Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.09.2012, 12:52   #1
anexity
 
Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen - Ausrufezeichen

Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen



Hallo,

ich fürchte mich hat es nun auch erwischt. Heute morgen beim hochfahren kam ein weißes Fenster, welches nur den Text "Das Programm kann die Webseite nicht anzeigen" enthielt, ansonsten konnte nichts gemacht werden (kein Taskmanager, etc.).

Hab mich nun hier an die Anleitungen gehalten, Malwarebytes im abgesicherten Modus heruntergeladen, aktualisiert, gescannt und die gefundenen infizierten Objekte entfernt (Logfile im Anhang).
Anschließend konnte ich wieder normal booten, habe "defogger" heruntergeladen und ausgeführt, wobei keine Fehlermeldung ausgegeben wurde.
Dann habe ich OTL mittels Quick Scan laufen lassen und die beiden Logfiles gespeichert. Hier sind die beiden Logfiles:

OTL.txt Logile:
Code:
ATTFilter
OTL logfile created on: 08.09.2012 12:47:08 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\anexity\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS
Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.09 07:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2007.05.15 18:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2007.03.21 18:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe
PRC - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.24 00:09:23 | 000,115,137 | ---- | M] () -- C:\Users\anexity\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MOD - [2012.03.09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.16 04:09:42 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll
MOD - [2011.01.16 04:08:27 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
MOD - [2011.01.16 04:08:22 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2011.01.16 04:01:31 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
MOD - [2011.01.16 04:01:19 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2011.01.16 04:01:17 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
MOD - [2011.01.16 04:01:12 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2011.01.16 04:01:10 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2011.01.16 04:01:09 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2011.01.16 04:01:09 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
MOD - [2011.01.16 04:01:08 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
MOD - [2011.01.16 04:01:06 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2011.01.16 04:01:01 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2010.12.29 20:52:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
MOD - [2010.12.29 20:51:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
MOD - [2010.12.29 18:22:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
MOD - [2010.12.29 18:22:40 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
MOD - [2010.12.29 18:22:28 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
MOD - [2010.12.29 18:22:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
MOD - [2010.12.29 18:21:53 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010.12.29 18:21:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll
MOD - [2010.12.29 18:21:36 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ace3bede2f516f9e5bca620ad86cc063\System.Web.ni.dll
MOD - [2010.12.29 18:21:30 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010.12.29 18:21:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010.12.29 18:21:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010.12.29 18:21:19 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010.12.29 18:21:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2009.06.10 15:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.06.10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 15:14:06 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.06.08 11:37:32 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe
MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.08 00:38:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.08 03:53:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.29 18:27:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2007.11.07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - [2012.07.30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.03.09 05:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.02.23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.10.27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.10.27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.10.27 03:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.10.27 03:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.10.27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.04.04 17:59:58 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.01.13 03:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.12.29 19:00:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.06.22 03:11:00 | 000,493,312 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.04.14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.01.14 13:14:10 | 000,126,808 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2008.11.14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.05.15 06:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007.05.15 06:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tele2.at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 20 F7 77 24 09 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{15440812-8B32-4000-92FE-30CAF1BF1CD1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYAT&apn_uid=0630ea91-7e2a-4590-8f8e-b93526cca3ff&apn_sauid=20F02CA2-27AD-41CE-8746-571478301669
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={6086651F-1BD8-410E-8DB0-C29AFF5FEC7C}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: F:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: F:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\anexity\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: F:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.01.12 16:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 02:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 02:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 00:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 00:38:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.13 14:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.04 15:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M]
 
[2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions
[2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.15 17:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions
[2011.03.28 05:04:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 20:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions
[2010.12.29 18:47:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.12.29 18:47:52 | 000,000,000 | ---D | M] (ProxySel) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{71e95839-6f7e-470d-be54-77012fec6345}
[2010.12.29 18:47:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 15:31:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Text2Link) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}
[2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2012.04.03 21:05:47 | 000,140,964 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\firegestures@xuldev.org.xpi
[2011.04.11 00:55:48 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\personas@christopher.beard.xpi
[2011.07.20 10:06:36 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.08.23 20:54:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.20 21:26:09 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.03.29 07:39:18 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.09.08 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.08 00:38:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 00:38:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.02 22:41:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 01:33:19 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.29 08:01:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.02 22:41:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 22:41:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 22:41:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 22:41:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.08 03:57:03 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tvjbmonitor] F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe ()
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\anexity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\anexity\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D3ADCF-862F-4DD8-910D-ADA9BB079B28}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE02C78C-AF36-4160-97A0-A26961071C58}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF83BD1D-5431-4AD9-9409-64CF13054C45}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.01.12 17:44:50 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2004.01.12 17:44:48 | 000,233,472 | R--- | M] ()
O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell - "" = AutoRun
O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.08 12:46:31 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe
[2012.09.08 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\anexity\AppData\Roaming\Malwarebytes
[2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.08 12:33:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.08 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.08 12:33:06 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.08 12:27:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe
[2012.09.08 12:26:19 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe
[2012.09.08 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.29 15:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe
[2012.09.08 12:45:41 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.08 12:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 12:45:34 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 12:44:47 | 000,000,168 | ---- | M] () -- C:\Users\anexity\defogger_reenable
[2012.09.08 12:44:17 | 000,050,477 | ---- | M] () -- C:\Users\anexity\Desktop\Defogger.exe
[2012.09.08 12:33:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.08 12:33:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.08 12:32:07 | 000,000,512 | ---- | M] () -- C:\Users\anexity\Desktop\MBR.dat
[2012.09.08 12:27:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe
[2012.09.08 12:27:00 | 000,708,738 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.08 12:27:00 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.08 12:27:00 | 000,153,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.08 12:27:00 | 000,123,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.08 12:26:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe
[2012.09.08 12:21:42 | 000,001,990 | ---- | M] () -- C:\Users\anexity\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.09.08 12:14:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.08 01:47:13 | 000,074,127 | ---- | M] () -- C:\ProgramData\pkcxieoxsdkckqb
[2012.08.29 15:57:49 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.08.20 17:06:05 | 000,001,048 | ---- | M] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk
[2012.08.19 13:52:06 | 000,107,363 | ---- | M] () -- C:\Users\anexity\Desktop\AL_script_update.exe
[2012.08.19 12:44:30 | 000,835,023 | ---- | M] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe
[2012.08.19 12:43:43 | 012,670,411 | ---- | M] () -- C:\Users\anexity\Desktop\X2Update14DE.exe
[2012.08.19 12:27:21 | 000,508,780 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg
[2012.08.19 12:27:10 | 000,328,056 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg
[2012.08.18 18:46:34 | 000,127,122 | ---- | M] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json
[2012.08.14 19:11:04 | 000,555,343 | ---- | M] () -- C:\Users\anexity\Desktop\vinocard.jpg
[2012.08.10 01:28:12 | 000,500,649 | ---- | M] () -- C:\Users\anexity\Desktop\1344549037219.jpg
 
