| |
| |||||||
Log-Analyse und Auswertung: "Der Computer ist für die Verletzung der Gesetze der [BRD] wurde blockiert"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.07.2012, 15:09
| #1 |
| | !["Der Computer ist für die Verletzung der Gesetze der [BRD] wurde blockiert" - Standard](images/icons/icon1.gif){kind=icon} "Der Computer ist für die Verletzung der Gesetze der [BRD] wurde blockiert" Hallo liebe Foren-Mitglieder, ich habe mir heute während dem Surfen einen Trojaner mit der Nachricht "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" eingefangen, welcher 100€ per UKash für die Entsperrung fordert und bitte daher um Hilfe. Da mich die Grammatik ohnehin schon skeptisch machte, hab ich gleich mal gegoogelt und bin auf das Board hier gestoßen, wo dieser Trojaner anscheinend schon gut bekannt ist. Der Ansatz zur Lösung des Problems besteht wohl darin, den Rechner von Malwarebytes und OTL scannen zu lassen und dann die Logs zu posten. Gesagt, getan, ab in den abgesicherten Modus, die beiden Programme runtergeladen und scannen lassen, hier die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.31.07 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 KN :: KN-PC [Administrator] 31.07.2012 13:19:22 mbam-log-2012-07-31 (13-19-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252231 Laufzeit: 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TapiSysprep (Trojan.Cridex) -> Daten: C:\Users\KN\AppData\Local\Microsoft\Windows\3563\TapiSysprep.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\KN\AppData\Local\Microsoft\Windows\3563\TapiSysprep.exe (Trojan.Cridex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\KN\AppData\Roaming\data.dat (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 31.07.2012 15:22:02 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KN\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,87 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 83,29% Memory free 15,73 Gb Paging File | 14,60 Gb Available in Paging File | 92,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,16 Gb Total Space | 271,11 Gb Free Space | 60,63% Space Free | Partition Type: NTFS Computer Name: KN-PC | User Name: KN | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\KN\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation) SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (LPDSVC) -- C:\Windows\SysNative\lpdsvc.dll (Microsoft Corporation) SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation) SRV:64bit: - (WMSVC) -- C:\Windows\SysNative\inetsrv\WMSvc.exe (Microsoft Corporation) SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (mbbdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ssceserd) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation) DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (sscebus) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation) DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron ) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH) DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (mbbdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-639283781-297727533-2448378451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-639283781-297727533-2448378451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-639283781-297727533-2448378451-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-639283781-297727533-2448378451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-639283781-297727533-2448378451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..network.proxy.http: "95.215.48.135" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\KN\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 11:22:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.09 22:30:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 11:22:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.09 22:30:17 | 000,000,000 | ---D | M] [2011.04.23 23:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KN\AppData\Roaming\mozilla\Extensions [2011.07.11 17:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KN\AppData\Roaming\mozilla\Firefox\Profiles\.BackupManager\extensions [2012.07.28 11:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KN\AppData\Roaming\mozilla\Firefox\Profiles\sk6hdbjp.default\extensions [2011.07.03 20:13:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KN\AppData\Roaming\mozilla\Firefox\Profiles\sk6hdbjp.default\extensions\.BackupManager [2012.07.21 14:25:10 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\KN\AppData\Roaming\mozilla\Firefox\Profiles\sk6hdbjp.default\extensions\battlefieldheroespatcher@ea.com [2012.02.27 22:44:22 | 000,000,000 | ---D | M] (CCTV player plugin for Firefox) -- C:\Users\KN\AppData\Roaming\mozilla\Firefox\Profiles\sk6hdbjp.default\extensions\cctvplayer-plugin@www.cctv.com [2012.05.18 15:53:04 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\KN\AppData\Roaming\mozilla\Firefox\Profiles\sk6hdbjp.default\extensions\ich@maltegoetz.de [2012.01.12 16:36:08 | 000,002,440 | ---- | M] () -- C:\Users\KN\AppData\Roaming\Mozilla\Firefox\Profiles\sk6hdbjp.default\searchplugins\wikiquote-de.xml [2012.04.15 17:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.28 11:46:03 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\KN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SK6HDBJP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.18 11:22:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.05 17:21:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.15 17:00:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.15 17:00:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.15 17:00:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.15 17:00:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.15 17:00:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.15 17:00:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-639283781-297727533-2448378451-1001..