Polizeivirus, die Zweite

Flowercloud · 28.12.2012, 22:27

Hi, ein paar wundervolle Wochen ohne Viren, Trojaner etc und nun ist er wieder da, der Polizeivirus

Hier das Malwarebytes Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.28.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Flowercloud :: AGENTMANGO-PC [limited]

28.12.2012 21:27:03
mbam-log-2012-12-28 (21-27-03).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273011
Time elapsed: 49 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Flowercloud\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Flowercloud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-552a8e65 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.

(end)

Toll dass es euch gibt und ihr hier immer kompetent helft

t'john · 29.12.2012, 04:39

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Wähle Scanne Alle Benuzer
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Flowercloud · 29.12.2012, 10:43

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.12.2012 10:27:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Flowercloud\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 60,13% Memory free
6,50 Gb Paging File | 5,12 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 694,67 Gb Total Space | 244,27 Gb Free Space | 35,16% Space Free | Partition Type: NTFS
Drive D: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: AGENTMANGO-PC | User Name: AgentMango | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flowercloud\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\AgentMango\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SSHDRV76) -- C:\Windows\System32\drivers\SSHDRV76.sys ()
DRV - (SSHDRV52) -- C:\Windows\System32\drivers\SSHDRV52.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (GUCI_AVS) -- C:\Windows\System32\drivers\GUCI_AVS.sys (PixArt Imaging Incorporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3D3CA7B3-AC8F-6651-A1B2-32F9DAC1737A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 C8 C9 3C 0F A0 CA 01  [binary data]
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes,Backup.Old.DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{3D3CA7B3-AC8F-6651-A1B2-32F9DAC1737A}: "URL" = hxxp://www.google.com/search?ie=utf-8&rlz=1V4ETSG&q={searchTerms}
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{47BEAC43-D7AB-4FFA-AEE3-E09CFF76E8F7}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{6C2C893E-6DE8-4793-BDD6-7F195B25FADA}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=997
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{776A406B-BB16-4CFC-AE53-92897BC8275F}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{A3CB84F0-6CBC-4990-B15D-8F0377B09771}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{C0E9763B-326F-4B20-964F-B010C48EB8A0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYAT&apn_uid=4A0C5D07-ED29-40B7-8E8A-8188C8A78DFB&apn_sauid=825943ED-36F1-4E96-B3CC-4FCCA25D9733
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{CF769663-1513-47FE-8B3D-044F90A88A52}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D31363433303932&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{EC991B43-CB70-4873-8EE6-2E123D41EF68}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\SearchScopes\{F7A86141-9903-4E03-91E8-0E7D58F882C8}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=c59837b7-6a9e-4dc8-9063-26e43fd9f700&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;localhost
 
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 29 C2 DF 03 DE CD 01  [binary data]
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2348935875-1290815277-1805202927-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "FBDownloader"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20"
FF - prefs.js..extensions.enabledAddons: %7Bd49175b3-3fd8-43b8-b28e-da5d47f3c398%7D:1.0.45
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfat203fbdgy20&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.08 19:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.11.08 21:21:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.08 19:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.21 12:58:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 19:25:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.07 19:25:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\AgentMango\AppData\Roaming\Mozilla\Firefox\Profiles\wxktyh3b.default\extensions\mail@shopping-preise.de
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\AgentMango\AppData\Roaming\Mozilla\Firefox\Profiles\wxktyh3b.default\extensions\firejump@firejump.net
 
[2011.04.08 19:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\Extensions
[2012.08.01 22:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.07 21:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.07 21:09:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\AgentMango\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.01 22:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged
[2012.12.14 11:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\Firefox\Profiles\wxktyh3b.default\extensions
[2012.10.07 15:00:36 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\AgentMango\AppData\Roaming\mozilla\Firefox\Profiles\wxktyh3b.default\extensions\OneClickDownload@OneClickDownload.com
[2012.07.31 12:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\extensions\gophoto@gophoto.it.xpi
[2012.12.14 11:37:09 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.09 23:29:44 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2011.05.07 12:34:49 | 000,002,335 | ---- | M] () -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\searchplugins\bing.xml
[2012.12.09 23:29:49 | 000,002,431 | ---- | M] () -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\searchplugins\FBDownloader.xml
[2011.05.07 12:34:50 | 000,002,077 | ---- | M] () -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\searchplugins\{94FAC860-9178-4E8C-A647-4F0F8239A49A}.xml
[2011.05.07 12:34:50 | 000,002,188 | ---- | M] () -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\searchplugins\{B6BBAE84-57A1-45B0-B07A-8995959A5894}.xml
[2011.05.07 12:34:50 | 000,001,870 | ---- | M] () -- C:\Users\AgentMango\AppData\Roaming\mozilla\firefox\profiles\wxktyh3b.default\searchplugins\{B735400A-920E-4C36-81DF-31293496F4C4}.xml
[2012.12.07 19:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.07 19:25:40 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2012.12.07 19:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.07 19:25:44 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.08 08:14:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 07:36:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.08 08:14:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 08:14:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.19 22:29:36 | 000,002,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mystartggtb.xml
[2012.06.08 08:14:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 08:14:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.16 08:54:18 | 000,416,709 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14380 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\AgentMango\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\CHIP MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)
O3 - HKLM\..\Toolbar: (no name) - {6596e107-8944-4a8c-8045-62fda3697008} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [DataMgr] C:\Users\AgentMango\AppData\Roaming\DataMgr\datamgr.exe (HTTO Group, Ltd.)