========== Files Created - No Company Name ==========
 
[2012.09.08 12:44:34 | 000,000,168 | ---- | C] () -- C:\Users\anexity\defogger_reenable
[2012.09.08 12:44:17 | 000,050,477 | ---- | C] () -- C:\Users\anexity\Desktop\Defogger.exe
[2012.09.08 12:33:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.08 12:32:07 | 000,000,512 | ---- | C] () -- C:\Users\anexity\Desktop\MBR.dat
[2012.09.08 01:42:29 | 000,074,127 | ---- | C] () -- C:\ProgramData\pkcxieoxsdkckqb
[2012.08.29 15:57:24 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.08.20 17:06:06 | 000,001,048 | ---- | C] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk
[2012.08.19 13:52:05 | 000,107,363 | ---- | C] () -- C:\Users\anexity\Desktop\AL_script_update.exe
[2012.08.19 12:44:30 | 000,835,023 | ---- | C] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe
[2012.08.19 12:43:31 | 012,670,411 | ---- | C] () -- C:\Users\anexity\Desktop\X2Update14DE.exe
[2012.08.19 12:27:21 | 000,508,780 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg
[2012.08.19 12:27:10 | 000,328,056 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg
[2012.08.18 18:46:34 | 000,127,122 | ---- | C] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json
[2012.08.14 19:11:03 | 000,555,343 | ---- | C] () -- C:\Users\anexity\Desktop\vinocard.jpg
[2012.08.10 01:28:12 | 000,500,649 | ---- | C] () -- C:\Users\anexity\Desktop\1344549037219.jpg
[2012.07.18 17:31:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.07.01 16:04:53 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.09 06:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 06:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.10.12 02:53:41 | 000,000,074 | ---- | C] () -- C:\Windows\WatchTVProEx.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.06.04 00:50:20 | 000,000,240 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.05.09 23:23:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.04.04 17:43:00 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.21 14:57:33 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.03.21 14:57:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.03.21 14:57:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.03.17 03:03:35 | 000,001,456 | ---- | C] () -- C:\Users\anexity\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.01.24 16:27:37 | 000,000,036 | ---- | C] () -- C:\Users\anexity\.org.eclipse.epp.usagedata.recording.userId
[2011.01.17 00:09:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.16 21:22:56 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2011.01.12 17:44:59 | 000,005,120 | ---- | C] () -- C:\Users\anexity\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.04 16:56:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.04 16:55:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat
[2011.01.04 16:55:14 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.01.04 16:53:59 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.01.03 00:38:15 | 000,000,096 | ---- | C] () -- C:\Users\anexity\.asadminpass
[2010.12.30 16:38:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.30 02:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 18:27:40 | 000,708,738 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.12.29 18:27:40 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.12.29 18:27:40 | 000,153,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.12.29 18:27:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.12.29 18:06:10 | 000,000,879 | ---- | C] () -- C:\Users\anexity\Downloads.lnk
[2010.12.29 18:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.08.12 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Audacity
[2011.07.22 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Canneverbe Limited
[2011.07.02 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.02 04:28:23 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DAEMON Tools Lite
[2012.09.08 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Dropbox
[2012.03.10 03:19:33 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoft
[2011.01.15 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.11 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Ebner
[2011.05.10 03:01:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\ManyCam
[2011.02.07 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\MAXON
[2011.10.31 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\mkvtoolnix
[2011.01.12 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia
[2011.01.12 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia Ovi Suite
[2012.07.15 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\NoNameScript
[2010.12.29 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Notepad++
[2011.03.08 03:58:32 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Opera
[2011.01.12 16:24:45 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\PC Suite
[2011.12.01 14:21:35 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Samsung
[2011.04.07 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Subversion
[2011.02.10 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TeamViewer
[2010.12.29 18:37:57 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Thunderbird
[2010.12.29 18:42:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Trillian
[2011.04.04 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TrueCrypt
[2011.12.26 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Unity
[2012.07.01 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\uTorrent
[2011.10.12 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\WatchTVProEx
[2012.06.26 08:35:16 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Hier ist das Extras.txt Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2012 12:47:08 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\anexity\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS
Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB26D06-05FB-4CBC-852F-50CAED1AB5FB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{11AE6151-841D-405F-B5A2-D93836516928}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13F718E7-5173-49DD-B333-0ADAA9881EB5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1879EC7A-9AB3-4C70-843B-3BBF3B5619C8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{3AE9BC15-975A-4D6F-97FD-BFA9C8941DBB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{4161921C-06AF-479E-B99E-DD124C0F07B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{438414FA-942F-4DA1-AF51-26BB4B0D78C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4B3B134D-B91B-451D-86C8-B1505E776F26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5BE2BD7C-8B53-4C4E-80BB-1E1DFED4F2A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F2054B6-580D-4E6D-8EE5-BE67C99FB806}" = rport=139 | protocol=6 | dir=out | app=system | 
"{658CA06C-0DFC-4832-A263-5506B955078F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6997AE05-1B12-44BA-A363-3FC14EB4659A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6ADBD19F-A4F0-4CCA-91FA-C51099B6FE53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B0A75C7-1CCC-40F3-8925-99A6E92F182B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71937102-6EE6-4538-86AF-F856FE144D88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92F884DF-3E0D-4F3F-9347-F05D2EA022DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2D0DE05-0372-486D-92A5-229DB135094A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A2DE4316-B72A-4D3B-BD5C-D745E205546C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A5D02157-0E82-4C1E-B0B8-C716CB498E89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{AE97417A-750D-4E7E-81F2-D81583087E68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD5E04B9-E0DA-41E2-AC9F-711BD7A5BFDA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{BE2EC1F1-B8EB-4FE5-A63E-E9296AD98E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0180D24-5AF6-410F-8FA2-C06F95C3F3F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{C9AD7C54-92F0-445A-A212-976A4757EEA5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EA01D0EC-51C9-4FF0-BC20-DFCBFC6B62A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F4938C1D-17E6-45A6-8421-ABA8E862C39D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{F614ECC3-9492-409A-BE79-40CFECBE87E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FF4937E7-F936-489E-AC39-22A9E3B1D6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214A17B-16A5-4357-9FF4-3D7F3EDFF43A}" = protocol=6 | dir=in | app=f:\programme\utorrent\utorrent.exe | 
"{03FAB972-1A53-4C36-962A-7F410D637959}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{09FB274D-8ADD-4628-97BB-935B5C76607B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{0A98F939-2D22-4BBB-99A8-0E9987336E2B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{113A9218-F023-4E6F-AD53-1E9229D905B5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{11AF344B-A1A4-44D8-B1B2-713140B55989}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{1A09BB39-A97D-4D59-B3CA-892DCBC9B26F}" = protocol=6 | dir=in | app=g:\games\diablo iii\diablo iii.exe | 
"{1B68F279-E8E0-4A5C-89D2-37535A14D336}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BD2F6D2-F96C-4EDC-A6B1-9CCBFC1351A0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{2C2355F1-7876-4B18-9DAE-660F0159482F}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{2F04C78D-01CB-43A1-AD7D-D993887914F0}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{30CBA6E7-80B4-4DBE-8091-C0C46D695FE9}" = dir=out | app=f:\programe\emule\emule.exe | 
"{34C3B2F3-E824-4B7D-9B2D-51E8FC059C09}" = protocol=6 | dir=out | app=system | 
"{3803B665-65FC-420E-BEA6-242E440F11D2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{3B1AD30D-37BE-4CB5-821F-8D17526F85D4}" = protocol=17 | dir=in | app=g:\games\diablo iii\diablo iii.exe | 
"{3B1E5242-9407-45D8-9645-C83075EA42B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{3BD8A872-1713-44E1-88DD-7593C07562F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3CD9C826-C244-45CD-9681-F141C3C55C73}" = protocol=6 | dir=in | app=g:\games\battlefield 3\bf3.exe | 
"{4F47C86B-4B5E-44B6-BB51-55B80614657C}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{50CE94DC-DF9B-401E-88FB-712B15DB2D9B}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{55AF6AD7-138E-4649-8FDB-1BA3C7D48915}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{55B4C6BB-7149-48BB-9CC1-0B4D790E8BD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5911E5E4-A762-4B6B-96CC-0B45065B9438}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{59CB1C60-F41D-480A-BC47-FDF86C32F178}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{5B6F79F9-B917-4B5E-BB26-902C5623BF83}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 
"{5D840D4A-B01C-4E50-8A2B-AF02F2D17F95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5D901CF6-15A3-4029-BC48-4C54A8302414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{611D54C2-48AA-4F66-A048-AC8EF44D24B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B8B0777-B4E5-4FC9-A47C-705CB8AB5BC5}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{6DBC692A-5BC6-4A21-B680-C2823059A219}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{70B05AF1-4FE1-4433-BA07-60B8BF4E4886}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe | 