\Run: [AVMUSBFernanschluss] C:\Users\KN\AppData\Local\Apps\2.0\VQLGZ4EB.7E0\CJ7OPR0T.DHZ\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-639283781-297727533-2448378451-1001..\Run: [Facebook Update] C:\Users\KN\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-639283781-297727533-2448378451-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-639283781-297727533-2448378451-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A7A778B-1016-456C-906E-F2B46984F5B3}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{05f76e34-d30b-11e1-beb0-1c7508401e74}\Shell - "" = AutoRun O33 - MountPoints2\{05f76e34-d30b-11e1-beb0-1c7508401e74}\Shell\AutoRun\command - "" = D:\RunGame.exe O33 - MountPoints2\{2e05cd02-593b-11e1-9bc2-1c7508401e74}\Shell - "" = AutoRun O33 - MountPoints2\{2e05cd02-593b-11e1-9bc2-1c7508401e74}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{9c2a0ba2-c3ef-11e0-bd79-18f46abb66ac}\Shell - "" = AutoRun O33 - MountPoints2\{9c2a0ba2-c3ef-11e0-bd79-18f46abb66ac}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9c2a0bb1-c3ef-11e0-bd79-18f46abb66ac}\Shell - "" = AutoRun O33 - MountPoints2\{9c2a0bb1-c3ef-11e0-bd79-18f46abb66ac}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{bcb1ded1-3393-11e1-ab3e-1c7508401e74}\Shell - "" = AutoRun O33 - MountPoints2\{bcb1ded1-3393-11e1-ab3e-1c7508401e74}\Shell\AutoRun\command - "" = D:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{bcb1dee5-3393-11e1-ab3e-1c7508401e74}\Shell - "" = AutoRun O33 - MountPoints2\{bcb1dee5-3393-11e1-ab3e-1c7508401e74}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.31 13:10:39 | 000,000,000 | ---D | C] -- C:\Users\KN\AppData\Roaming\Malwarebytes [2012.07.31 13:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.31 13:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.31 13:10:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.31 13:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.31 12:55:21 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\KN\Desktop\OTL.exe [2012.07.31 12:55:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\KN\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.31 10:40:56 | 000,000,000 | ---D | C] -- C:\Users\KN\AppData\Roaming\hellomoto [2012.07.21 16:22:10 | 000,000,000 | ---D | C] -- C:\Users\KN\AppData\Local\fontconfig [2012.07.21 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\KN\AppData\Local\gegl-0.2 [2012.07.21 16:22:09 | 000,000,000 | ---D | C] -- C:\Users\KN\.gimp-2.8 [2012.07.21 16:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.07.21 14:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2012.07.11 13:32:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 13:32:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 13:32:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 13:32:19 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.11 13:32:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.11 13:32:07 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 13:32:06 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.09 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\KN\AppData\Local\Facebook [2012.07.09 22:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.09 22:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.31 13:27:57 | 014,340,226 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.31 13:27:57 | 004,850,536 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.31 13:27:57 | 004,565,414 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.31 13:27:57 | 004,108,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.31 13:27:57 | 000,006,634 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.31 13:23:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.31 13:23:17 | 2039,566,335 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 12:49:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\KN\Desktop\OTL.exe [2012.07.31 12:47:16 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\KN\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.31 12:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 12:45:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.31 12:39:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.31 11:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.31 10:54:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.30 22:18:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-639283781-297727533-2448378451-1001UA.job [2012.07.30 01:18:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-639283781-297727533-2448378451-1001Core.job [2012.07.27 01:02:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.27 01:02:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.22 19:19:30 | 000,001,449 | ---- | M] () -- C:\Users\KN\AppData\Local\recently-used.xbel [2012.07.11 23:08:15 | 000,642,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.22 19:19:30 | 000,001,449 | ---- | C] () -- C:\Users\KN\AppData\Local\recently-used.xbel [2012.07.21 16:19:50 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.07.09 22:08:18 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-639283781-297727533-2448378451-1001UA.job [2012.07.09 22:08:18 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-639283781-297727533-2448378451-1001Core.job [2012.02.07 22:23:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.07 22:23:22 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.17 17:12:43 | 000,007,605 | ---- | C] () -- C:\Users\KN\AppData\Local\Resmon.ResmonCfg [2011.11.19 13:34:05 | 000,001,068 | ---- | C] () -- C:\Windows\lightworks.ini [2011.06.22 23:27:23 | 000,017,408 | ---- | C] () -- C:\Users\KN\AppData\Local\WebpageIcons.db [2011.04.24 02:01:26 | 000,007,168 | ---- | C] () -- C:\Users\KN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 17:45:29 | 001,808,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.14 19:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll [2011.02.25 17:11:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 17:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.04 17:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.04 17:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.04 17:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.12.07 11:03:41 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.12.07 11:03:41 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.12.07 11:03:41 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2010.12.07 11:03:41 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2010.12.07 10:54:55 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.11.09 06:01:10 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.09.13 11:22:18 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.09.13 10:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.02.17 10:01:01 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ALDITALKVerbindungsassistent [2011.06.08 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org [2011.09.06 16:09:39 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Samsung [2011.08.22 08:03:03 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Ubisoft [2011.09.22 18:28:07 | 000,000,000 | -H-D | M] -- C:\Users\KN\AppData\Roaming\.BackupManager [2012.04.26 16:08:43 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\ALDITALKVerbindungsassistent [2012.04.06 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\BitTorrent [2011.12.17 17:08:06 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\bizarre creations [2011.11.10 22:12:26 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\DAEMON Tools Lite [2011.11.29 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Diercke Globus Online [2011.09.22 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\DVDVideoSoft [2011.07.03 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.25 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\FOG Downloader [2011.07.03 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\FRITZ! [2011.07.03 20:11:24 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\GetRightToGo [2012.07.01 00:05:25 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\gtk-2.0 [2012.07.31 10:41:07 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\hellomoto [2011.11.04 21:19:15 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\ICQ [2011.09.22 18:23:34 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Jens Lorek [2011.07.03 20:11:54 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Leadertech [2011.07.03 20:11:54 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\LibreOffice [2011.07.03 20:12:00 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\LucasArts [2011.12.11 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\MAGIX [2011.07.03 20:13:07 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Need for Speed World [2011.07.03 20:13:07 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Notebook Hardware Control [2011.07.03 20:13:07 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\OpenOffice.org [2011.09.22 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\PlayFirst [2011.07.03 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\PowerCinema [2012.02.07 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\PunkBuster [2011.07.03 20:13:15 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Samsung [2012.03.30 16:32:26 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\SoftDMA [2012.04.06 19:35:40 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Synthesia [2012.05.20 15:01:48 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Temp [2011.09.27 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Thunderbird [2011.07.03 20:13:44 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\TP [2011.12.17 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\Ubisoft [2012.01.24 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\www.rene-zeidler.de [2011.07.03 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\KN\AppData\Roaming\XMedia Recode [2012.07.30 01:18:00 | 000,001,104 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-639283781-297727533-2448378451-1001Core.job [2012.07.30 22:18:00 | 000,001,126 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-639283781-297727533-2448378451-1001UA.job [2012.06.13 22:34:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.07.2012 15:22:02 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,87 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 83,29% Memory free