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [EPSON SX210 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [Protector] C:\Users\AgentMango\AppData\Roaming\SDIV 2.0\Prot\prot.vbs ()
O4 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000..\Run: [TU] C:\Users\AgentMango\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe ()
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\AgentMango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\AgentMango\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\AgentMango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O8 - Extra context menu item: Free YouTube Download - C:\Users\AgentMango\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\AgentMango\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B1BE564-0113-4851-98A2-1E670BC182D0}: DhcpNameServer = 10.40.0.11 10.40.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF009586-4B0D-4758-AE47-5ECDFF85CA29}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 21:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.28 21:18:53 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.12.28 21:18:52 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.12.28 21:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.28 21:18:40 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.28 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Local\Programs
[2012.12.21 12:59:49 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.12.21 12:59:46 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.12.21 12:59:43 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.12.21 12:59:36 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.12.21 12:59:13 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 12:59:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.21 12:58:19 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.21 12:58:18 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.12.20 00:08:35 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\ICQM
[2012.12.20 00:08:16 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\ICQ-Profile
[2012.12.19 18:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.19 18:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.12 22:48:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 22:48:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 22:48:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 22:48:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 22:48:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 22:48:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 22:48:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 22:48:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 10:21:56 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 10:21:54 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 10:21:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 10:21:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 10:21:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 10:21:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 10:21:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 10:21:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 10:21:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.11 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\HpUpdate
[2012.12.09 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\SDIV 2.0
[2012.12.09 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\HMN
[2012.12.09 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
[2012.12.09 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Local\fbDownloader
[2012.12.09 23:29:09 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\DataMgr
[2012.12.09 23:27:58 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\AgentMango\Desktop\PhotoScape_V3.6.2.exe
[2012.12.09 22:39:36 | 000,000,000 | R--D | C] -- C:\Users\AgentMango\Documents\HP Photo Creations
[2012.12.09 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\AgentMango\AppData\Roaming\Visan
[2012.12.09 22:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012.12.07 19:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.05.21 07:58:32 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Users\AgentMango\hjsplit.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.29 10:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.29 10:23:04 | 000,013,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 10:23:04 | 000,013,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 10:18:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.12.29 10:17:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.29 10:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.29 10:10:59 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 23:52:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 21:18:54 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.28 21:18:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.28 21:18:43 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.25 09:59:08 | 000,921,636 | ---- | M] () -- C:\PAP7501.dat
[2012.12.21 13:01:22 | 000,428,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.19 17:39:58 | 002,753,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.19 17:39:58 | 001,232,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.19 17:39:58 | 000,781,556 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.19 17:39:58 | 000,691,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.18 19:20:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job
[2012.12.18 19:04:01 | 000,000,568 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for AgentMango.job
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.14 15:41:25 | 000,022,212 | ---- | M] () -- C:\Users\AgentMango\Desktop\smile.jpg
[2012.12.12 10:24:07 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 10:24:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.09 23:29:09 | 000,002,077 | ---- | M] () -- C:\Users\AgentMango\Desktop\fbDownloader.lnk
[2012.12.09 23:28:48 | 000,000,995 | ---- | M] () -- C:\Users\AgentMango\Desktop\PhotoScape.lnk
[2012.12.09 23:28:07 | 002,833,592 | ---- | M] () -- C:\Users\AgentMango\Desktop\FBDSFAT203B.exe