"{712434FA-4D62-462C-8917-48472475E7F7}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 
"{7588B8D5-ABA3-4ECB-A124-09F75065C227}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{7B56278C-AAE7-4CD6-85E8-C712FFD78848}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{7D99C069-A825-42F0-B84B-3031227BAEE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7F517E48-A639-4EDF-8B8D-391EF27E3A9A}" = protocol=17 | dir=in | app=f:\programme\utorrent\utorrent.exe | 
"{8883D2EE-39AE-4566-B827-54CCE5D0B71E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B2E99E4-CFEF-4CEC-9800-9E44B6AC4AA7}" = protocol=17 | dir=in | app=g:\games\battlefield 3\bf3.exe | 
"{9056F375-8586-425B-A539-681F5B77CD22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{90A7DA1B-F98C-4973-B7CD-5C4A6B13EA5C}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{97543C94-307E-4BE7-9F17-DBFAB23C9D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9BD53013-A119-46FF-BF86-071A2846DF49}" = protocol=6 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe | 
"{9CE3ADC6-ECD4-488E-B1FB-1BB69456157F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{9E4B6F2C-4662-477F-A15D-7363F3AD2B2E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{A22B7549-E20F-47F6-B841-3D32F88369A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA14ABAA-62CA-45B6-93F0-686AA713F313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE9B0398-53B4-4699-9928-AA5103FD9FC3}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe | 
"{AF98878D-130C-48C7-9532-FE4AB92E032E}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe | 
"{B252CDFF-7812-47DA-BA57-8C33510C809B}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{B6F3CDA0-6680-4183-8403-3FEED0AD559B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BFDB22B3-64F5-4500-9196-26A3A9519E1D}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe | 
"{C14A3EE7-5162-44C5-AE78-FBC8D0AC0A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3E71554-F695-4135-AFB2-E0F9C2469F37}" = dir=in | app=f:\programe\emule\emule.exe | 
"{C455AB08-1393-44DC-B646-A4CD1196FEAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C4D298DA-3F7F-4ABB-B8F8-9E6889BA778E}" = protocol=17 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe | 
"{C8B298C7-2704-4BAD-BB73-9C76509E6147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD18A0FC-7E47-4186-9576-D1B868531BF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EDFE3E6A-8DA3-4B7C-9885-C4B3825A7196}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F0CEA4D9-D4C9-4B47-93AE-7E3C3D8886DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0EB62ED-96BB-42DB-8C00-06D9AC72D5D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8ED1C72-F67D-43AA-BDA8-8150FB7FE9F2}" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FBBE3726-8989-45C9-AB2E-51FB7FDBB2A8}" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FCA89A80-0892-498A-A8BD-A2F44FA07753}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe | 
"TCP Query User{0058B413-CAB0-4BE1-935D-0DC3851486CF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{071EDB05-28C3-42F7-AB39-F0F1434C907A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1816EF79-5102-433A-B00B-92F44E92D5C0}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe | 
"TCP Query User{3667B2CB-492A-4044-8AD3-64445824A9D7}G:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\warcraft iii\war3.exe | 
"TCP Query User{3E0147E3-C2AC-4ADB-A0A2-3BA69FB6613E}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe | 
"TCP Query User{4D6A040B-EB81-4618-A306-7A3EBACB9377}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{529A4E58-8CA3-4DBC-8093-58C02DF26452}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe | 
"TCP Query User{669DF5BF-D4C2-43E3-B336-47AFF45258AC}G:\games\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe | 
"TCP Query User{721FCD17-090F-4111-AFEF-05BE967C7E19}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{80DFC16D-2665-4E75-AC4B-219DB9F8A8C9}G:\games\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=g:\games\dead island\deadislandgame.exe | 
"TCP Query User{8358EF83-B9EF-4870-A775-075577E21522}C:\bauserver\spheresvr.exe" = protocol=6 | dir=in | app=c:\bauserver\spheresvr.exe | 
"TCP Query User{A7E872F4-B9AD-4427-A658-9AB6928C7657}G:\games\ea games\ultima online 2d client\client.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe | 
"TCP Query User{ACF61201-7C02-4382-8A63-2ED568382056}F:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=f:\programme\trillian\trillian.exe | 
"TCP Query User{B20C32B7-D38E-4D70-B69A-5DF35123FFB7}G:\games\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=g:\games\valve\portal 2\portal2.exe | 
"TCP Query User{B8F1B090-E51B-4D8B-9C42-E812A33450A3}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{CA00DFF3-28AD-4E10-850E-62139167B646}F:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\programme\mirc\mirc.exe | 
"TCP Query User{FB0762AF-EE8D-4310-A136-06B4895C0798}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0B8B0C85-6887-4FAD-B957-22FFCE526372}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe | 
"UDP Query User{25903D49-C832-498E-A5D4-17F5B242263D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{260B502D-3F88-4A36-B7E6-B63DB8053AF8}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe | 
"UDP Query User{289F6CBB-A83C-4423-ACBB-2AB3FA46D9A0}F:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\programme\mirc\mirc.exe | 
"UDP Query User{2F1BF8CA-2B86-49B7-9ADF-429F6C91C17D}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe | 
"UDP Query User{385B1FBB-9FC8-4FFB-9DBC-D8E2E0D2ACEF}G:\games\ea games\ultima online 2d client\client.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe | 
"UDP Query User{4770DA47-2F0B-485A-A4FA-C50A022D6776}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{680BAD46-1705-4FAA-8B77-9887D522F5DF}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{8B3DFE20-FB51-41B3-9B84-6E97CD66F33B}G:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\warcraft iii\war3.exe | 
"UDP Query User{B12EAFDD-078E-4BA5-AA25-F813382DCD40}G:\games\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=g:\games\dead island\deadislandgame.exe | 
"UDP Query User{BEAE585D-C50B-4FE0-8258-A82ACB3017AF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C222F2EC-18B5-4065-97A0-5E880322B3B6}F:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=f:\programme\trillian\trillian.exe | 
"UDP Query User{C6378C78-22CC-4B09-9302-2D979B792551}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C79753E6-19E8-429F-8326-B29933BC3943}C:\bauserver\spheresvr.exe" = protocol=17 | dir=in | app=c:\bauserver\spheresvr.exe | 
"UDP Query User{DAD41AF2-E090-4563-9A92-FF5FB7B6F408}G:\games\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=g:\games\valve\portal 2\portal2.exe | 
"UDP Query User{E422F7A0-5A12-42CF-A103-1D3EE9F52DCD}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FB416359-D92F-4FB3-926D-696392CD379C}G:\games\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{212719F5-89EE-4B3A-A8EB-121D931E5547}" = Adobe Flash Player 10 ActiveX
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBA73A5-F9B8-4E6A-B96D-8585590F57F5}" = Microsoft SQL Server Management Studio Express
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55D873F4-67F0-4BA8-B735-06A5B99AFFE1}" = Adobe Flash Player 10 Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59054586-87B7-4CB3-AAE7-0F25597E6BBE}" = Master of Orion II
"{5B119660-1788-11D8-8EB8-0050BF643EE7}" = digestIT 2004
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3C9CD09-A1F4-4C60-BDDA-06152623324A}_is1" = Steig ein! 9.5
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D4A262C4-11C1-4841-A0B3-0AAE19BE708D}_is1" = Steig ein! 8.6
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D7241F38-7D90-794C-C77E-2F8DBEBED491}" = AMD Media Foundation Decoders
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
"{e7d7ffbd-9938-46b6-b377-0c995386cf5b}" = Check Point SSL Network Extender Service
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.5
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D-Fend Reloaded" = D-Fend Reloaded 1.1.0 (deinstallieren)
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup.divx.com" = DivX-Setup
"Dungeon Keeper II" = Dungeon Keeper 2
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.7)
"eMule_is1" = eMule ScarAngel 4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Gmask 1.70 English" = Gmask 1.70 English
"Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM)
"hon" = Heroes of Newerth
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"JDownloader" = JDownloader
"KeyControl" = KeyControl v1.02 (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 2.6.43 (remove only)
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 11.64.1403" = Opera 11.64
"Orion2DeinstKey" = Master of Orion II
"Postal 2_is1" = Portal 2
"Shockwave" = Shockwave
"T4EPlayer" = T4E Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.5
"WatchTVProEx_is1" = WatchTVPro Ex Version 5.14
"WheelMouse" = Smart-X7 7.80
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Axis2" = Axis2 (remove only)
"Dropbox" = Dropbox
"NoNameScript" = NNScript
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2012 16:48:59 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/10 21:48:59.217]: [00001988]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 11.02.2012 07:56:18 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/11 12:56:18.662]: [00001944]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 11.02.2012 16:20:21 | Computer Name = michael | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 11.02.2012 16:21:04 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 11.02.2012 16:21:34 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12.02.2012 07:23:28 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 12:23:28.358]: [00000448]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 12.02.2012 17:49:43 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 22:49:43.983]: [00000340]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 15.02.2012 08:11:25 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/15 13:11:25.567]: [00000128]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 15.02.2012 12:57:53 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 15.02.2012 12:58:30 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 03.05.2012 19:27:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:37 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 03.05.2012 19:27:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:38 - Failed to retrieve EpgListings (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 14.05.2012 20:50:26 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:26 - Error connecting to the internet.  02:50:26 -     Unable 
to contact server..  
 