15,73 Gb Paging File | 14,60 Gb Available in Paging File | 92,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,16 Gb Total Space | 271,11 Gb Free Space | 60,63% Space Free | Partition Type: NTFS
Computer Name: KN-PC | User Name: KN | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-639283781-297727533-2448378451-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B2FC2-B3FD-48E1-AF78-CA7045558D43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{13DEDCA1-B9F9-4FDA-83C5-F15E66513DE7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{18A7D534-788D-4082-BADE-2A2BD288077A}" = rport=445 | protocol=6 | dir=out | app=system |
"{1CB2BB19-2FE5-4CF4-BE33-7B7021F80230}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{21FB6DF1-65DF-462F-92E9-30A697749D8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{23F9D8E7-0D2F-4111-9E4A-972C3F539F86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2DB00F76-6E09-47B7-B703-F332A616531F}" = lport=139 | protocol=6 | dir=in | app=system |
"{2E77CBA9-6387-4288-AAF2-5CD29BB5E504}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3868582B-83D2-4268-B150-2CACE81DB64C}" = rport=138 | protocol=17 | dir=out | app=system |
"{448DD240-4EDD-436E-8913-64F02E48C4C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{472C9A69-2F82-46B1-8C6B-139C2277A0C6}" = lport=50046 | protocol=6 | dir=in | name=akamai netsession interface |
"{47C84021-6DC8-481C-9B60-072DD6D05855}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4D545ACA-42DC-41F3-812C-D308F798A625}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D0C9850-AE83-461F-87FD-B00F50D76463}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DF7708B-F0BB-46EF-B11D-9BAD1A77241E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{60724D0F-EDFB-4D75-877D-AE26B3EFB0CA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6ACC1F77-5156-45A7-BA61-090334FC62A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6B3D1691-BFBC-4FEA-82CA-867A4C548E34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C6D1A05-36D7-4930-8D87-D59E0374E8EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D5BC895-6415-464A-93CE-B705094874AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{8140EF44-F593-42E7-91FA-A69BFD03B0BC}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C62F631-0893-4876-888E-C61502DA0CC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FDC5DB5-F6D2-4904-82E4-166C58725C42}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{985BB9D5-42D1-448E-BB48-5D79F08736D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A413E8E-71B8-4D50-9AB2-4C40DA98AB5E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9CFE2FFB-74F6-470C-B7C3-97FC36552D4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D866AB0-2069-4E9E-A4D9-1BF029249FDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B9B6BEF8-70AB-4F9B-B961-12BBA5C4B438}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD70A800-BE8E-4933-BDC2-18468E6E9525}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD5994FA-3CDC-4435-BDE1-C2BC511C1258}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D546AE9A-FD27-479B-A01B-32BFC465C9F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC7D1973-D087-4931-A54E-4EB62115B3E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DECA15E9-9C01-4A6C-89FB-296548EC73FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EEC9FC37-B66A-4664-8B68-4EE520D5014F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F4B45116-16B4-43F1-AA96-7A47D9EBBC8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF9FF03D-C758-472F-82C8-129694786B39}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038D33C8-21B1-47AA-BD8C-A6AE965B509A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0562A29C-BE50-4B59-A83B-69FAA263FF11}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{05FCEFC7-C56C-4B2C-9400-212E29649AFA}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{091B5599-484B-4AEC-A519-94838DDA6247}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{0B2D93DE-1F88-4557-8408-33A63097B56A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0FAE704E-3745-4827-965A-96BABB63E52D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{10292E93-ADEE-4809-934D-F2C27D3776D9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{145E75B7-43AF-479A-B38E-3F483AD4415D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{14EE9068-8BC8-43CE-8949-EB65CA9594C4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{1513E0C8-4FE0-4329-84EB-4B2EF3CB9E9A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{167D008B-B2FB-47CD-82DD-6F11EA621049}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{1A695039-F0B3-4B12-9F41-3FEA7EA1352A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{1C58F371-7E93-44FB-A97F-ED43DDF16BF9}" = protocol=6 | dir=in | app=c:\users\kn\appdata\local\apps\2.0\vqlgz4eb.7e0\cj7opr0t.dhz\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{1FFEEC1C-C16C-4908-9C6C-033D7CB914F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{24C954E4-20A2-41F6-9F17-07644386DAD4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{2B461047-FA16-47E3-9716-14B2799500B4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{31714BBA-3461-4AC7-85C1-CB1E76F7327C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{32BD238F-F75B-4A0B-8FE4-6A5B8F5573D8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{32EE4853-76E8-4ECD-9DB9-0DBF14590C02}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{399FD240-82CA-45A5-B763-1EB9717CC581}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3B1C4853-8F12-4C94-B696-59CF3F34080E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3D85F069-917C-4FDF-9AEB-28A94C11ABB3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{3F336436-2B93-4977-9CF9-B404A4CCE663}" = protocol=17 | dir=in | app=c:\users\kn\appdata\local\apps\2.0\vqlgz4eb.7e0\cj7opr0t.dhz\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{45F64C9E-A3DC-491F-AE23-0C18876F10FA}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{49650840-D096-43A4-A2A3-C1715F1CC22B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{4BA570C1-E151-41A1-B5BA-CC562E69CE05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DB8060F-CF65-4F6A-B910-C19EEED61BC5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{525C611D-620D-4759-A365-70DA350B04D0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5749ABDD-9DF3-4D69-9164-C9A7EE1A8BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{58FAE3AC-2EBE-4452-AE58-D7E199812467}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{5BA6B334-23ED-4CB6-9A5F-B00C4229D095}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5D936683-73A2-43C4-915D-7ABB2E751B76}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe |
"{616DB952-1147-4A30-900C-FD233728FE92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66564DC4-25D0-4B33-BD9A-D893B9DF8DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{68FF605E-9ADB-4953-A940-97F74068D388}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6B6A3B1A-5C9F-44BD-BC64-A650814E1FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{6C51ECFC-AA1B-40AA-8DB4-19F4327B15B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{73C22056-1A8A-4E3C-BEF0-3ADBD974E487}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{7861CF26-B0BD-43A0-8BEE-A1F058B3E601}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79B9E8B2-1FD0-415F-83F2-27DA4126B736}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7ACE3C2F-9745-4694-900B-1F89354ED43D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{7EF6A89A-4FFB-43B1-AA39-223894B27973}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{7FC05C41-6846-40AD-9885-97BC5B6607A8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7FD9B103-8F4B-47C9-96AE-F7BD9201F1C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8041A2D5-303D-4D75-ACAC-8D6771CC5EA3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{867131D2-34F8-40F0-A91E-5BBB420C7069}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{9203197A-B539-4B23-A07D-567C710552CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{93C19735-C4DA-4F82-AE66-370A41487B49}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{94A67968-82B8-4E69-A5BA-23B2E22F3306}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9AE57523-3E02-4961-9A03-927A9E94BF3D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{9CCCAAB1-12CD-403F-9BFE-7851CE69BB30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CF1972B-B68F-4031-9CC5-285DB9776EF8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{A1F5352B-7399-47A8-A229-DB969CB0C601}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{A4248DDD-75EB-4B52-96D2-001CED12D0CC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A54E7914-B797-4EC3-A4AF-2D3A7BDBD5F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A92AB5C8-7534-450C-8E46-3DE30A1B2548}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{A9C0E133-EC47-4DBD-B076-BDC651D30E7B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AA5D07AA-EEA8-4AD8-87EA-B88897C91EE0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{AC726233-6F34-457C-BF23-4C67AC8D89EF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B1BBFB51-A047-4F4A-884D-CA884FCC796A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{B3F857A6-25E5-4B7D-A41F-239088CFFCE3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{B49781BF-283E-4D4A-97BA-0B66E802C92C}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B68073EE-E95B-4D60-8CFE-B215E0AF88BA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{B8AFB92C-7BC9-424A-BCF5-D33759906B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\giraffic.exe |
"{BC840960-97AA-40B1-8938-11CC2A59C864}" = dir=in | app=c:\users\kn\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BE1FC240-B92D-4A15-8EA6-CE7B0F1002B1}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{C1C29E35-289F-497D-AA1A-6D67A0EE3E33}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C27F3354-D8E1-4985-BDD9-9B5C2138887F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{C526F8B6-F9F5-4367-A7D3-E5BE9DE65B6D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C5C5FA5B-F9CB-408E-A4D8-5050EC31DDDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C618C39D-0929-49D2-89F7-72584F7E1843}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{C94ECFFA-1C87-4606-9E03-A92D2CFB1F33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C969FE40-37EC-41C2-B291-1308A6F48657}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C99E0391-FF78-47C3-B70C-37AE3F6A7A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CA137178-180D-4BBD-AF8B-159F6F29050E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CCD27338-D56D-4EB2-B749-115517684857}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{CFE4874F-CF41-4793-917C-F22FD8F1D759}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{D3E66DC1-35F4-4173-8E9A-E11DFC1EEC07}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D407B4EA-3F10-4D7E-AA8E-B17BEEC7CA83}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{D600F34B-8CAB-41F8-B977-B7FD2D83C572}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{DA0A0002-E9F9-42D3-BE65-2E286FE5B971}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{DA0DF836-E89A-4986-BC95-1D9E7093B34C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DDD692D0-D4F2-4FE7-8E36-00FB1EF04EDC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DFAF36DC-6525-49FF-81FF-5717B91E8520}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{E058B69E-D43B-4B21-8E80-075A656B18DB}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E27325DC-1F2E-4060-9197-71C3669253C5}" = protocol=6 | dir=in | app=c:\users\kn\appdata\local\apps\2.0\vqlgz4eb.7e0\cj7opr0t.dhz\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E3038A64-9F93-429F-8291-91F45A4BCAC7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{E31ED96A-C72E-47C7-9796-C09A24746490}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E58CECE6-BDAC-4BCA-A186-6B63C201DFD2}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E735C8FE-A854-4620-B124-82A3A89378A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC315B41-2808-414F-B99D-A84E395E65F9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EDCE1765-2162-4D8A-80D2-3AF1F2ABA99E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{F098B347-D2AA-400A-8D0B-6F52E8EDA14C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{F0E14BED-A40B-4236-A289-F8E48E4E8644}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F7142736-DF9C-485F-8F52-7FAD32792037}" = protocol=17 | dir=in | app=c:\users\kn\appdata\local\apps\2.0\vqlgz4eb.7e0\cj7opr0t.dhz\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{045556DA-5BE9-49F3-9097-78B2D606D158}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"TCP Query User{0ABFC102-3B4A-4F0E-87AA-082F23E4AC3E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{10D4944D-ADEE-4B00-9B01-D62D94EC1F9C}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{292E9AE8-BCF2-48F9-BF37-E56772A70D7A}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"TCP Query User{3BD871CD-0A92-4512-B6D7-16C8DEA0B43E}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"TCP Query User{4E733C37-DB66-4DB4-9872-4160E4C6A53B}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{509C755B-023E-4AA2-9B5D-926E26AA7F4A}C:\users\kn\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\kn\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe |
"TCP Query User{554C45A0-3AC5-4D71-AC16-4F34A887C789}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"TCP Query User{5992B5C9-2AFB-4CB0-BDF6-2355425BB44B}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"TCP Query User{5C3004ED-C17D-4045-B6D8-A0D0A4241ABA}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{6427DACC-F974-4245-AF38-3A7AAACB5B0D}C:\users\kn\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kn\appdata\local\akamai\netsession_win.exe |
"TCP Query User{674EB11D-5B93-4DC1-BC32-F46752EB00DB}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{7108C7C2-01CD-44F9-8FD7-6ABC89635C6A}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{7521221E-2F1A-448E-B92C-4128C41FD91F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{7678F4F2-21DC-45C6-9F7F-055893A6C0E1}C:\program files (x86)\activision\blur(tm)\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe |
"TCP Query User{8C474C2E-8797-4E09-AAE4-6E592674904D}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{ABA04BE3-B0E8-4AE0-BF85-90324DBD5E11}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"TCP Query User{AF6767C0-06D2-41DB-83DF-EB354FF9D20B}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"TCP Query User{B46590EA-C14E-4890-9176-39405AABE3B4}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe |
"TCP Query User{D89BC17C-7D0D-4922-AD1B-94DC2F52CA13}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe |
"TCP Query User{D999FFB1-ED04-46B7-BD19-8377BB3E25A0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{E8DA98EF-8D6C-48A8-B9A5-CA9E7803E79A}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"TCP Query User{EA0EA929-E7FC-4A12-ACFF-53C7B8D7156F}C:\program files (x86)\black_box\assassin's creed 2\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\assassin's creed 2\assassinscreediigame.exe |
"TCP Query User{EAC7BC76-4781-4241-B8D8-0629FEB7C96C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{EB50BC67-18D7-436B-8B5B-61B014BF9B2A}C:\users\kn\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kn\appdata\local\akamai\netsession_win.exe |
"UDP Query User{007197C3-3D67-428B-AC0C-C5306FDDDE15}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{0A8CF8FD-1ADC-414F-BD58-C3D975A67772}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"UDP Query User{15A67176-527B-4CF4-8123-93E1457E4B7E}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"UDP Query User{16A030E4-86ED-4F90-9ABA-128A81C05A29}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"UDP Query User{1C31DFC1-94F1-47D2-9EEF-721AACDE3912}C:\users\kn\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\kn\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe |
"UDP Query User{1D98411F-2A50-4568-9F64-7F41CF46615E}C:\program files (x86)\activision\blur(tm)\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur(tm)\blur.exe |
"UDP Query User{217B0414-6129-4772-B66B-4A43D4EF11E6}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{299E2A66-8DEC-484B-A5BC-95F6672B4A62}C:\program files (x86)\black_box\assassin's creed 2\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\assassin's creed 2\assassinscreediigame.exe |
"UDP Query User{5954EC65-6CE4-4AB3-95FB-CE075CC470E8}C:\users\kn\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kn\appdata\local\akamai\netsession_win.exe |
"UDP Query User{65F73469-50EC-4AE4-9345-4C3F96A13C0B}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"UDP Query User{6A831AC8-8323-4698-B85B-61987068B4D6}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{740CBCCA-6041-40AA-BBFB-C8B5EB347BE7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{754FCFE7-320E-4B34-9BCE-E8172A991486}C:\users\kn\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kn\appdata\local\akamai\netsession_win.exe |
"UDP Query User{75A13716-EE08-48CD-8A59-CC5229D3A12C}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{812933CC-961D-4C58-929A-6A2819AB6501}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B0D97595-00D0-47EF-870E-8890D80651B1}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{B2DA9053-4C7E-4EE7-9B83-E692AEB7203C}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{B32921FE-FBFA-4083-A28A-18C58633AFA8}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe |
"UDP Query User{C01D3AA5-246C-4DA3-91FC-CCFE4C7372F0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{C928CC6F-1CF4-44FA-8264-DFC73E3961D9}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe |
"UDP Query User{CA3AA2D6-F95B-47F3-B022-E1E068720B4D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E80296B9-B4DE-4046-A854-48CA6DCEFE37}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{E8CAD402-52A2-4483-8CC8-2B2D88ECD570}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{FA69FC8F-24AE-4CB9-A3D9-BCA266195857}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"UDP Query User{FF8659D8-F755-4F32-83F9-0F7AAF0143F6}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10647DB1-F3AE-3440-5BDA-06EFE4A44108}" = ATI Catalyst Install Manager
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{BC28E83D-3052-1A97-B625-6D0FF0B40CE2}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"GIMP-2_is1" = GIMP 2.8.0
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{032412BA-DE82-47C2-B414-A1C96822189B}" = Acer Arcade Instant On
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{072D6DB8-7D15-E1F8-0F53-1EE2DDA95DA6}" = Assassin's Creed
"{0802B79F-257C-4F91-9A1E-7A94588C636A}" = Adobe Flash Builder 4.6
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E0A78EF-F492-45F9-4855-5309758CF2EA}" = CCC Help Thai
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C1E0945-99D3-963D-BBBA-23D9F0857A46}" = CCC Help Norwegian
"{1F1B14EC-B2C6-4BB7-227B-820392171079}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26B4BA03-EF4A-8E18-7EF5-9A68E6D95AF7}" = Catalyst Control Center Graphics Previews Vista
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{27D73229-BBB9-BCB6-1CA5-73A54DB15EDC}" = CCC Help Russian
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BE0D6E7-C8FE-95BC-FCF3-4C6CB6220AD3}" = Catalyst Control Center InstallProxy
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{302C20CE-FED3-ECF7-C723-C8EA4B90017A}" = CCC Help Hungarian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E00FF47-16D3-6364-F2A3-8143FEAE5228}" = CCC Help Finnish
"{3FC3A95C-37D8-C194-46F5-FAE5176B0CA1}" = CCC Help Portuguese
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44CBE3ED-EEC2-C060-C967-D6213D123678}" = CCC Help Japanese
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{50664AE0-2AEB-1677-E163-07C61AC88FFB}" = CCC Help Czech
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A333861-BA82-C7A5-1457-E634FDF1BA74}" = CCC Help Danish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78C93293-4164-8659-C34B-FEDA4066C300}" = CCC Help Turkish
"{7C64C223-182D-ED62-6A63-3F117EC357B5}" = CCC Help Dutch
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{816BAAEA-9FC8-2905-90A6-F1CEDBF77B9B}" = CCC Help Greek
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88A17EF9-F0B3-B83E-0A5A-3D9A0A7B1E45}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = PowerDVD
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91793303-D169-CF1B-6373-848FE660BC8A}" = CCC Help Swedish
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8C90283-AF97-2AD8-7DE1-5296254468F4}" = PX Profile Update
"{BC55928A-052C-71CA-9531-714CD2315006}" = CCC Help English
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D94A618C-0FC5-83C7-14C1-4B1FB5524F27}" = Catalyst Control Center Localization All
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2496226-362E-EB76-5A7A-87F4B4A03930}" = CCC Help Chinese Traditional
"{E64058F7-B3FF-023B-B383-CFEABDCE86DC}" = CCC Help French