[2012.12.09 23:28:03 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\AgentMango\Desktop\PhotoScape_V3.6.2.exe
[2012.12.09 22:39:12 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.28 21:18:54 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.28 21:18:43 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.14 15:41:25 | 000,022,212 | ---- | C] () -- C:\Users\AgentMango\Desktop\smile.jpg
[2012.12.09 23:29:09 | 000,002,077 | ---- | C] () -- C:\Users\AgentMango\Desktop\fbDownloader.lnk
[2012.12.09 23:27:58 | 002,833,592 | ---- | C] () -- C:\Users\AgentMango\Desktop\FBDSFAT203B.exe
[2012.12.09 22:36:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.11.19 17:38:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.10.10 21:14:16 | 006,127,464 | ---- | C] () -- C:\Windows\System32\nvopencl.dll
[2012.09.08 15:54:09 | 000,154,244 | ---- | C] () -- C:\Users\AgentMango\susi2080912.JPG
[2012.09.08 15:54:09 | 000,146,995 | ---- | C] () -- C:\Users\AgentMango\susi080912.JPG
[2012.07.23 18:20:20 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.07.17 10:03:06 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.07.17 10:03:06 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.06.07 10:30:12 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.06.03 19:09:22 | 001,482,562 | ---- | C] () -- C:\Users\AgentMango\2012-06-03 17.02.10.jpg
[2012.06.03 19:09:22 | 001,476,187 | ---- | C] () -- C:\Users\AgentMango\2012-06-03 17.02.03.jpg
[2012.06.03 19:09:22 | 001,457,203 | ---- | C] () -- C:\Users\AgentMango\2012-06-03 17.02.06.jpg
[2012.06.03 19:09:22 | 001,309,166 | ---- | C] () -- C:\Users\AgentMango\2012-06-03 17.03.55.jpg
[2012.06.03 19:09:22 | 000,906,141 | ---- | C] () -- C:\Users\AgentMango\2012-06-03 16.57.55.jpg
[2012.06.03 19:09:22 | 000,902,623 | ---- | C] () -- C:\Users\AgentMango\2012-06-03 16.58.22.jpg
[2011.09.17 11:50:51 | 006,681,257 | ---- | C] () -- C:\Program Files\RonyaSoft CD DVD Label Maker 3.01 Install.exe
[2011.09.17 11:50:51 | 000,000,463 | ---- | C] () -- C:\Program Files\File_id.diz
[2011.07.16 20:20:24 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.26 12:53:25 | 000,005,120 | ---- | C] () -- C:\Users\AgentMango\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.11 19:48:15 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.06.11 19:48:15 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.07 12:27:34 | 000,053,760 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV76.sys
[2011.05.07 12:17:58 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2011.05.07 12:08:55 | 000,029,184 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV52.sys
[2011.04.29 13:13:22 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.05.23 19:06:01 | 000,000,600 | ---- | C] () -- C:\Users\AgentMango\PUTTY.RND
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

Flowercloud · 29.12.2012, 10:43

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.12.2012 10:27:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Flowercloud\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 60,13% Memory free
6,50 Gb Paging File | 5,12 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 694,67 Gb Total Space | 244,27 Gb Free Space | 35,16% Space Free | Partition Type: NTFS
Drive D: | 7,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: AGENTMANGO-PC | User Name: AgentMango | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2348935875-1290815277-1805202927-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{507748CF-E3A1-47A9-AD4C-C3AE4E91183B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58E0C094-C0C1-440C-9378-4738431F6A5E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6648E499-9FB2-48CD-A7B9-4B231B687601}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6AB636B0-2BC9-416D-93E3-CD5DDEB9E4C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88325C18-0EFA-4F91-9A93-B40CDE889F02}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{8CD789B7-3FD9-4F15-BB94-665C296C0817}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A261B3C9-BDD3-4EB8-981D-07B8464E96B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACCAF826-BE7B-4BB2-8516-802ABA0A7857}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2A77DE8-AAEF-4DAC-AFD7-E6FB421ED8BA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE014058-AC66-4D14-8B3C-185B71E1AB99}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EB895277-1B57-4954-8907-5F4AE784BF94}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F95A06B5-AC5C-4E0D-8856-AE8F09EE5DB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001C41F4-149C-4668-997E-EB5D71520A0D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00D8E954-873A-4303-A5C8-4ED00F0AD50A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0245D2F4-8584-44D1-961A-0977634C4CAD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0278E960-FD17-4708-BE0E-678527AA77E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{03014A06-C1F6-424C-A03E-41A48F79C34F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{03E4CE88-1089-492B-9241-254428DD8B03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{03F56AF4-E75A-4BAA-A4C9-D61A5FA2D9D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0427B0AC-B83B-4201-BD97-480121CF1DAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04B2FC99-E43E-4978-994A-44A88EE71A6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{057C6BFB-66F6-456F-AD5A-CED9F58A5DA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{075C6F14-DD18-4F7B-8253-2C65BF57A532}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A2B5B73-7504-4936-92C1-2EBAD3E52FBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0A38DB7D-D8D0-4408-81FD-9778D1194990}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A3A2482-0458-4291-8D61-D28A81237CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A43883F-9A51-4EFA-B369-FCA42AFAB664}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A963027-8F5D-4F22-8D9E-49B3B83C357F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AC7748E-CA70-4A3E-87BD-C00313C5DF26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AF2241A-0960-4693-AA1F-246BE9F83314}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B5DD630-1CE3-41F2-8392-48