| ![]() Links auf Antiviren Seiten werden mit Google 404 abgefangen, Online Banking Daten "gestohlen" Hallo, Ich bin erst durch meine Bank darauf aufmerksam geworden. Ich habe einen Brief bekommen, dass meine Online Banking Zugangsdaten auf einem ausländischen Server gefunden wurden und deshalb mein Zugang vorerst gesperrt wurde. Als ich dann mein AntiViren Programm (bis dahin AntiVir) laufen lassen wollte, war es nicht da, also deinstalliert. Ich bin mir aber leider nicht 100% sicher, ob ich es zuvor installiert hatte. Als ich dann versucht habe die Avira Seite zu laden, kam im Firefox der Google(!!) 404 Error Screen. Das selbe auch bei der Kaspersky Seite. Edit: Wenn die Seite direkt (avira.com oder kaspersky.com) angesprochen wird, leitet mich der Browser zu www.google.com weiter. Wenn eine Unterseite (z.B. www.avira.com/de) aufgerufen wird, erscheint der o.g. 404 Ich habe dann Kaspersky über die ComputerBild Seite heruntergeladen und installiert => keine Funde. Kann mir jemand Sagen worum es sich handelt und wie ich es wegbekomme? Wenn ich meine Online-Banking Seite aufrufe lädt Firefox auch Inhalte von "security-check.net" heruntergeladen. Leider erreiche ich auch bei meiner Bank niemanden mehr. Ich hoffe ihr könnt mir helfen. Gruß, DFG PS: Ich verwende Windows 7 64bit, habe Firefox 13.0.1 und Google Chrome 20.0.1132.47 m Geändert von D_F_G (04.07.2012 um 16:36 Uhr) |
| ![]() Links auf Antiviren Seiten werden mit Google 404 abgefangen, Online Banking Daten "gestohlen" Ich konnte leider nicht mehr editieren.
__________________Hier meine OTL logs: OTL.txt: Code:
ATTFilter OTL logfile created on: 04.07.2012 18:05:18 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 39,41% Memory free 7,73 Gb Paging File | 4,49 Gb Available in Paging File | 58,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,97 Gb Total Space | 25,66 Gb Free Space | 5,67% Space Free | Partition Type: NTFS Computer Name: TERM | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 17:48:07 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dominik\Downloads\OTL.exe PRC - [2012.07.03 20:22:35 | 000,116,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Dominik\Downloads\Desktops102\Desktops.exe PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.06.18 22:15:00 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.08.25 14:36:40 | 000,337,568 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Uqli\gitab.exe PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2010.08.30 10:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010.08.11 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.06.10 04:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.05.26 19:43:54 | 000,046,472 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\Rmcmd.exe PRC - [2009.05.26 19:38:02 | 000,112,008 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\Iigcn.exe PRC - [2009.05.26 19:38:00 | 000,165,256 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\iigcd.exe PRC - [2009.05.26 19:37:56 | 000,157,064 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\iigcc.exe PRC - [2009.05.26 19:37:10 | 000,022,416 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\servproc.exe PRC - [2009.05.26 19:37:04 | 000,022,416 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\Iidbms.exe PRC - [2009.05.26 19:37:04 | 000,022,416 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\Dmfrcp.exe PRC - [2009.05.26 19:34:46 | 000,017,808 | ---- | M] (Ingres Corporation) -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\Dmfacp.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 22:14:59 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.25 14:36:40 | 000,337,568 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Uqli\gitab.exe MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010.06.10 04:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.01.25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\program files\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld) SRV:64bit: - [2011.11.23 17:37:20 | 009,688,064 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL) SRV:64bit: - [2010.01.22 19:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.23 18:00:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.18 22:14:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011.09.26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\Programme\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache) SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2010.11.01 23:12:20 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2010.08.11 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.26 19:37:10 | 000,022,416 | ---- | M] (Ingres Corporation) [RN] [Auto | Running] -- C:\Program Files (x86)\Rapid-I\RapidNet\database\ingres\bin\servproc.exe -- (Ingres_Database_RN) SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.07.10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.04 09:52:54 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.07.04 09:26:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.12 18:12:56 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.11.08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011.04.04 15:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2011.03.31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.06.10 22:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2010.06.08 05:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.05.12 04:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (HTCAND64) DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2010.04.01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.22 19:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.22 18:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.01.29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007.11.02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV - [2010.03.19 15:15:50 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/05/04 