Error - 14.05.2012 20:50:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:31 - Error connecting to the internet.  02:50:31 -     Unable 
to contact server..  
 
Error - 14.05.2012 21:50:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:42 - Error connecting to the internet.  03:50:42 -     Unable 
to contact server..  
 
Error - 14.05.2012 21:50:50 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:47 - Error connecting to the internet.  03:50:47 -     Unable 
to contact server..  
 
Error - 14.05.2012 22:50:55 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:50:55 - Error connecting to the internet.  04:50:55 -     Unable 
to contact server..  
 
Error - 14.05.2012 22:51:03 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:51:00 - Error connecting to the internet.  04:51:00 -     Unable 
to contact server..  
 
Error - 14.05.2012 23:54:08 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:08 - Error connecting to the internet.  05:54:08 -     Unable 
to contact server..  
 
Error - 14.05.2012 23:54:16 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:13 - Error connecting to the internet.  05:54:13 -     Unable 
to contact server..  
 
[ System Events ]
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:43:03 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:43:14 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 08.09.2012 06:44:57 | Computer Name = michael | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber sfhlp01.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:32 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:44 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
 
< End of report >
         
Als letzten Schritt habe ich noch GMER ausgeführt (habe ein 32 bit System), im Anhang ist das Logfile Gmer.txt zu finden.

Ich hoffe mir kann geholfen werden und ich bedanke mich schon einmal im voraus!

LG,
anexity

Alt 11.09.2012, 11:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen - Standard

Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen



Wieso im Anhang? Poste die Logs doch bitte einheitlich und nicht so einen Mischmasch. Grundsätzlich sollen alle Logs direkt gepostet werden in CODE-Tags umschlossen
__________________

__________________

Alt 11.09.2012, 12:37   #3
anexity
 
Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen - Standard

Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen



Hallo,

erstmal vielen Dank für deine Antwort.
Ich habe die restliche Logs im Anhang gepostet, da dies in der Anleitung für die Hilfesuchenden (http://www.trojaner-board.de/69886-a...-beachten.html) explizit so gefordert wurde.

Hier nun alle Logs direkt:

Malwarebytes Logfile:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.02

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
anexity :: MICHAEL [Administrator]

Schutz: Deaktiviert

08.09.2012 12:39:15
mbam-log-2012-09-08 (12-39-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241084
Laufzeit: 2 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ttesfmkoutgegfc (Rogue.WindowsSecuritySystem.Phex) -> Daten: C:\Windows\ttesfmko.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Windows\ttesfmko.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ttesfmko.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\anexity\0.10582708333216007.exe (Rogue.WindowsSecuritySystem.Phex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\svhost.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL.txt Logile:
Code:
ATTFilter
OTL logfile created on: 08.09.2012 12:47:08 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\anexity\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS
Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.09 07:10:54 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.22 14:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2007.05.15 18:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2007.03.21 18:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK02N\STK02NM.exe
PRC - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.24 00:09:23 | 000,115,137 | ---- | M] () -- C:\Users\anexity\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MOD - [2012.03.09 01:36:36 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.16 04:09:42 | 001,159,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll
MOD - [2011.01.16 04:08:27 | 000,758,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
MOD - [2011.01.16 04:08:22 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2011.01.16 04:01:31 | 017,629,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8357ade60159c25ee88db0aab8686e6d\PresentationFramework.ni.dll
MOD - [2011.01.16 04:01:19 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2011.01.16 04:01:17 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
MOD - [2011.01.16 04:01:12 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2011.01.16 04:01:10 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2011.01.16 04:01:09 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2011.01.16 04:01:09 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
MOD - [2011.01.16 04:01:08 | 000,450,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b4e58d1a3e0ee75b6b107585c92c68e8\PresentationFramework.Aero.ni.dll
MOD - [2011.01.16 04:01:06 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2011.01.16 04:01:01 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2010.12.29 20:52:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
MOD - [2010.12.29 20:51:38 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
MOD - [2010.12.29 18:22:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
MOD - [2010.12.29 18:22:40 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
MOD - [2010.12.29 18:22:28 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
MOD - [2010.12.29 18:22:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
MOD - [2010.12.29 18:21:53 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010.12.29 18:21:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll
MOD - [2010.12.29 18:21:36 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ace3bede2f516f9e5bca620ad86cc063\System.Web.ni.dll
MOD - [2010.12.29 18:21:30 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010.12.29 18:21:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010.12.29 18:21:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010.12.29 18:21:19 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010.12.29 18:21:15 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2009.06.10 15:14:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.06.10 15:14:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 15:14:06 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.06.08 11:37:32 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2006.12.26 18:08:48 | 000,053,248 | ---- | M] () -- F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe
MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.08 00:38:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.09 07:10:06 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.08 03:53:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.29 18:27:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.01.14 13:14:10 | 000,353,680 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2007.11.07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - [2012.07.30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.03.09 08:26:40 | 009,183,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.03.09 05:57:34 | 000,265,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.02.23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.10.27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.10.27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.10.27 03:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.10.27 03:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.10.27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.04.04 17:59:58 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.01.13 03:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.12.29 19:00:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.06.22 03:11:00 | 000,493,312 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.04.14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.01.14 13:14:10 | 000,126,808 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA)
DRV - [2008.11.14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.05.15 06:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007.05.15 06:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tele2.at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 20 F7 77 24 09 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{15440812-8B32-4000-92FE-30CAF1BF1CD1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYAT&apn_uid=0630ea91-7e2a-4590-8f8e-b93526cca3ff&apn_sauid=20F02CA2-27AD-41CE-8746-571478301669
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={6086651F-1BD8-410E-8DB0-C29AFF5FEC7C}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2552035
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: F:\Programme\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: F:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\anexity\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: F:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.01.12 16:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.04 02:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.04 02:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 00:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 00:38:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.13 14:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.04 15:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.12 16:42:54 | 000,000,000 | ---D | M]
 