029F10059C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C22C3BD-60FA-4352-9CB6-DD307750DA16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D03DBDE-C185-442C-BE83-7E8310E172EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0D592700-019B-40FF-98AF-A6A2A0E4C015}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0E118DF8-43E2-40C4-8495-674E844146F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0ED12ED2-EC49-4BB3-98F4-1B228CE28470}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10001A7E-FE37-46B2-84DA-AC56AA77FB6B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10C66D47-4A10-462F-86CF-BE487BD64410}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{139ACD52-E0F6-4319-9F78-D0EDAC5CA346}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13A3239F-E100-4D71-BA14-D2B0A229105E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{144ECD2C-5AE5-4CC0-81CA-F511E3C26DFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14E91E26-ABAC-496D-BBB8-66939C5FDDA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1524F920-F1A5-47B2-A439-416DDDB5ACB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{162AB09E-D259-4DEF-A7A7-39B88911061F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17E8E6AB-A5EF-42DF-8EC1-D5EEF45A2CD6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18073B63-391C-4194-9220-9AFF35FFA239}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18730B00-5694-4FAD-85AA-B174E42852E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1875C218-A276-4D7C-A05B-07239E24C478}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A13D006-3570-491F-BD09-A770E8F39870}" = protocol=6 | dir=in | app=c:\users\agentmango\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1C3703C5-4E7E-413E-ACF4-E6A216A197E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1C8A27AF-7CA3-4220-A0E2-F964CFBB3E8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E2EA6B3-ACC7-4AEE-938A-05DA3FF96AD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E45D0C0-E47E-49DC-9F38-5D3C1C146F8D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E8B2157-DEC9-4488-9957-A6F4191CF34D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F7AF411-7CEF-40EB-8AF5-7DC8C5C4B25E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1FAD5182-CC59-4564-8AAE-C1CDFEE85EEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1FBB0EC6-2B65-46F0-B989-78180300F251}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1FFE3C3F-ECFB-4045-9587-2F7599CF6518}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20095EDF-E9E3-4F69-B1B3-F296A947F894}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{211D801F-561D-458C-AAF2-6BC88302379F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2175C823-09B0-473C-A198-4A558826F843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21FA7D9E-1C58-4DAB-BA06-39743AC1E9F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{22A562E8-CABB-4647-9E39-DA5E0F724BB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{244B1CFC-FEE8-4436-BD29-22D0E8F7ABED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{247C131D-CF70-4FCE-AAD6-68138401B23A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24A358E2-D27F-46B9-A093-125626AFA98B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24CBA94D-0701-45DD-A2A5-D6700DA2A169}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25200CC4-16F8-4CEE-9155-302F2614C6EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25B3F590-CBE7-4A58-B528-A48699D111DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25F05EEA-AE65-4014-8C31-EF512C76D4F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26E080E1-0223-4E05-AF87-DFF85122A45D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2755216D-CE96-42C3-8FC9-EF269E12505D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2792F291-6DDB-435F-8E9E-1EA1B4D146AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27C1036A-1AD2-4507-97C9-D80095FDEBE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2806CBE5-9F4E-4564-92E9-128F42E7061E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28CE3986-C4CC-4D56-9481-B50A2576DB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{296E921C-6214-47A6-9083-A13C20F38380}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{297C2085-0DDF-42B4-BDAE-8247463E335E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AC51ECF-26A8-40CA-993F-F90CF56C51ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2BBDE27B-3BCD-41D1-A4FA-6A132B912F44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2BD81FC1-F06F-421C-B6D4-95EFCF38A2C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C62A87C-381F-4D4B-8762-82F2FD6065D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F1F408F-C50B-42D1-A80D-3E8A122FBE6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F61A834-3953-427F-B393-8EDB2AD31CFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FEBF9FD-E8F5-49DC-B44B-9B823DEA6390}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30F9EB60-A478-4C9B-8129-05A897CD993A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{31086FCE-F6A6-4D3C-8A72-DD71906A51A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{326860DB-DF65-42F6-91DE-59F7FD3305D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32905819-9D10-4D63-9049-CFE584BCFD78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3291A591-1A2B-42A6-9DD0-F19D9CA0A8F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33454BA3-8FF7-413F-8E2C-13375C93D080}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33FA2612-B6E8-436F-A92D-C2CF0B037C1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{341CD417-06B9-4B17-9D0E-AEE60FD3C831}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36B3AEBF-7C6F-46ED-BAEA-B1D240C2C05D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3725E438-6F02-42D1-BD19-01359719108F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37C3D80A-CF31-45A3-B9D3-72EA26489387}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{38688439-D632-4499-878D-BA83DDE28CEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3876120F-E01C-4CC0-8903-A7188A107DF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3915F8AE-B696-4124-8D08-99EC9E3400D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3920FB33-EC40-42D6-99C0-4B178D6F4