name = RS-PC1Terminal | Source = MCUpdate | ID = 0
Description = 02:57:32 - Fehler beim Herstellen der Internetverbindung. 02:57:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 30.05.2012 14:09:17 | Computer Name = RS-PC1Terminal | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
EIO_XP
Error - 30.05.2012 14:09:54 | Computer Name = RS-PC1Terminal | Source = DCOM | ID = 10016
Description =
Error - 31.05.2012 02:14:33 | Computer Name = RS-PC1Terminal | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 31.05.2012 02:14:33 | Computer Name = RS-PC1Terminal | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 31.05.2012 02:14:34 | Computer Name = RS-PC1Terminal | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 31.05.2012 02:14:34 | Computer Name = RS-PC1Terminal | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 31.05.2012 02:14:36 | Computer Name = RS-PC1Terminal | Source = SCardSvr | ID = 602
Description =
Error - 31.05.2012 02:14:36 | Computer Name = RS-PC1Terminal | Source = SCardSvr | ID = 602
Description =
Error - 31.05.2012 02:15:06 | Computer Name = RS-PC1Terminal | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
EIO_XP
Error - 31.05.2012 02:15:42 | Computer Name = RS-PC1Terminal | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
31.05.2012, 08:40
| #3 |
| | Nach Verschlüsselungstrojaner: Schlüssel konnte nicht bestimmt werden beitrag gelöscht, da versehentlich doppelt
__________________Geändert von ronsch (31.05.2012 um 08:52 Uhr) Grund: extra log feil doppelt eingefügt |
|
| Themen zu Nach Verschlüsselungstrojaner: Schlüssel konnte nicht bestimmt werden |
| anleitung, board, crypt, dateien, e-mail, ebenfalls, entfernen, entschlüsseln, fehler, gelöscht, helper, kleine, laptop, mail, meldung, nichts, problem, programm, programme, system, trojaner, trojaner board, u.s.w., unterschiedlich, virus, öffnen |
Linear-Darstellung