19:46:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{4D0635D1-C94C-468D-9789-CA2D01E1944E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=1ddaba19-7c7d-420b-aeb5-9b3f58fd5c21&apn_sauid=82CDCD5F-88C0-421E-A15D-13460ED04318 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dominik\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dominik\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.07.04 10:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.07.04 10:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 22:15:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.10 20:30:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.04 09:48:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.24 21:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions [2011.03.24 21:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.04 09:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\bwuh3bra.default\extensions [2012.02.02 20:20:02 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\bwuh3bra.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2011.12.02 19:02:22 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Dominik\AppData\Roaming\mozilla\Firefox\Profiles\bwuh3bra.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8} [2012.06.15 18:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.06.24 11:16:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.18 22:15:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.18 22:14:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 22:14:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.18 22:14:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 22:14:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 22:14:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 22:14:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=1ddaba19-7c7d-420b-aeb5-9b3f58fd5c21&apn_ptnrs=%5EABT&apn_sauid=82CDCD5F-88C0-421E-A15D-13460ED04318&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dominik\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Dominik\AppData\Local\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\\ CHR - Extension: YouTube = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\\ CHR - Extension: Virtuelle Tastatur = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\\ CHR - Extension: Skype Click to Call = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\ CHR - Extension: Google Mail = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\\ O1 HOSTS File: ([2012.07.04 09:28:58 | 000,000,909 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: socialsearch.com O1 - Hosts: www.socialsearch.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Programme\TortoiseHg\TortoiseHgOverlayServer.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S9534.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON SX130 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S8314.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Ytemfesouw] C:\Users\Dominik\AppData\Roaming\Uqli\gitab.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dominik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3159044F-7C89-45F1-A56E-CCF9EA7C4D4F}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389E0B00-272C-4768-B25E-8A543AB9755F}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C584DDFC-822F-4066-A1C7-25D1D452F67E}: NameServer =, O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2413ea5b-588e-11e0-baaf-206a8a1ce5e9}\Shell - "" = AutoRun O33 - MountPoints2\{2413ea5b-588e-11e0-baaf-206a8a1ce5e9}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{2413ea5b-588e-11e0-baaf-206a8a1ce5e9}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{2413ea5b-588e-11e0-baaf-206a8a1ce5e9}\Shell\install\command - "" = E:\SETUP.EXE O33 - MountPoints2\{694d6287-2bba-11e1-b2b2-9e5c6b1aee9c}\Shell - "" = AutoRun O33 - MountPoints2\{694d6287-2bba-11e1-b2b2-9e5c6b1aee9c}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{8460ee4e-57ed-11e1-914c-b1fcc3d2acef}\Shell - "" = AutoRun O33 - MountPoints2\{8460ee4e-57ed-11e1-914c-b1fcc3d2acef}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a O33 - MountPoints2\{da441aae-ccda-11e0-a2ee-06659d39d145}\Shell - "" = AutoRun O33 - MountPoints2\{da441aae-ccda-11e0-a2ee-06659d39d145}\Shell\AutoRun\command - "" = E:\Launcher\LAUNCHER.EXE O33 - MountPoints2\{f059a4bf-24c7-11e1-bfbf-ce313a2f828c}\Shell - "" = AutoRun O33 - MountPoints2\{f059a4bf-24c7-11e1-bfbf-ce313a2f828c}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{f059a4bf-24c7-11e1-bfbf-ce313a2f828c}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{f059a4bf-24c7-11e1-bfbf-ce313a2f828c}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 17:29:36 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Malwarebytes [2012.07.04 17:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 17:29:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.04 17:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.04 17:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 09:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012 [2012.07.04 09:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.07.04 09:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.07.04 09:52:54 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.07.04 09:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.07.04 09:26:31 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.04 09:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.07.03 20:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.07.03 20:13:18 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\APN [2012.07.03 20:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.26 15:23:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Uqli [2012.06.26 15:23:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Inbued [2012.06.26 15:23:48 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Roaming\Hiuxe [2012.06.23 18:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin [2012.06.23 18:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X [2012.06.23 18:29:27 | 000,000,000 | ---D | C] -- C:\cygwin [2012.06.23 18:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\cygwin [2012.06.18 22:15:23 | 000,000,000 | ---D | C] -- C:\Users\Dominik\AppData\Local\Macromedia [2012.06.14 19:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShrewSoft VPN Client [2012.06.14 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\Dominik\Desktop\Musik Jule [2012.06.14 09:41:41 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Dominik\Desktop\putty.exe ========== Files - Modified Within 30 Days ========== [2012.07.04 18:28:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.04 17:52:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3533918176-516122717-522040741-1001UA.job [2012.07.04 17:48:20 | 000,000,168 | ---- | M] () -- C:\Users\Dominik\defogger_reenable [2012.07.04 17:44:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.04 17:29:30 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.04 17:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 16:22:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.04 16:00:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 16:00:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 15:52:17 | 3111,514,112 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 10:00:31 | 000,017,408 | ---- | M] () -- C:\Users\Dominik\AppData\Local\WebpageIcons.db [2012.07.04 09:55:44 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2012.07.04 09:55:44 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2012.07.04 09:52:54 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.07.04 09:52:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3533918176-516122717-522040741-1001Core.job [2012.07.04 09:33:28 | 001,810,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.04 09:33:28 | 000,767,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.04 09:33:28 | 000,721,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.04 09:33:28 | 000,174,834 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.04 09:33:28 | 000,147,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.04 09:30:38 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.07.04 09:26:31 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.01 08:26:03 | 000,000,443 | ---- | M] () -- C:\Windows\SysWow64\bash.exe.stackdump [2012.06.24 13:13:50 | 000,000,600 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\winscp.rnd [2012.06.15 10:21:08 | 000,348,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 19:27:12 | 000,000,600 | ---- | M] () -- C:\Users\Dominik\AppData\Local\PUTTY.RND [2012.06.14 09:41:11 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Dominik\Desktop\putty.exe [2012.06.10 20:12:36 | 000,001,059 | ---- | M] () -- C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.07.04 17:48:20 | 000,000,168 | ---- | C] () -- C:\Users\Dominik\defogger_reenable [2012.07.04 17:29:30 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.04 10:00:30 | 000,017,408 | ---- | C] () -- C:\Users\Dominik\AppData\Local\WebpageIcons.db [2012.07.04 09:55:44 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2012.07.04 09:55:44 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2012.07.04 09:30:38 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.07.01 08:26:03 | 000,000,443 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump [2012.06.14 18:43:47 | 000,000,600 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\winscp.rnd [2012.06.14 10:46:13 | 000,000,600 | ---- | C] () -- C:\Users\Dominik\AppData\Local\PUTTY.RND [2012.05.06 18:56:12 | 000,000,027 | ---- | C] () -- C:\Users\Dominik\.appcfg_nag [2012.05.06 17:46:29 | 000,000,193 | ---- | C] () -- C:\Windows\wordpad.INI [2012.04.19 18:01:10 | 005,056,989 | ---- | C] () -- C:\Users\Dominik\Dokumente19042012.pdf [2012.04.15 18:24:28 | 000,000,029 | ---- | C] () -- C:\Windows\UML.INI [2012.04.04 19:48:06 | 000,039,394 | ---- | C] () -- C:\Users\Dominik\reader.kl [2012.04.04 19:43:08 | 000,156,529 | ---- | C] () -- C:\Users\Dominik\output.html [2012.04.04 19:42:54 | 000,016,591 | ---- | C] () -- C:\Users\Dominik\primitives.clj [2012.03.30 14:45:42 | 005,427,898 | ---- | C] () -- C:\Users\Dominik\ebook_manual_en_dive-into-html5.pdf [2012.03.21 09:10:50 | 013,655,880 | ---- | C] ( ) -- C:\Users\Dominik\FreeMind-Windows-Installer-0.9.0-max.exe [2012.03.11 10:44:25 | 000,903,531 | ---- | C] () -- C:\Users\Dominik\BEC_Higher.pdf [2012.02.29 18:08:42 | 001,164,874 | ---- | C] () -- C:\Users\Dominik\Formblatt8-1.pdf [2012.02.24 13:13:47 | 000,000,079 | ---- | C] () -- C:\Users\Dominik\mercurial.ini [2012.02.13 12:54:31 | 000,057,564 | ---- | C] () -- C:\Users\Dominik\AppData\Roaming\Photo.jpg [2012.02.06 15:40:23 | 001,306,620 | ---- | C] () -- C:\Users\Dominik\Nielsen-D2011-internet.pdf [2012.01.09 16:15:54 | 000,001,482 | ---- | C] () -- C:\Users\Dominik\.waterfront.config.clj [2011.12.28 18:05:29 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\qftestc.exe [2011.12.28 18:05:29 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\qftest.exe [2011.12.25 13:30:46 | 000,000,112 | ---- | C] () -- C:\Users\Dominik\.asadminpass [2011.12.06 23:38:44 | 000,000,599 | ---- | C] () -- C:\Windows\eReg.dat [2011.11.28 22:51:43 | 000,535,173 | ---- | C] () -- C:\Users\Dominik\Assignment 5 (Dominik and Muhammad Usman).pdf [2011.11.20 21:02:47 | 132,827,166 | ---- | C] () -- C:\Users\Dominik\Studienarbeit.7z [2011.11.11 19:25:57 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.10.27 13:14:33 | 001,093,138 | ---- | C] () -- C:\Users\Dominik\algorithmen.pdf [2011.10.19 22:02:19 | 000,000,672 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.10.19 20:43:13 | 000,290,904 | ---- | C] () -- C:\Windows\SysWow64\vc6-re200l.dll [2011.04.25 14:29:16 | 000,000,043 | ---- | C] () -- C:\Windows\gswin64.ini [2011.03.08 22:34:51 | 001,779,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.04 19:30:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe [2010.11.02 07:41:10 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini [2010.11.02 07:39:30 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.02 07:38:43 | 000,001,653 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2010.11.01 23:04:31 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.11.01 23:04:31 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini [2010.11.01 22:57:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.08 05:16:07 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010.09.08 05:16:07 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2010.09.08 05:16:07 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini ========== LOP Check ========== [2011.05.22 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\abgx360 [2012.05.30 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1 [2012.05.18 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Bizagi Ltd [2012.01.27 21:37:46 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\DAEMON Tools Lite [2012.07.04 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Dropbox [2012.07.04 17:49:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Epson [2011.12.18 20:18:11 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\eXtra feelings [2011.04.04 22:47:40 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\FloodLightGames [2012.06.26 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Foxit Software [2012.04.28 17:35:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\GrindEQ [2012.07.04 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Hiuxe [2012.04.25 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ICQ [2011.03.25 20:01:40 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\ImgBurn [2012.06.26 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Inbued [2012.05.18 15:41:08 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\IsolatedStorage [2012.04.10 20:31:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Macroplant LLC [2012.02.13 12:26:02 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Motorola [2011.10.28 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\MySQL [2011.06.20 22:28:26 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Notepad++ [2011.10.28 16:29:25 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\postgresql [2011.11.29 10:59:00 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Scooter Software [2012.04.28 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Shared [2011.03.05 16:38:32 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\SNS [2011.06.07 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\SoftGrid Client [2012.04.14 17:13:56 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Spotify [2012.05.16 10:39:52 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\syntevo [2011.03.24 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Thunderbird [2012.02.13 12:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Total Immersion [2011.03.08 22:36:04 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\TP [2012.04.16 12:43:29 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\UDC Profiles [2011.05.22 11:48:28 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Unity [2012.06.26 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\Dominik\AppData\Roaming\Uqli [2011.11.09 13:01:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 18:05:18 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Dominik\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 39,41% Memory free 7,73 Gb Paging File | 4,49 Gb Available in Paging File | 58,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,97 Gb Total Space | 25,66 Gb Free Space | 5,67% Space Free | Partition Type: NTFS Computer Name: TERM | User Name: Dominik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005C29EF-1BC4-4939-AA36-C77E2B1B5815}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0A4D9D03-A934-41AF-B0CA-3EB3A0A3FE7D}" = lport=2869 | protocol=6 | dir=in | app=system | "{1548578B-DA1D-44FC-8EFD-2B9EA977DA18}" = lport=10243 | protocol=6 | dir=in | app=system | "{2924F6AA-5306-4E57-A838-29E2CFEAC3A9}" = lport=445 | protocol=6 | dir=in | app=system | "{309D80F5-DD4B-4B40-97DC-E47D9818A94D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3120C4A2-6D0A-487E-B36C-B8EC578C2ABF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38D6E411-987E-495B-BEF4-BDA897E85B51}" = rport=445 | protocol=6 | dir=out | app=system | "{426FCBDE-8E78-4156-AD2F-07AA6D31203C}" = lport=2869 | protocol=6 | dir=in | app=system | "{4CC524BC-FB6D-46AE-949C-C31388B80115}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5510B10D-77CC-4DCE-B3EB-CCEF5EE0DE74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5A2841C0-FB61-4BC1-9CC5-FE44F7A3C1FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{63F03FF9-2472-4CB3-A49E-CB541129C2A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{678547F6-6532-4F9C-AE3D-72EAA9A56E72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{78650E05-8FF9-4070-9711-DD761DE6CF0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{80E590CD-9194-476F-8A50-578D1E0FB570}" = rport=139 | protocol=6 | dir=out | app=system | "{837FE16F-9EC7-46E4-9DAF-82731C7D19FE}" = lport=138 | protocol=17 | dir=in | app=system | "{A56A93F0-687A-472B-87D8-6F5BA29C320A}" = rport=137 | protocol=17 | dir=out | app=system | "{AAEB3335-D9DB-4CF3-84A5-D0DFE6F8ED63}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B686F91C-8DF9-438E-B10F-EBD018AE3F2B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BDAC6631-F9B6-4540-9DD5-1F7510BECF95}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{C1320F34-A5CC-49A1-B3F0-81E4544B4528}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DE9B911F-0D27-4B8F-AFCC-94795A78494F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E6EF953F-B850-47B2-AEBE-17D2AC363479}" = rport=138 | protocol=17 | dir=out | app=system | "{ED138E83-EDF0-4C7D-A987-18DB5CAABF36}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{EE610DE8-0971-413E-B259-FACF57BB8AA5}" = lport=139 | protocol=6 | dir=in | app=system | "{FB77AC4B-E089-4807-BA58-DC1EF3DF9BE4}" = rport=10243 | protocol=6 | dir=out | app=system | "{FE6D7A1F-5C3B-4BCE-80E1-3B3D19A727A4}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F08EE0-8EA1-496D-86D3-B100F8A922AD}" = dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{0370A667-60F0-41F3-AE69-7DCAB12A102E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{070C8A8C-E6BC-4B93-9D5D-91225A1543FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{087BD5BB-172B-40F6-9BC1-5188608045D9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{0C057662-7C1A-42BB-9B54-460C7AD5F5AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{17D6CA09-3C36-488F-8F6A-359710DEFB45}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{1E4C8075-55C0-4FB4-9A9F-244E6A1F4B16}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{26D26DCB-6ED7-49F3-801C-0554B66F745E}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe | "{28DE0E00-EEC2-4496-A732-0C7DE1594380}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2BC81CCE-0DFA-45AC-B4E7-DDAB5E76E8A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{36338681-A821-4E05-AFCF-0A148531FA3E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{369B0BB9-2184-4866-BEFF-8D11CF4AA4DB}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\spotify\spotify.exe | "{389627C9-53CB-4804-B8E3-8EE4D125C12C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{3A16426A-BBAF-4920-AD54-FE9F5A7E87D9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{444F879A-7521-4CD9-A682-8A066DAB78F1}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\vlc setup helper.exe | "{467D4300-9628-406F-A6DC-2CD65012F58E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{499B3427-6A00-45FC-8E8E-BD2E8841A0C4}" = protocol=6 | dir=out | app=system | "{4B8D6A62-FB9C-4B1B-9167-B5E39944E459}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{520AD98F-2235-4E8A-BB02-9946251D7DE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{55C351E7-60CB-4DA2-B7E4-0B6CCCDE7936}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{574A3C99-98FA-4EE4-8FA6-7778F4A37F92}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{5B12041E-CC62-41A4-A3AF-0FDFE2AF83F3}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\spotify\spotify.exe | "{5CB77B10-FAD2-442C-B85E-39E3313B5724}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\local\google\google talk plugin\googletalkplugin.exe | "{5E157EF1-A0E7-4428-9FF5-325373F8B719}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6B3D8292-DB3C-4028-A08E-01765958F175}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C80072A-6B41-410F-B2DD-753CAEF38430}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | "{6DE5F853-77FB-493E-A03B-C2991E04CC13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{741D4239-FD92-403B-A0F1-93440A403E5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{76A8FCF1-3AAA-4758-BA9F-3C57C8CE0869}" = protocol=17 | dir=in | app=c:\program files (x86)\rapid-i\rapidnet\database\ingres\bin\iigcd.exe | "{78153DED-91E9-4B83-94C6-7A804B0F95CE}" = protocol=6 | dir=in | app=c:\program files\tortoisehg\thgw.exe | "{79FAFEE1-1EEB-49BC-9740-9CEC013A67A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7A6C6259-C411-4C46-921C-A8176405601F}" = protocol=17 | dir=in | app=c:\users\dominik\appdata\local\google\google talk plugin\googletalkplugin.exe | "{7A746B04-F39D-45B1-9D4D-D2AF685CE26A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{7CD85E30-1E74-4938-AE9B-D0FD30C27F30}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{847B0D50-C835-457C-8049-D92FF9FD519C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{853D90FF-95C7-471C-AF76-9C3141F4A638}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "{854F1B0E-F795-44A4-8883-43C2639F0B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | "{8A929EEC-70A4-4700-9B87-D75FCFC1C39F}" = protocol=6 | dir=in | app=c:\program files\wamp\bin\apache\apache2.2.21\bin\httpd.exe | "{8B44CBA6-0188-405D-84DB-73559112E372}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8C8B6FB4-8168-40BF-9D73-1C283E805D7E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{8E05DC06-3DA1-4F61-B834-066F5D5D9D02}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | "{95C0779F-1B25-4FC1-9DE5-E68B521FD31A}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | "{9A854E8E-DE4B-4483-931F-5F9123E4D092}" = protocol=6 | dir=in | app=c:\cygwin\bin\xwin.exe | "{9C10CDA2-E42E-467C-A873-8532A3256BF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9D64CE65-D3D5-42F5-A74A-CD49BF2B78C0}" = protocol=6 | dir=in | app=c:\program files (x86)\rapid-i\rapidnet\database\ingres\bin\iigcc.exe | "{A6813100-BA7F-4CBB-96FD-833445010EA7}" = protocol=17 | dir=in | app=c:\program files\tortoisehg\thgw.exe | "{AA0EC993-5B9B-4DE6-A8B1-25063ED51144}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ABA9D21D-E2DE-48A0-9042-8FE2637A6E34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{B016F854-1C40-4E20-9304-CBF2B88F824F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B0EA791E-D9E5-4ED2-B26C-400591D41139}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B924CF34-AEB9-491D-A53B-9BFCD00E585F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C05283BC-C3CF-47A1-9704-68ECB988BDEB}" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | "{C36D0354-7CC7-48DF-9FCE-4C7284148191}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C69682F8-5B27-4801-804D-60D19281672C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9199A71-554B-4C19-ABDA-3D6E8AFCC491}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{CBB58B9D-B88C-44FD-9F12-F58CD1C9F651}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CC3CF6CB-10EA-4911-A68D-7D80C0EB6EB2}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe | "{CDB48C3D-3DED-4A13-A0B0-E08FCC78C46F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CE0B0EA4-444A-49B4-8289-0D4DD18D12E3}" = protocol=17 | dir=in | app=c:\program files (x86)\rapid-i\rapidnet\database\ingres\bin\iigcc.exe | "{D13BF77D-A81A-4153-ABA8-EFA0694CCBA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D4B9F7B9-799D-4A1A-9831-A515E312D853}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{DE47C1E9-9B15-4DF2-BD25-121EB8FEEC7D}" = protocol=17 | dir=in | app=c:\cygwin\bin\xwin.exe | "{DF3F6602-4043-4C19-9772-7D8FB12A2403}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{E0577069-02B8-498D-A9A5-42B2E2723BBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E216F3AC-8474-43B5-875E-13916F63CC86}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E2974A5C-A657-4195-B540-97A9FEC34CAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E9F073AE-53D9-423A-A593-D3C803C80CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | "{ED25D21E-6532-4278-B812-08F5B860E9D9}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "{EDC77514-D946-48DF-96C0-CD085836D13C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F25F36AD-3128-49E5-9388-7FB31484B984}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F9797CC0-5458-4603-9B8C-AF527EF2334D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FBEABE68-7445-491D-8B68-1396C695E8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\rapid-i\rapidnet\database\ingres\bin\iigcd.exe | "{FC7B3049-154C-49E8-A564-7BB1E9FBBDCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD8540FA-1DF1-4859-8D5A-959212509AB7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FEE511E1-CB95-443F-BA6C-AA1924F7B5A9}" = protocol=17 | dir=in | app=c:\program files\wamp\bin\apache\apache2.2.21\bin\httpd.exe | "TCP Query User{0D0F5FFA-0444-4DDF-9F85-F05B0982C68F}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe | "TCP Query User{1512B8AB-8AE4-4526-BCAF-E2DC33DEC2B1}C:\program files (x86)\java\jdk1.6.0_26\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_26\jre\bin\javaw.exe | "TCP Query User{22871EFF-7427-4CBB-8EF4-993CFF38027E}C:\cygwin\bin\xwin.exe" = protocol=6 | dir=in | app=c:\cygwin\bin\xwin.exe | "TCP Query User{2B026E30-0D35-4841-BF2A-6BEE1FF5967F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{2FEE23ED-027F-4632-8B28-C788A565C284}C:\program files\glassfish3\jdk7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe | "TCP Query User{31C35DD4-853E-4EC4-903E-DDD25C6ADECF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{3DBC4194-01CD-4CB5-8AAD-252A11CF892B}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{71817E56-37EB-460C-8AC1-544C380E46E3}C:\program files\java\jdk1.6.0_26\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\java.exe | "TCP Query User{788635F4-90E5-48A8-9580-244B204B5B95}C:\program files\java\jdk1.7.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_01\bin\javaw.exe | "TCP Query User{78A9AF4B-B8EE-4F0E-8AD3-3743CDDDA073}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | "TCP Query User{91CC0007-FEA8-4826-A697-29C1331B63D4}C:\program files\java\jdk1.6.0_26\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe | "TCP Query User{A21C345A-D528-4622-B8F8-92E0DF6C977C}C:\program files\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files\wamp\bin\apache\apache2.2.21\bin\httpd.exe | "TCP Query User{B6E53698-724C-477B-A5B2-72B5D0D853F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{B9052220-28C0-4AEB-9766-A4F8CABBB516}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{BD09697B-60DC-4408-8C7E-A41C7ACF67E2}C:\program files (x86)\rapid-i\rapidnet\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rapid-i\rapidnet\jre\bin\javaw.exe | "TCP Query User{C7AC182E-A132-4155-943A-0A198168C005}C:\program files\tortoisehg\thgw.exe" = protocol=6 | dir=in | app=c:\program files\tortoisehg\thgw.exe | "TCP Query User{C919B8CE-C5D9-4CA6-A0DE-A252A4E50677}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{D7F89455-45CF-47F9-9396-1B77BEB56844}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{DC81FD78-2F9D-481D-ACC2-BFAF74296E31}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "TCP Query User{EE864F86-6FDF-44A6-8E64-EE14D9E8949B}C:\program files (x86)\postgresql\enterprisedb-apache\php\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apache\php\apache\bin\httpd.exe | "TCP Query User{EEB777B0-9785-4032-BAC1-153F83C8054E}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{F37D857B-73B7-4CAD-A0AF-470AB11A29F6}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | "TCP Query User{FEAFE14F-8657-4B39-AF66-03687AD8AF5D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{0F4CA21C-6875-403E-9EB4-09F508F0446B}C:\program files (x86)\java\jdk1.6.0_26\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_26\jre\bin\javaw.exe | "UDP Query User{248AED19-EF08-4F91-92AA-4B3EEB88B929}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe | "UDP Query User{3A98B6A2-68A8-4EAA-9593-4832627389F5}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{4B419482-271A-4B5A-AC64-2997BC887912}C:\program files\java\jdk1.6.0_26\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\bin\java.exe | "UDP Query User{55757337-CB9B-44B3-A134-D654C78CBE7B}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "UDP Query User{6D1F77E2-F268-4EE7-8EA4-EEBEFEED0B24}C:\program files\tortoisehg\thgw.exe" = protocol=17 | dir=in | app=c:\program files\tortoisehg\thgw.exe | "UDP Query User{7F2CD71A-D924-4B32-8C25-28B38C6B83A1}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{8B280B61-A997-4825-BDFC-44EC2849DF2D}C:\program files (x86)\rapid-i\rapidnet\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rapid-i\rapidnet\jre\bin\javaw.exe | "UDP Query User{95346695-867E-4202-9A48-C92DE6A0CA4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{9F0A1331-2237-439D-8AA1-ADCE561AE048}C:\cygwin\bin\xwin.exe" = protocol=17 | dir=in | app=c:\cygwin\bin\xwin.exe | "UDP Query User{A1534A38-527E-4B2F-8AD3-573A686A1657}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{AA1AF79A-2918-4377-BE07-417C1D443AC7}C:\program files\java\jdk1.6.0_26\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_26\jre\bin\java.exe | "UDP Query User{AB1DD6F1-78BA-47A6-BDB4-6337746DE843}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe | "UDP Query User{AD874A0B-3B98-41DA-BC6B-E5D7AB790E31}C:\program files\glassfish3\jdk7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\glassfish3\jdk7\bin\java.exe | "UDP Query User{B8747CE8-BDA3-42BE-8928-28DBDE421D43}C:\program files (x86)\postgresql\enterprisedb-apache\php\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\postgresql\enterprisedb-apache\php\apache\bin\httpd.exe | "UDP Query User{BB17AF01-5356-4DC2-9F09-7AA0056C3EA1}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe | "UDP Query User{BCDC4248-DB7E-4731-8252-DF46292854E3}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{C75EEF00-A28A-466F-9675-DE8C25351A66}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{E5BB6B82-6839-46F6-91E6-BB6924871025}C:\program files\java\jdk1.7.