B71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A4B164E-ECE5-46FB-BF96-512C18350095}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3B21A300-BABB-4349-B824-A4E214513A98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3B654C74-EA66-4910-BEAC-71CB1B6FE977}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3B88BEA7-B569-41DC-A245-BE2037397FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C50F74F-0C85-47F6-AD3D-F79F24BF4B8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C5F0B67-9DAB-4D74-A533-14BB5C7C8F26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C6C6313-DD85-485A-8B11-FE600454BB69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F375D0E-970B-415B-B1D1-A0393AC43F2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FEA294A-BF82-436F-AA31-06780BBD65FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{401E0901-3E85-4FEC-84D0-9291D3E0FF8B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{405BA985-E147-487A-A5A4-26D9C63D1C08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40A4DD4C-8832-437C-949A-E216E4D3A55C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4172F4BD-2DD5-4DD3-9FF3-DA8EA61BCC3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{41877981-8EFF-451B-9F51-55966525FC7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42C0E456-7EC0-4C5D-B9EB-429B2EB2C105}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42EFE536-0C73-46A2-8D4F-855078FE366D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44D0522B-6E32-493A-958E-39BF6527F632}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44ED5F91-ED26-4CEE-A738-078DBD7BBD42}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4537CD28-43A4-4E0D-9BEE-0C6CD2F37D07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4551B0BE-D599-4441-8705-94E1183048B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45BD78B2-F290-422A-AFBB-60CE3103AEB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46DF2A37-52F2-4021-8DBE-A3A91FC0DD60}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{47845D10-A895-4363-9D9F-9AC946E96F5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{480CB338-40A9-4FF7-8BD8-26ED754E4A72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{480FEE75-D14C-45E3-808F-3A253ADE48AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48210BAB-A29D-4B4F-8ED2-1FCF5E72D57C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48A01F19-9A43-4933-9C5D-820A4EBF1470}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4948A0E8-DDBC-4AD2-96BC-9D9F70F8906E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{498BA7CE-5B10-4EFA-ABEC-7CE790928C14}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{499D6A0E-63A9-4A01-8741-E1130D3402C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B387F48-EE9E-4F41-9992-1B98A2ABD376}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B9CA7BF-35A5-404B-9324-27A6A2037C4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D0DD1E8-ADF8-4D64-B2A7-A716A2E45148}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4D6F6998-14F7-4D2A-AA1B-7581094D0311}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4D81E490-CC7B-406E-A66F-50909E5B7D25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4F916B53-723A-4C46-B09D-B92325E7C999}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5075533E-28A2-4C82-A617-C04272469B81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50C9C2CE-3381-4367-97FB-2D968222F570}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50F42A48-8EDB-4B4C-A0C8-1AC5F7998140}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{513E8D9E-A7BA-4470-9A0B-601F99BD3F08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51416B76-36F6-4FB1-BD3B-C09A4FA7F5B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51449F79-E02F-472D-95BC-1DD212DEE17C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5261A120-F5BA-4AF4-A23B-01C84A0A7604}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53664D6B-FBF6-45F2-B8A2-CBF3F19E8C26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53AA4916-9C52-4870-8DBF-082ED8714132}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54652C57-3247-44D0-AB4F-C7286E2FE5BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54E2E1F1-4DDC-4E4B-BB0C-6F72807D13E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5515AB6F-6DB3-4873-AC54-53B72B3ABF78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55940AB6-28F4-4BB5-9E1D-7B5AEBD24B47}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55B13BC2-8571-4F0B-8347-90FE110D5D9C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55CCD4C4-6640-46E0-9593-0F221C7A5832}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55F4AE7D-8446-4878-83EE-4C7336A2BB9D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57E20660-BC15-4125-AD68-708410FCBF3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{583EC3F1-9D6B-4F7D-BC95-C8B1189A8CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58971D5E-E837-45F7-B3F6-9C1B3DA30AF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58A95F2B-83C1-4401-88EA-1C2BC35452F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{58FDF8BC-CEF7-4FEB-B471-FBA5B520AC9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A131455-BC20-453C-85C7-5978A701CAE3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5A420EEE-3E0B-456F-A933-44B5DCE4BAED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5A73D317-720C-4CEB-8A84-124F7589EC72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B194E32-5CF9-486A-BE51-523C7A4650A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BEF71CC-2399-4CCD-A60A-B53D4DC9502F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CFCA1AF-CBD7-414B-85AA-10EAF3EDE7AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5DEE8A1B-2BD0-4134-8530-9AAE1BE23514}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5EC16660-258B-4FA1-8949-3990990D57B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5ED168EF-C996-4305-9326-6CC6266877E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F30F54C-9024-4EB8-9AC8-71EFA57C3F2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F3BA6BD-2357-4F1B-855A-D7C8D4D347F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F3DDDDE-5590-4652-B085-506C9BE01DF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F7D