[2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions
[2010.12.29 18:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.15 17:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions
[2011.03.28 05:04:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\9jxgyf8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.23 20:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions
[2010.12.29 18:47:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.12.29 18:47:52 | 000,000,000 | ---D | M] (ProxySel) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{71e95839-6f7e-470d-be54-77012fec6345}
[2010.12.29 18:47:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 15:31:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Text2Link) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{E9AE265A-1885-4143-BDC3-2783D9124418}
[2010.12.29 18:47:53 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\anexity\AppData\Roaming\mozilla\Firefox\Profiles\dehjsn8c.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2012.04.03 21:05:47 | 000,140,964 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\firegestures@xuldev.org.xpi
[2011.04.11 00:55:48 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\personas@christopher.beard.xpi
[2011.07.20 10:06:36 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.08.23 20:54:30 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.20 21:26:09 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.03.29 07:39:18 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\anexity\AppData\Roaming\mozilla\firefox\profiles\dehjsn8c.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.09.08 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.09.08 00:38:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.08 00:38:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.02 22:41:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 01:33:19 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.29 08:01:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.02 22:41:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 22:41:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 22:41:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 22:41:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.08 03:57:03 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tvjbmonitor] F:\Programme\MMEDIA\TV Jukebox 3.5\tvjbMonitor.exe ()
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\anexity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\anexity\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30D3ADCF-862F-4DD8-910D-ADA9BB079B28}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE02C78C-AF36-4160-97A0-A26961071C58}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF83BD1D-5431-4AD9-9409-64CF13054C45}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.01.12 17:44:50 | 000,000,027 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{872123e4-1364-11e0-a219-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2004.01.12 17:44:48 | 000,233,472 | R--- | M] ()
O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell - "" = AutoRun
O33 - MountPoints2\{be51ba05-13a7-11e0-9778-0021851c264e}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.08 12:46:31 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe
[2012.09.08 12:33:45 | 000,000,000 | ---D | C] -- C:\Users\anexity\AppData\Roaming\Malwarebytes
[2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.08 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.08 12:33:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.08 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.08 12:33:06 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.08 12:27:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe
[2012.09.08 12:26:19 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe
[2012.09.08 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.08.29 15:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 12:46:32 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\anexity\Desktop\OTL.exe
[2012.09.08 12:45:41 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.08 12:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 12:45:34 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 12:45:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 12:44:47 | 000,000,168 | ---- | M] () -- C:\Users\anexity\defogger_reenable
[2012.09.08 12:44:17 | 000,050,477 | ---- | M] () -- C:\Users\anexity\Desktop\Defogger.exe
[2012.09.08 12:33:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\  Malwarebytes Anti-Malware  .lnk
[2012.09.08 12:33:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\anexity\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.08 12:32:07 | 000,000,512 | ---- | M] () -- C:\Users\anexity\Desktop\MBR.dat
[2012.09.08 12:27:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\anexity\Desktop\aswMBR.exe
[2012.09.08 12:27:00 | 000,708,738 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.08 12:27:00 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.08 12:27:00 | 000,153,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.08 12:27:00 | 000,123,832 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.08 12:26:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\anexity\Desktop\tdsskiller.exe
[2012.09.08 12:21:42 | 000,001,990 | ---- | M] () -- C:\Users\anexity\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.09.08 12:14:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.08 01:47:13 | 000,074,127 | ---- | M] () -- C:\ProgramData\pkcxieoxsdkckqb
[2012.08.29 15:57:49 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.08.20 17:06:05 | 000,001,048 | ---- | M] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk
[2012.08.19 13:52:06 | 000,107,363 | ---- | M] () -- C:\Users\anexity\Desktop\AL_script_update.exe
[2012.08.19 12:44:30 | 000,835,023 | ---- | M] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe
[2012.08.19 12:43:43 | 012,670,411 | ---- | M] () -- C:\Users\anexity\Desktop\X2Update14DE.exe
[2012.08.19 12:27:21 | 000,508,780 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg
[2012.08.19 12:27:10 | 000,328,056 | ---- | M] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg
[2012.08.18 18:46:34 | 000,127,122 | ---- | M] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json
[2012.08.14 19:11:04 | 000,555,343 | ---- | M] () -- C:\Users\anexity\Desktop\vinocard.jpg
[2012.08.10 01:28:12 | 000,500,649 | ---- | M] () -- C:\Users\anexity\Desktop\1344549037219.jpg
 