"{E85DDE64-B7D9-14D6-7420-28992B9C440D}" = CCC Help German
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16769E9-7F7A-82E7-89D6-A57F3D396460}" = CCC Help Chinese Standard
"{FD0EF866-AC56-CD7E-D4E5-7FC5FC4C6BE9}" = CCC Help Spanish
"{FF36FF27-5C09-4FEE-2D0C-FE63BD3148D7}" = CCC Help Korean
"{FF54CA15-17CE-3F01-EB41-6D335B1DC97B}" = CCC Help Polish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}" = CyberLink PowerDVD 10
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PunkBusterSvc" = PunkBuster Services
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 400" = Portal
"Synthesia" = Synthesia (remove only)
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.3.1.3
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-639283781-297727533-2448378451-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"GeoGebra" = GeoGebra
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2011 12:13:29 | Computer Name = KN-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 12.12.2011 14:14:11 | Computer Name = KN-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.12.2011 14:14:11 | Computer Name = KN-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.12.2011 16:46:06 | Computer Name = KN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acer Crystal Eye webcam.EXE, Version:
5.2.5.3, Zeitstempel: 0x4a1cab4c Name des fehlerhaften Moduls: mvcVfwMJPeg.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4bbfdc8a Ausnahmecode: 0xc0000005 Fehleroffset:
0x4e8e3970 ID des fehlerhaften Prozesses: 0xaa0 Startzeit der fehlerhaften Anwendung:
0x01ccb90f0459e6ca Pfad der fehlerhaften Anwendung: C:\Windows\Acer Crystal Eye
webcam.EXE Pfad des fehlerhaften Moduls: mvcVfwMJPeg.dll Berichtskennung: 4f9e7897-2502-11e1-adef-1c7508401e74
Error - 12.12.2011 16:46:13 | Computer Name = KN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acer Crystal Eye webcam.EXE, Version:
5.2.5.3, Zeitstempel: 0x4a1cab4c Name des fehlerhaften Moduls: BtMmHook.dll, Version:
6.3.0.6000, Zeitstempel: 0x4c24c680 Ausnahmecode: 0x40000015 Fehleroffset: 0x00011958
ID
des fehlerhaften Prozesses: 0x2170 Startzeit der fehlerhaften Anwendung: 0x01ccb90f13a9587d
Pfad
der fehlerhaften Anwendung: C:\Windows\Acer Crystal Eye webcam.EXE Pfad des fehlerhaften
Moduls: C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll Berichtskennung:
53927de9-2502-11e1-adef-1c7508401e74
Error - 12.12.2011 16:46:21 | Computer Name = KN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acer Crystal Eye webcam.EXE, Version:
5.2.5.3, Zeitstempel: 0x4a1cab4c Name des fehlerhaften Moduls: BtMmHook.dll, Version:
6.3.0.6000, Zeitstempel: 0x4c24c680 Ausnahmecode: 0x40000015 Fehleroffset: 0x00011958
ID
des fehlerhaften Prozesses: 0x22d8 Startzeit der fehlerhaften Anwendung: 0x01ccb90f1736d24f
Pfad
der fehlerhaften Anwendung: C:\Windows\Acer Crystal Eye webcam.EXE Pfad des fehlerhaften
Moduls: C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll Berichtskennung:
58be1d6a-2502-11e1-adef-1c7508401e74
Error - 12.12.2011 16:48:31 | Computer Name = KN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acer Crystal Eye webcam.EXE, Version:
5.2.5.3, Zeitstempel: 0x4a1cab4c Name des fehlerhaften Moduls: BtMmHook.dll, Version:
6.3.0.6000, Zeitstempel: 0x4c24c680 Ausnahmecode: 0x40000015 Fehleroffset: 0x00011958
ID
des fehlerhaften Prozesses: 0x208c Startzeit der fehlerhaften Anwendung: 0x01ccb90f663ed81d
Pfad
der fehlerhaften Anwendung: C:\Windows\Acer Crystal Eye webcam.EXE Pfad des fehlerhaften
Moduls: C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll Berichtskennung:
a5ffdb82-2502-11e1-adef-1c7508401e74
Error - 12.12.2011 16:57:04 | Computer Name = KN-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 12.12.2011 16:57:04 | Computer Name = KN-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 12.12.2011 16:57:04 | Computer Name = KN-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ System Events ]
Error - 31.07.2012 09:20:41 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:21:35 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:21:35 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:21:35 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:22:47 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:22:47 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:22:47 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:23:35 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:23:35 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 31.07.2012 09:23:35 | Computer Name = KN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Ich hoffe, ihr könnt mir helfen  LG, Frolfe |
| Themen zu "Der Computer ist für die Verletzung der Gesetze der [BRD] wurde blockiert" |
| akamai, audacity, autorun, avira, bho, black, blockiert, computer, der computer ist für die verletzung, error, explorer, fehler, firefox, flash player, format, google earth, home, install.exe, limited.com/facebook, locker, logfile, mywinlocker, plug-in, pmmupdate.exe, port, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, symantec, trojan.cridex, trojaner, udp, verletzung der gesetze der bundesrepublik deutschland wurde blockiert |
!["Der Computer ist für die Verletzung der Gesetze der [BRD] wurde blockiert"](iconimages/log-analyse-auswertung/computer-verletzung-gesetze-brd-wurde-blockiert_ltr.gif)
Baum-Darstellung