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_01\bin\javaw.exe | "UDP Query User{E92E09EC-2288-4BB2-8FC3-7F8A77BF947C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{F611D85D-D778-402A-B962-B2655653216D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{F845E2FB-6AED-4F48-B948-636025FFDCDD}C:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dominik\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{FD47AB74-C5D5-411D-9CB6-3725E298D763}C:\program files\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files\wamp\bin\apache\apache2.2.21\bin\httpd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0067268E-3A9D-491F-A1F0-15D1662F9DE3}" = MySQL Server 5.5 "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de "{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64) "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services "{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 (64-bit) "{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 (64-bit) "{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit) "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64 "{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{B9B42FD7-57AF-4D81-8537-8B80ABC23ECD}" = TortoiseHg 2.3.0 (x64) "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1 "{C6400179-A2BD-4491-AD13-CEC9DD066246}" = Oracle VM VirtualBox 4.1.14 "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "GPL Ghostscript 9.02" = GPL Ghostscript "GrindEQ" = GrindEQ Math Utilities (x64) (remove only) "GrindEQw2l" = GrindEQ Word-to-LaTeX (x64) (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Office14.VISIOR" = Microsoft Visio Professional 2010 "Shrew Soft VPN Client" = Shrew Soft VPN Client "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista "{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de "{090C73E1-BB48-403D-9DFF-A60FD71FF73A}" = MySQL Connector J "{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese "{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera "{13B27F83-C633-4967-9E13-4B8C982E87CB}" = MySQL Installer "{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish "{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech "{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24F919AA-4819-4241-9CCE-37AFB666EC81}" = HSearch Installation "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German "{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English "{2DDC7E93-29AB-4260-A9DB-697F7FA88157}" = MySQL Connector Net 6.4.4 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean "{3CD4C30E-BD82-4592-B64A-8AD9784ECA9F}" = BMWi-Softwarepaket 10 "{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding "{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{525BA381-389C-4975-BDD3-C36DCF66D5BD}" = BMWi Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58582B88-0260-4C80-9A89-8CA0923AFD26}" = WordNet 2.1 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79846AA4-622E-5B48-18B2-02F53F423DFE}" = BMWi-Businessplaner Fuehren "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84E40904-0BC4-4645-9672-81119DEB9578}" = SQLite ADO.NET 2.0/3.5 Provider "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing "{89E2DA1C-7AAA-A29B-0FF3-38375A85D3FE}" = Balsamiq Mockups For Desktop "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager "{8A5B016F-D452-4650-92D4-219567EA257A}" = Bizagi Process Modeler "{8D430DDB-7BC0-4072-9875-23A5D2989E32}" = MySQL Documents 5.5 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{936310AE-694E-4D55-9E5D-3A97B04DC289}" = MSRedists "{944322AF-5D21-43F7-87DE-06BB30A1C369}" = MySQL Workbench 5.2 CE "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French "{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011 "{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2 "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish "{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78D01C7-2979-11D5-BDFA-00B0D0AD4485}" = Ingres RN "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AE010604-007D-11DD-A3C1-001636EEECBD}" = Google App Engine "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light "{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional "{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard "{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6C3EAA5-8012-4239-BC80-BF189B79E58A}" = MySQL Examples and Samples 5.5 "{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New "{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish "{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation "{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian "{DA0AB139-B29E-5B54-726C-B2A5CE6DA2CC}" = BMWi-Businessplaner Gründung "{DBB123AF-C399-48BB-B3E3-14B953321D0B}" = AVRStudio4 "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader "{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E4F5FEFF-AF01-4D35-B245-68D47C1ACA6A}" = Ingres .NET Data Provider 2.1 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek "1106-5897-7327-6550" = Visual Paradigm for UML 9.0 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "abgx360" = abgx360 v1.0.5 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Android