========== Files Created - No Company Name ==========
 
[2012.09.08 12:44:34 | 000,000,168 | ---- | C] () -- C:\Users\anexity\defogger_reenable
[2012.09.08 12:44:17 | 000,050,477 | ---- | C] () -- C:\Users\anexity\Desktop\Defogger.exe
[2012.09.08 12:33:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\  Malwarebytes Anti-Malware  .lnk
[2012.09.08 12:32:07 | 000,000,512 | ---- | C] () -- C:\Users\anexity\Desktop\MBR.dat
[2012.09.08 01:42:29 | 000,074,127 | ---- | C] () -- C:\ProgramData\pkcxieoxsdkckqb
[2012.08.29 15:57:24 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.08.20 17:06:06 | 000,001,048 | ---- | C] () -- C:\Users\anexity\Desktop\x² - Die Bedrohung.lnk
[2012.08.19 13:52:05 | 000,107,363 | ---- | C] () -- C:\Users\anexity\Desktop\AL_script_update.exe
[2012.08.19 12:44:30 | 000,835,023 | ---- | C] () -- C:\Users\anexity\Desktop\X2NoCopyProt14ALL.exe
[2012.08.19 12:43:31 | 012,670,411 | ---- | C] () -- C:\Users\anexity\Desktop\X2Update14DE.exe
[2012.08.19 12:27:21 | 000,508,780 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00000.jpg
[2012.08.19 12:27:10 | 000,328,056 | ---- | C] () -- C:\Users\anexity\Desktop\CCI19082012_00001.jpg
[2012.08.18 18:46:34 | 000,127,122 | ---- | C] () -- C:\Users\anexity\Desktop\bookmarks-2012-08-18.json
[2012.08.14 19:11:03 | 000,555,343 | ---- | C] () -- C:\Users\anexity\Desktop\vinocard.jpg
[2012.08.10 01:28:12 | 000,500,649 | ---- | C] () -- C:\Users\anexity\Desktop\1344549037219.jpg
[2012.07.18 17:31:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.07.01 16:04:53 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.09 06:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 06:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.10.12 02:53:41 | 000,000,074 | ---- | C] () -- C:\Windows\WatchTVProEx.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.06.04 00:50:20 | 000,000,240 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.05.09 23:23:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.04.04 17:43:00 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.21 14:57:33 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.03.21 14:57:33 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.03.21 14:57:33 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.03.17 03:03:35 | 000,001,456 | ---- | C] () -- C:\Users\anexity\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.01.24 16:27:37 | 000,000,036 | ---- | C] () -- C:\Users\anexity\.org.eclipse.epp.usagedata.recording.userId
[2011.01.17 00:09:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.16 21:22:56 | 000,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2011.01.12 17:44:59 | 000,005,120 | ---- | C] () -- C:\Users\anexity\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.04 16:56:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.04 16:55:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat
[2011.01.04 16:55:14 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.01.04 16:53:59 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.01.03 00:38:15 | 000,000,096 | ---- | C] () -- C:\Users\anexity\.asadminpass
[2010.12.30 16:38:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.30 02:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.29 18:27:40 | 000,708,738 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.12.29 18:27:40 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.12.29 18:27:40 | 000,153,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.12.29 18:27:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.12.29 18:06:10 | 000,000,879 | ---- | C] () -- C:\Users\anexity\Downloads.lnk
[2010.12.29 18:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.08.12 16:28:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Audacity
[2011.07.22 17:49:22 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Canneverbe Limited
[2011.07.02 04:18:36 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.02 04:28:23 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DAEMON Tools Lite
[2012.09.08 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Dropbox
[2012.03.10 03:19:33 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoft
[2011.01.15 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.11 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Ebner
[2011.05.10 03:01:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\ManyCam
[2011.02.07 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\MAXON
[2011.10.31 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\mkvtoolnix
[2011.01.12 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia
[2011.01.12 17:46:34 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Nokia Ovi Suite
[2012.07.15 07:26:43 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\NoNameScript
[2010.12.29 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Notepad++
[2011.03.08 03:58:32 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Opera
[2011.01.12 16:24:45 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\PC Suite
[2011.12.01 14:21:35 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Samsung
[2011.04.07 14:44:03 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Subversion
[2011.02.10 15:16:58 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TeamViewer
[2010.12.29 18:37:57 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Thunderbird
[2010.12.29 18:42:50 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Trillian
[2011.04.04 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\TrueCrypt
[2011.12.26 05:43:41 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\Unity
[2012.07.01 16:02:56 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\uTorrent
[2011.10.12 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\anexity\AppData\Roaming\WatchTVProEx
[2012.06.26 08:35:16 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2012 12:47:08 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\anexity\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
6,00 Gb Paging File | 4,73 Gb Available in Paging File | 78,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 5,33 Gb Free Space | 9,54% Space Free | Partition Type: NTFS
Drive E: | 694,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 298,08 Gb Total Space | 82,35 Gb Free Space | 27,63% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 53,67 Gb Free Space | 5,76% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL | User Name: anexity | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB26D06-05FB-4CBC-852F-50CAED1AB5FB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{11AE6151-841D-405F-B5A2-D93836516928}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13F718E7-5173-49DD-B333-0ADAA9881EB5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1879EC7A-9AB3-4C70-843B-3BBF3B5619C8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{3AE9BC15-975A-4D6F-97FD-BFA9C8941DBB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{4161921C-06AF-479E-B99E-DD124C0F07B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{438414FA-942F-4DA1-AF51-26BB4B0D78C1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4B3B134D-B91B-451D-86C8-B1505E776F26}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5BE2BD7C-8B53-4C4E-80BB-1E1DFED4F2A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F2054B6-580D-4E6D-8EE5-BE67C99FB806}" = rport=139 | protocol=6 | dir=out | app=system | 
"{658CA06C-0DFC-4832-A263-5506B955078F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6997AE05-1B12-44BA-A363-3FC14EB4659A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6ADBD19F-A4F0-4CCA-91FA-C51099B6FE53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B0A75C7-1CCC-40F3-8925-99A6E92F182B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71937102-6EE6-4538-86AF-F856FE144D88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92F884DF-3E0D-4F3F-9347-F05D2EA022DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2D0DE05-0372-486D-92A5-229DB135094A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A2DE4316-B72A-4D3B-BD5C-D745E205546C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A5D02157-0E82-4C1E-B0B8-C716CB498E89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{AE97417A-750D-4E7E-81F2-D81583087E68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD5E04B9-E0DA-41E2-AC9F-711BD7A5BFDA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{BE2EC1F1-B8EB-4FE5-A63E-E9296AD98E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0180D24-5AF6-410F-8FA2-C06F95C3F3F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{C9AD7C54-92F0-445A-A212-976A4757EEA5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EA01D0EC-51C9-4FF0-BC20-DFCBFC6B62A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F4938C1D-17E6-45A6-8421-ABA8E862C39D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{F614ECC3-9492-409A-BE79-40CFECBE87E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FF4937E7-F936-489E-AC39-22A9E3B1D6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214A17B-16A5-4357-9FF4-3D7F3EDFF43A}" = protocol=6 | dir=in | app=f:\programme\utorrent\utorrent.exe | 
"{03FAB972-1A53-4C36-962A-7F410D637959}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{09FB274D-8ADD-4628-97BB-935B5C76607B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{0A98F939-2D22-4BBB-99A8-0E9987336E2B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{113A9218-F023-4E6F-AD53-1E9229D905B5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{11AF344B-A1A4-44D8-B1B2-713140B55989}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{1A09BB39-A97D-4D59-B3CA-892DCBC9B26F}" = protocol=6 | dir=in | app=g:\games\diablo iii\diablo iii.exe | 
"{1B68F279-E8E0-4A5C-89D2-37535A14D336}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BD2F6D2-F96C-4EDC-A6B1-9CCBFC1351A0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{2C2355F1-7876-4B18-9DAE-660F0159482F}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{2F04C78D-01CB-43A1-AD7D-D993887914F0}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{30CBA6E7-80B4-4DBE-8091-C0C46D695FE9}" = dir=out | app=f:\programe\emule\emule.exe | 
"{34C3B2F3-E824-4B7D-9B2D-51E8FC059C09}" = protocol=6 | dir=out | app=system | 
"{3803B665-65FC-420E-BEA6-242E440F11D2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{3B1AD30D-37BE-4CB5-821F-8D17526F85D4}" = protocol=17 | dir=in | app=g:\games\diablo iii\diablo iii.exe | 
"{3B1E5242-9407-45D8-9645-C83075EA42B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{3BD8A872-1713-44E1-88DD-7593C07562F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3CD9C826-C244-45CD-9681-F141C3C55C73}" = protocol=6 | dir=in | app=g:\games\battlefield 3\bf3.exe | 
"{4F47C86B-4B5E-44B6-BB51-55B80614657C}" = protocol=6 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{50CE94DC-DF9B-401E-88FB-712B15DB2D9B}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{55AF6AD7-138E-4649-8FDB-1BA3C7D48915}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{55B4C6BB-7149-48BB-9CC1-0B4D790E8BD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5911E5E4-A762-4B6B-96CC-0B45065B9438}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{59CB1C60-F41D-480A-BC47-FDF86C32F178}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{5B6F79F9-B917-4B5E-BB26-902C5623BF83}" = protocol=17 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 