350B-5597-4720-96B4-770E481F4C22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FAF58C3-93E3-47FF-9D1B-9BB2E3673486}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FE566AE-BC63-43C3-9A31-8F94A4BE8391}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FF289E0-4D1B-4C12-AC8B-433CA28FC442}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{606BE9E7-C947-424C-9D4B-EC67BCD1F8AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60A7F823-B052-4433-A0D8-2F6882B69B38}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60B8779A-B6BA-492C-936F-361A2504D8F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{6173996D-2CDE-45BC-9F26-FAD2E3FF1620}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6175B3EF-141A-47B4-957C-C13476169ECB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{618F3BEC-5DB2-41C7-9670-CC6D55EDD178}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62FD9D89-8FDC-499C-A013-4DEB6867C9EB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{633D1E61-1339-4BDE-BFFA-483E0C763C87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6465CD91-7232-4CD3-AD62-61CCCB659E7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64BDF477-6E14-4210-8E01-1757185B7662}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64F7240D-9610-4E02-96CB-B25CE92F41F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{671D1989-A043-4F15-B7E6-145AE3D1609F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{680C3BD8-B774-4C94-A03C-CF5764024606}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B85897D-27D7-4C6D-8635-62E12C57095D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D600A5E-246A-4A8E-A6CE-CC2B248EEFCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6FBF5E06-3732-40A6-A8C5-B1A8C3E691B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72150E8C-E330-4B24-B7A6-288EB54E0563}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72A8AD49-40AB-4675-B42D-FD528D2B8E5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72A96836-CF68-4B27-AE42-C1C0F05EC176}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{730636EA-AE5D-4C1B-BE68-C85B5EF05895}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73177184-7486-49A3-B28E-F5C894891DA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74816F48-E84B-4F57-AA44-03878CCBDF66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76ACFBE0-844F-4FC4-97F1-5D223E9645B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77E6BF87-A887-4777-A540-B2D3522B7B9D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B4A3956-F6C5-4AD3-8661-BC82D8505F6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B6E6BB9-4111-447C-AC3E-B4C4E59A293A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7CC8180F-9ED8-46B6-8AAC-989032041559}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7DC15417-14E9-4A90-A4BC-E7F328E2D9E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7E670BE0-7A70-4783-97BE-BFC38EA4EE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F6977B8-134F-4291-8285-D2E21ED0B2D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{801E9A80-686B-41B8-BEC0-1D5E977C5206}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8117FC38-104B-4316-AF38-6E9B4E794276}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{812030FD-6CA7-4550-BCEB-DC606A866148}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{818759FA-2452-4392-8B8C-963126988175}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81A8488A-5932-42BB-9C68-6FAFD023C5F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81BB668C-4256-40CD-9C89-39F4E0C9037E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82394721-765A-4A74-9AA8-F315D316B761}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8302DDB7-61F5-46A6-AF25-684240E37B08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83102DD4-E757-4F03-8C47-30B7C3942FA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83527FC1-76CC-435C-ABCF-96B5D48DAA42}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83E77FB4-C736-451F-891C-3184092F761D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83F99F5B-2890-4553-BA72-B341704D6B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{852E64C1-5E62-4603-957A-2FC26BE13B35}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{872CCCB2-F6F6-4449-B4B5-FB693633B57F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87DDFC0E-0AA0-4544-88BE-0499A5CA1E12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88133113-33FD-474A-923C-67365EEDF141}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{886052F9-E094-40A0-8286-52AD05C8AE10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8873753E-3095-4CBB-947E-779ECFC4186A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{889A30CA-4B72-4CA2-9629-7A526DEAB2E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88C5CF6E-5783-4F04-968C-246906CD83B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A59DE0A-6786-4676-B567-D5EC3444BDB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A86AD08-DBAB-45C1-B032-49444ED042C3}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe | 
"{8AA23CEE-DB03-4BF9-87C6-639459E16C97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B94BA47-04CC-4B5E-9F76-B873442D3345}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C807F93-0F47-4101-AF6B-8F236D1D5DC9}" = protocol=6 | dir=out | app=system | 
"{8CEF3903-8A55-4731-B81A-0D04DC2E0DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D993AFF-FAF8-4577-A8CA-171958C8B28A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8DDEE261-A35B-47C4-BAD2-24823CE91F55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E3C4309-7805-4805-A979-074CB27FFAEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9050DBA6-4C7E-49ED-B498-50AEEB23B113}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9095DEC0-C042-4453-9B38-522E75C4BDDD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90C0C496-A1FB-4360-A1A5-4EAAD4B7D6CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90DD4631-7DE5-45A3-98A4-BA22E2D3F1A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90EBD55C-3F9A-4346-AED8-9C9A29A48CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90F9FEA1-EA78-47BC-89FD-2EB797D1A1F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91147589-3311-4AA5-AF3D-C8C340BF1D9