SDK Tools" = Android SDK Tools "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop "BeyondCompare3_is1" = Beyond Compare Version 3.3.3 "BMWi Updater" = BMWi Updater "BMWiBusinessplanerFuehren" = BMWi-Businessplaner Fuehren "BMWiBusinessplanerGruenden" = BMWi-Businessplaner Gründung "BMWi-Softwarepaket 10" = BMWi-Softwarepaket 10 "DAEMON Tools Lite" = DAEMON Tools Lite "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In "Digital Editions" = Adobe Digital Editions "EPSON Scanner" = EPSON Scan "EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series "Foxit Reader_is1" = Foxit Reader 5.1 "Identity Card" = Identity Card "ImgBurn" = ImgBurn "Ingres RN" = Ingres RN "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup "InstallShield_{8A5B016F-D452-4650-92D4-219567EA257A}" = Bizagi Process Modeler "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012 "iTwin_is1" = iTwin 3.2 Final "JDownloader" = JDownloader "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack "MiKTeX 2.9" = MiKTeX 2.9 "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MS Access 97 SP2" = MS Access 97 SP2 "Notepad++" = Notepad++ "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Welcome Center" = Welcome Center "QF-Test_is1" = QF-Test 3.4.3 "SimCity 3000 Unlimited" = SimCity 3000 Unlimited "SmartCVS 7.1_is1" = SmartCVS 7.1.6 "Universal Document Converter_is1" = Universal Document Converter (Demo) "VLC media player" = VLC media player 1.1.7 "VLC Setup Helper_is1" = VLC Setup Helper "WampServer 2_is1" = WampServer 2.2 "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinAVR-20100110" = WinAVR 20100110 (remove only) "WinLiveSuite_Wave3" = Windows Live Essentials "WT088216" = Agatha Christie - Death on the Nile "WT088226" = Bejeweled 2 Deluxe "WT088228" = Build-a-lot 2 "WT088235" = Chuzzle Deluxe "WT088238" = Diner Dash 2 Restaurant Rescue "WT088260" = Farm Frenzy "WT088268" = Insaniquarium Deluxe "WT088269" = Jewel Quest Solitaire 2 "WT088283" = Plants vs. Zombies "WT088292" = Zuma Deluxe "WT088416" = FATE "WT088420" = Final Drive Nitro "WT088448" = John Deere Drive Green "WT088452" = Penguins! "WT088456" = Polar Bowler "WT088460" = Polar Golfer "WT088508" = Virtual Villagers 4 - The Tree of Life "WT088531" = Zuma's Revenge ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Amazon Kindle" = Amazon Kindle "Dropbox" = Dropbox "Google Chrome" = Google Chrome "pdfsam" = pdfsam "RapidMiner 5" = RapidMiner 5 "RapidNet" = RapidNet "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player "Violet UML Editor" = Violet UML Editor ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.07.2012 02:36:37 | Computer Name = term | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version:, Zeitstempel: 0x4ed6f47d Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version:, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06092978 ID des fehlerhaften Prozesses: 0x1194 Startzeit der fehlerhaften Anwendung: 0x01cd5753be1c2ec6 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 1b2a8a61-c347-11e1-8370-afa3da3a6861 Error - 01.07.2012 02:36:39 | Computer Name = term | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version:, Zeitstempel: 0x4ed6f47d Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version:, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06042978 ID des fehlerhaften Prozesses: 0x107c Startzeit der fehlerhaften Anwendung: 0x01cd5753b62f9031 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 1cbacd2d-c347-11e1-8370-afa3da3a6861 Error - 01.07.2012 02:36:43 | Computer Name = term | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version:, Zeitstempel: 0x4ed6f47d Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version:, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06252978 ID des fehlerhaften Prozesses: 0xb28 Startzeit der fehlerhaften Anwendung: 0x01cd5753a894b2b2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 1ea89aa8-c347-11e1-8370-afa3da3a6861 Error - 01.07.2012 05:10:12 | Computer Name = term | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\bizosys\hsearch-0.90\bin\chmod.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 01.07.2012 07:42:47 | Computer Name = term | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.07.2012 07:42:47 | Computer Name = term | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 999 Error - 01.07.2012 07:42:47 | Computer Name = term | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 999 Error - 01.07.2012 07:42:48 | Computer Name = term | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 01.07.2012 07:42:48 | Computer Name = term | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2028 Error - 01.07.2012 07:42:48 | Computer Name = term | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2028 [ System Events ] Error - 25.06.2012 11:07:44 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec Error - 26.06.2012 08:04:20 | Computer Name = term | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR6 gefunden. Error - 29.06.2012 02:36:30 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec Error - 02.07.2012 09:27:57 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec Error - 03.07.2012 14:06:14 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec Error - 04.07.2012 03:22:59 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec Error - 04.07.2012 03:29:25 | Computer Name = term | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 04.07.2012 03:44:44 | Computer Name = term | Source = DCOM | ID = 10010 Description = Error - 04.07.2012 03:46:05 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec Error - 04.07.2012 09:53:30 | Computer Name = term | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ArcSec < End of report > |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Links auf Antiviren Seiten werden mit Google 404 abgefangen, Online Banking Daten "gestohlen" hi
__________________da du onlinebanking machst: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