"{5D840D4A-B01C-4E50-8A2B-AF02F2D17F95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5D901CF6-15A3-4029-BC48-4C54A8302414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{611D54C2-48AA-4F66-A048-AC8EF44D24B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6B8B0777-B4E5-4FC9-A47C-705CB8AB5BC5}" = protocol=17 | dir=in | app=c:\program files\tele2\installer_complete\installer_complete.exe | 
"{6DBC692A-5BC6-4A21-B680-C2823059A219}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{70B05AF1-4FE1-4433-BA07-60B8BF4E4886}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe | 
"{712434FA-4D62-462C-8917-48472475E7F7}" = protocol=6 | dir=in | app=c:\program files\tele2\supportcenter\supportcenter.exe | 
"{7588B8D5-ABA3-4ECB-A124-09F75065C227}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{7B56278C-AAE7-4CD6-85E8-C712FFD78848}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{7D99C069-A825-42F0-B84B-3031227BAEE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7F517E48-A639-4EDF-8B8D-391EF27E3A9A}" = protocol=17 | dir=in | app=f:\programme\utorrent\utorrent.exe | 
"{8883D2EE-39AE-4566-B827-54CCE5D0B71E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B2E99E4-CFEF-4CEC-9800-9E44B6AC4AA7}" = protocol=17 | dir=in | app=g:\games\battlefield 3\bf3.exe | 
"{9056F375-8586-425B-A539-681F5B77CD22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{90A7DA1B-F98C-4973-B7CD-5C4A6B13EA5C}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{97543C94-307E-4BE7-9F17-DBFAB23C9D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9BD53013-A119-46FF-BF86-071A2846DF49}" = protocol=6 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe | 
"{9CE3ADC6-ECD4-488E-B1FB-1BB69456157F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{9E4B6F2C-4662-477F-A15D-7363F3AD2B2E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{A22B7549-E20F-47F6-B841-3D32F88369A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA14ABAA-62CA-45B6-93F0-686AA713F313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE9B0398-53B4-4699-9928-AA5103FD9FC3}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe | 
"{AF98878D-130C-48C7-9532-FE4AB92E032E}" = protocol=6 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe | 
"{B252CDFF-7812-47DA-BA57-8C33510C809B}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe | 
"{B6F3CDA0-6680-4183-8403-3FEED0AD559B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BFDB22B3-64F5-4500-9196-26A3A9519E1D}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\counter-strike\hl.exe | 
"{C14A3EE7-5162-44C5-AE78-FBC8D0AC0A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3E71554-F695-4135-AFB2-E0F9C2469F37}" = dir=in | app=f:\programe\emule\emule.exe | 
"{C455AB08-1393-44DC-B646-A4CD1196FEAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C4D298DA-3F7F-4ABB-B8F8-9E6889BA778E}" = protocol=17 | dir=in | app=g:\games\diablo iii beta\diablo iii.exe | 
"{C8B298C7-2704-4BAD-BB73-9C76509E6147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD18A0FC-7E47-4186-9576-D1B868531BF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EDFE3E6A-8DA3-4B7C-9885-C4B3825A7196}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F0CEA4D9-D4C9-4B47-93AE-7E3C3D8886DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0EB62ED-96BB-42DB-8C00-06D9AC72D5D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8ED1C72-F67D-43AA-BDA8-8150FB7FE9F2}" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FBBE3726-8989-45C9-AB2E-51FB7FDBB2A8}" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FCA89A80-0892-498A-A8BD-A2F44FA07753}" = protocol=17 | dir=in | app=g:\games\steam\steamapps\darkassassin@gmx.net\team fortress classic\hl.exe | 
"TCP Query User{0058B413-CAB0-4BE1-935D-0DC3851486CF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{071EDB05-28C3-42F7-AB39-F0F1434C907A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1816EF79-5102-433A-B00B-92F44E92D5C0}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe | 
"TCP Query User{3667B2CB-492A-4044-8AD3-64445824A9D7}G:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\warcraft iii\war3.exe | 
"TCP Query User{3E0147E3-C2AC-4ADB-A0A2-3BA69FB6613E}F:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\programme\winamp\winamp.exe | 
"TCP Query User{4D6A040B-EB81-4618-A306-7A3EBACB9377}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{529A4E58-8CA3-4DBC-8093-58C02DF26452}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe | 
"TCP Query User{669DF5BF-D4C2-43E3-B336-47AFF45258AC}G:\games\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe | 
"TCP Query User{721FCD17-090F-4111-AFEF-05BE967C7E19}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{80DFC16D-2665-4E75-AC4B-219DB9F8A8C9}G:\games\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=g:\games\dead island\deadislandgame.exe | 
"TCP Query User{8358EF83-B9EF-4870-A775-075577E21522}C:\bauserver\spheresvr.exe" = protocol=6 | dir=in | app=c:\bauserver\spheresvr.exe | 
"TCP Query User{A7E872F4-B9AD-4427-A658-9AB6928C7657}G:\games\ea games\ultima online 2d client\client.exe" = protocol=6 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe | 
"TCP Query User{ACF61201-7C02-4382-8A63-2ED568382056}F:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=f:\programme\trillian\trillian.exe | 
"TCP Query User{B20C32B7-D38E-4D70-B69A-5DF35123FFB7}G:\games\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=g:\games\valve\portal 2\portal2.exe | 
"TCP Query User{B8F1B090-E51B-4D8B-9C42-E812A33450A3}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{CA00DFF3-28AD-4E10-850E-62139167B646}F:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=f:\programme\mirc\mirc.exe | 
"TCP Query User{FB0762AF-EE8D-4310-A136-06B4895C0798}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0B8B0C85-6887-4FAD-B957-22FFCE526372}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe | 
"UDP Query User{25903D49-C832-498E-A5D4-17F5B242263D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{260B502D-3F88-4A36-B7E6-B63DB8053AF8}F:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\programme\winamp\winamp.exe | 
"UDP Query User{289F6CBB-A83C-4423-ACBB-2AB3FA46D9A0}F:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=f:\programme\mirc\mirc.exe | 
"UDP Query User{2F1BF8CA-2B86-49B7-9ADF-429F6C91C17D}G:\games\ea games\ultima online 2d client\client_5.0.4b.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client_5.0.4b.exe | 
"UDP Query User{385B1FBB-9FC8-4FFB-9DBC-D8E2E0D2ACEF}G:\games\ea games\ultima online 2d client\client.exe" = protocol=17 | dir=in | app=g:\games\ea games\ultima online 2d client\client.exe | 
"UDP Query User{4770DA47-2F0B-485A-A4FA-C50A022D6776}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{680BAD46-1705-4FAA-8B77-9887D522F5DF}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{8B3DFE20-FB51-41B3-9B84-6E97CD66F33B}G:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\warcraft iii\war3.exe | 
"UDP Query User{B12EAFDD-078E-4BA5-AA25-F813382DCD40}G:\games\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=g:\games\dead island\deadislandgame.exe | 
"UDP Query User{BEAE585D-C50B-4FE0-8258-A82ACB3017AF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C222F2EC-18B5-4065-97A0-5E880322B3B6}F:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=f:\programme\trillian\trillian.exe | 
"UDP Query User{C6378C78-22CC-4B09-9302-2D979B792551}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C79753E6-19E8-429F-8326-B29933BC3943}C:\bauserver\spheresvr.exe" = protocol=17 | dir=in | app=c:\bauserver\spheresvr.exe | 
"UDP Query User{DAD41AF2-E090-4563-9A92-FF5FB7B6F408}G:\games\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=g:\games\valve\portal 2\portal2.exe | 
"UDP Query User{E422F7A0-5A12-42CF-A103-1D3EE9F52DCD}C:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anexity\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FB416359-D92F-4FB3-926D-696392CD379C}G:\games\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=g:\games\electronic arts\dead space\dead space.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{212719F5-89EE-4B3A-A8EB-121D931E5547}" = Adobe Flash Player 10 ActiveX
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBA73A5-F9B8-4E6A-B96D-8585590F57F5}" = Microsoft SQL Server Management Studio Express
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{55D873F4-67F0-4BA8-B735-06A5B99AFFE1}" = Adobe Flash Player 10 Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59054586-87B7-4CB3-AAE7-0F25597E6BBE}" = Master of Orion II
"{5B119660-1788-11D8-8EB8-0050BF643EE7}" = digestIT 2004
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82419258-BAA2-4214-824C-836FDFCE8FA8}" = AnkhSVN 2.1.10129.17
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3C9CD09-A1F4-4C60-BDDA-06152623324A}_is1" = Steig ein! 9.5
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D4A262C4-11C1-4841-A0B3-0AAE19BE708D}_is1" = Steig ein! 8.6
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D7241F38-7D90-794C-C77E-2F8DBEBED491}" = AMD Media Foundation Decoders
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}" = STK02N 2.3
"{e7d7ffbd-9938-46b6-b377-0c995386cf5b}" = Check Point SSL Network Extender Service
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.5
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"D-Fend Reloaded" = D-Fend Reloaded 1.1.0 (deinstallieren)
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"DivX Setup.divx.com" = DivX-Setup
"Dungeon Keeper II" = Dungeon Keeper 2
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.7)
"eMule_is1" = eMule ScarAngel 4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Gmask 1.70 English" = Gmask 1.70 English
"Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death(TM)
"hon" = Heroes of Newerth
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"JDownloader" = JDownloader
"KeyControl" = KeyControl v1.02 (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManyCam" = ManyCam 2.6.43 (remove only)
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Opera 11.64.1403" = Opera 11.64
"Orion2DeinstKey" = Master of Orion II
"Postal 2_is1" = Portal 2
"Shockwave" = Shockwave
"T4EPlayer" = T4E Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.5
"WatchTVProEx_is1" = WatchTVPro Ex Version 5.14
"WheelMouse" = Smart-X7 7.80
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Axis2" = Axis2 (remove only)
"Dropbox" = Dropbox
"NoNameScript" = NNScript
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2012 16:48:59 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/10 21:48:59.217]: [00001988]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 11.02.2012 07:56:18 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/11 12:56:18.662]: [00001944]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 11.02.2012 16:20:21 | Computer Name = michael | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 11.02.2012 16:21:04 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 11.02.2012 16:21:34 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12.02.2012 07:23:28 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 12:23:28.358]: [00000448]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 12.02.2012 17:49:43 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/12 22:49:43.983]: [00000340]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 15.02.2012 08:11:25 | Computer Name = michael | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/02/15 13:11:25.567]: [00000128]: GetDeviceIpAddress:
 GetAddressByName [BRN001BA92C6898] Error  
 