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9265CE58-14E4-4350-AA36-28E01348B7F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92BBC84F-EAD4-4CC0-837D-8BC703646929}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92F5769B-7705-418C-98D6-6B9742A60623}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{931C0DFA-F0FA-46FA-947A-E4186DC42F99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96DF986B-14E5-45B7-AABA-BB5D427B1FC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9772C7B8-117B-4E0F-AB21-134AF8D41843}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97843B84-7B11-4B4D-859A-F038E82A0531}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98455C27-F6BF-45BD-99F0-90E22EBE1A8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{988F1B41-7300-4B0C-84DB-A74C658C50E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98D7AA18-AA63-43D9-A9F6-F7A7B0349A9D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{994AB3CC-97F0-4992-B783-A1AF028CEA31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9AF5AF54-8455-450A-96D1-FA4A7AD5C7AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B138146-C483-492C-B111-0C323843FF6B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9BCF1AE6-D4A2-47B4-99B8-142CE3E4732F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9C3FC146-4CC0-400C-96FE-5EBE3E4FF9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D4CCAFC-D97E-47E8-9A73-03F98E13FDCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D51B0A2-EC9A-47B1-90FA-6561629F4724}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D7F9435-A6C4-457E-8804-9071924C96EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DF0679C-FF4C-4B1A-A541-6FD05A291600}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E35493A-8798-4597-83F7-D3B3A3ECF23D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F45495C-CD15-4518-8866-44860B9E4BDF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A000FA8E-B31E-45DD-8834-E7C8ACE97928}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A048477C-5E22-4E89-8D94-8D903850A8C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A1A35A4E-1260-4D9C-B7BA-B502C4176A72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A207004D-324C-456B-B35B-CE014A7DA431}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A215C072-0F95-4743-94EA-290D26B0863E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5177E02-02B2-4F3B-9B64-AE1FE5E26413}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A66EC8CE-5DF9-4411-BC37-F8672A3C0DD4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A6AAE8D7-5E34-410B-8D96-E4D2993983C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8CD9EC4-9716-46F6-AECB-CB357AFCDFD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8EF0437-2FBA-4EC8-99F9-7A8149322A4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA6B3B70-9217-4DAA-8F40-7C21D6896555}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA96A28C-DC5E-41D4-821F-711B4E02477E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA981C34-090F-4016-927A-0856A16EFB3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAFA6D93-FFB0-40E6-BC6B-1D05B291FCEB}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{AB267B50-04E2-4172-8C97-62E442621FB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AC3EB5C5-7A90-4572-B5A4-14624B67E331}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACEBEDDC-47E2-4E3F-93DF-7F460BF7CD7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE530CFC-9FD4-4FB3-8811-7F4EC9C48156}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B02DD488-7B31-452C-90BD-EE42AA6AA8F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0B3BB7B-16EE-4DFF-AD80-99B61FB3FB11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1034DE3-4DD5-400E-A257-192FA5857D47}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B120CBED-EAA4-4524-B921-5B7FBB89D26D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2255BEA-5900-42D4-8078-6F065A97F15A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B2971901-30CF-4451-A10B-4C3E893727A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B361F85A-D30F-4176-807F-DBAF42A52743}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B41D31A1-68FD-4DDC-AC3A-FF3AEA62B309}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B435792E-87EC-4731-93E3-B8E2D64A0629}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4404A77-176F-483D-A9F3-E0495FDE5694}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4BCF7BD-F86E-4325-A7C2-6D36678C3A67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4CBC3FE-84F7-4511-AC43-A0CAE8622581}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4FC8845-58D4-4275-A3A6-ED4F9CDCC7D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B50F7735-3C41-42A6-9DC6-FC691DA30E3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B570AA8B-CD47-491D-B497-E366A3833AF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6347442-4881-495B-B163-BF1792281F2C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7898906-2EAF-4EEA-B603-0AD7020227F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8924D1A-F62B-4EC9-BD9C-CD9E5BE679B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B902891A-5AF8-4A8A-961F-9551986C9735}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B95C130B-D247-45B1-91EA-7E2A38F7BA36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B96F1583-B6C4-4CA9-B1E7-E646F24AAE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B978CD8F-BA50-486A-8A42-49692050D33F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BAA19161-46B6-409D-B927-288F73A4BDCA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BAFB588E-CC4F-4E15-99FF-44C7E8392148}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB848266-727E-47BE-A828-A25491F357F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BC0C3DBA-76E4-46B5-B2DF-9B6C776BACBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC677D6F-EFF9-4DF7-B8EC-B4C3F36F2DBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BCA418E6-0325-4374-B6AB-60B39D0FFBD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE3AB2D3-4D36-4629-988E-D16796FCD67E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE52A933-26CA-47A5-B9A7-AFA43682201A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE534029-01AD-4014-B105-E0F9CBDF84B