Error - 15.02.2012 12:57:53 | Computer Name = michael | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 15.02.2012 12:58:30 | Computer Name = michael | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 03.05.2012 19:27:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:37 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 03.05.2012 19:27:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 01:27:38 - Failed to retrieve EpgListings (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 14.05.2012 20:50:26 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:26 - Error connecting to the internet.  02:50:26 -     Unable 
to contact server..  
 
Error - 14.05.2012 20:50:37 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 02:50:31 - Error connecting to the internet.  02:50:31 -     Unable 
to contact server..  
 
Error - 14.05.2012 21:50:42 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:42 - Error connecting to the internet.  03:50:42 -     Unable 
to contact server..  
 
Error - 14.05.2012 21:50:50 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 03:50:47 - Error connecting to the internet.  03:50:47 -     Unable 
to contact server..  
 
Error - 14.05.2012 22:50:55 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:50:55 - Error connecting to the internet.  04:50:55 -     Unable 
to contact server..  
 
Error - 14.05.2012 22:51:03 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 04:51:00 - Error connecting to the internet.  04:51:00 -     Unable 
to contact server..  
 
Error - 14.05.2012 23:54:08 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:08 - Error connecting to the internet.  05:54:08 -     Unable 
to contact server..  
 
Error - 14.05.2012 23:54:16 | Computer Name = michael | Source = MCUpdate | ID = 0
Description = 05:54:13 - Error connecting to the internet.  05:54:13 -     Unable 
to contact server..  
 
[ System Events ]
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:43:01 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:43:03 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:43:14 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 08.09.2012 06:44:57 | Computer Name = michael | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber sfhlp01.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prosync1.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:31 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prohlp02.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:32 | Computer Name = michael | Source = Application Popup | ID = 875
Description = Treiber prodrv06.sys konnte nicht geladen werden.
 
Error - 08.09.2012 06:45:44 | Computer Name = michael | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
 
< End of report >
         
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-08 13:25:55
Windows 6.1.7600  Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-5 OCZ-VERTEX2 rev.1.25
Running: pmxj3yyt.exe; Driver: C:\Users\anexity\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     83250599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              83274F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91034000, 0x3CA315, 0xE8000020]
PAGE            peauth.sys                                                                                                          9996AB9B 72 Bytes  CALL E93B29C5 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3304] ntdll.dll!DbgUiRemoteBreakin               776ED315 1 Byte  [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc60c1                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc60c1@c8979ff3dc1c                            0x39 0x7B 0x92 0xD4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 F:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x4A 0xA8 0x2F 0x58 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x0C 0x87 0x5F 0x08 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x06 0xCC 0xDA 0x05 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc60c1 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc60c1@c8979ff3dc1c                                0x39 0x7B 0x92 0xD4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     F:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x4A 0xA8 0x2F 0x58 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x0C 0x87 0x5F 0x08 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x06 0xCC 0xDA 0x05 ...

---- EOF - GMER 1.0.15 ----
         

Vielen Dank schonmal für die Hilfe!

LG,
anexity
__________________

Alt 11.09.2012, 16:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen - Standard

Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen



Zitat:
da dies in der Anleitung für die Hilfesuchenden (Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?) explizit so gefordert wurde.
Ah, da steht das also doch drin, ich werd das mal versuchen abändern zu lassen

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen
32 bit, battle.net, bho, booten, c:\windows\system32\cmd.exe, converter, document, error, excel, failed, firefox, flash player, gmx.net, google, google earth, helper, install.exe, jdownloader, kaspersky, langs, logfile, mp3, office 2007, plug-in, popup, problem, programm, realtek, registry, richtlinie, security, senden, software, svchost.exe, taskmanager, teamspeak, visual studio, windows




Ähnliche Themen: Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen


  1. dieses programm kann die webseite nicht anzeigen
    Log-Analyse und Auswertung - 12.12.2012 (2)
  2. Das Programm kann diese Webseite nicht anzeigen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (19)
  3. diese programm kann die webseite nicht anzeigen
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  4. diese programm kann die webseite nicht anzeigen
    Alles rund um Windows - 24.10.2012 (1)
  5. dieses programm kann die webseite nicht anzeigen
    Log-Analyse und Auswertung - 17.10.2012 (6)
  6. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (15)
  7. Dieses Programm kann die Webseite nicht anzeigen - Win 7, 32 Bit
    Log-Analyse und Auswertung - 02.10.2012 (3)
  8. Dieses Programm kann die Webseite nicht anzeigen - Win 7 64 bit
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (8)
  9. Dieses Programm kann die Webseite nicht anzeigen
    Log-Analyse und Auswertung - 29.09.2012 (32)
  10. Dieses Programm kann Webseite nicht anzeigen
    Log-Analyse und Auswertung - 27.09.2012 (2)
  11. Dieses Programm kann die Webseite nicht anzeigen - Win 7 32 bit
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  12. Dieses Programm kann die Webseite nicht anzeigen.
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (15)
  13. Dieses Programm kann die Webseite nicht anzeigen//Win 7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (1)
  14. das programm kann die webseite nicht anzeigen win7,
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  15. Dieses Programm kann die Webseite nicht anzeigen.
    Log-Analyse und Auswertung - 30.04.2012 (1)
  16. Dieses Programm kann die Webseite nicht anzeigen.
    Log-Analyse und Auswertung - 21.03.2012 (1)
  17. Programm kann Webseite nicht anzeigen...Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (37)

Zum Thema Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen - Hallo, ich fürchte mich hat es nun auch erwischt. Heute morgen beim hochfahren kam ein weißes Fenster, welches nur den Text "Das Programm kann die Webseite nicht anzeigen" enthielt, ansonsten - Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen...
Archiv
Du betrachtest: Verschlüsselungstrojaner - Das Programm kann die Webseite nicht anzeigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.