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF6FF0CB-1221-4F4D-BBFA-5E9EE9420C25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFBEA6B4-94CC-4158-A842-DD8F3214BC33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1AC3561-0140-4902-A739-36392B3F00AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2507015-BDEA-45D2-B23C-18BC6EBB0800}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2D98554-CF2F-4F87-9962-A96FA0485F95}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2E4DB0A-58D7-43E9-B88D-C41F5947F231}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3177B32-3E1E-4C9F-8D05-FB29275B54AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C39FE01C-3DF0-4DC3-9499-630B55749EF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C60DE0E4-B544-4547-A09A-34957BCC491C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6933531-9299-48BD-BE12-5A398F915A06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7611CF0-A2E1-46E9-8797-C267E0B20420}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7FAE023-54EF-4660-B81C-CEE5131F52B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8C03FCB-4D1E-46F0-8DFA-F5C333285810}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C9592246-0433-410C-A9EA-7821AA1173D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB2B9C0D-7839-459C-8A28-C0E58B894682}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB91FABC-0080-404C-8F84-FD34C01E7402}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC0769E5-B5B9-4C84-9A10-518B8E0918A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CCCD8353-A9ED-463E-8C31-F5ADA75E4BF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CEB8AA36-1AFB-4A5B-8648-C66632688F13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF653EA4-B543-445E-A043-DD2D3618881B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D017472F-D4E2-4F9A-8901-C2C0B3A24082}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0506876-41E1-4CCB-853B-3A9CEE7FC00C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D093487D-8936-4039-8B48-6FA0851137F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0B7AA8B-EA9B-40AB-93E9-45455F675E3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0FA2511-6F73-4E29-BA66-C91D153A7DD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D1322E4F-E016-4668-B5E2-688E67E7F627}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D14BD003-7ADD-4959-9893-B7CCABFFB24F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D23C91E8-E68A-4523-9288-6C250798B2CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2C5E974-8A91-41D4-9EA4-DC18EC9161DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3157600-CB3D-4660-A3E4-B6CAC00D2F1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D394C102-55D4-40D9-958F-27F891E95310}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3B2BAC5-8B39-4DA4-940D-97BDEAF8971D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3C4F4B2-9A9E-49E4-9CD6-C921C89E1626}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3CB6A09-196A-4C21-8323-15F92F54CEA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3F2E2D6-85F1-483B-9860-6C7F06ABDFD6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D4066294-9FBE-4B03-8D89-4ACCF5AFEFCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5B16407-4493-4E27-8818-D27A013EE4A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D74C96CA-3D24-4978-B5E9-11DECB0565FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D788FD2D-A97B-4FFD-8B30-0C9D1FD8063F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7CF71B4-5D7F-4D09-9863-B4BA5C699F71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D801BB9A-3BD8-445F-AB44-A1E68DDB4752}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D99E288C-38FB-475C-BCB2-2EBBE929728D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA519D5E-016E-4CD0-822E-845A81BA6AFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA5B4CF1-B6F9-43FC-98ED-5997F586C513}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA6D5FDE-21FA-47F2-8219-A56E9CCC184A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DAB11F3A-8F1D-403C-A5E7-7BDA0E6187CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB3C90A3-59AD-4665-B734-9AB8DE5D4C31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC122B40-307C-4243-9512-A0480D0E7997}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD0CB163-DF02-480E-B387-0ACD47503C06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE01F514-AD30-4200-BF85-4D70EE4221EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE335F87-393F-43F0-A022-2C9A4D3EDB73}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF037294-F549-4DAE-A3C7-84C377A2D6CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF7CBF78-B88B-4470-BD62-60EE355C2DA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF82E292-66F7-4C67-B6BB-BC0B6DB36516}" = protocol=17 | dir=in | app=c:\users\agentmango\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E0A12317-81BA-45A6-82FD-AF35FD4A0A60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E15CA14B-8C0D-446F-B398-F456DF2BB362}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E18A6EA3-79C7-47B6-BDCC-CFF592FA5B5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1A9B9C1-BCA0-41C8-9FEE-38746D0E598B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1AFDAEE-1DB5-4F13-8B21-2D6FF48DA04C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E2076094-B39B-4173-A018-651F8FD64274}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E25288CF-C775-4D84-8D88-71DFBD48E9A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E2D878D8-60CF-4D20-A850-95853D9C687E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E366F2DC-3BD9-4EC7-B05E-BCF1770EBDC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E387DFFB-87B8-4331-952B-FC1ABD49DCD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3B34214-D824-41D5-8CAF-FD426446EDA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3B63368-A288-4F7F-A4AD-15BCB2ADAC93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3D9377D-0FAB-4176-8A99-442D614DA857}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E43A50FF-6CC7-4BEB-A3AC-0C33846E8CAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4856547-E086-48BC-869B-0729FF893ECD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E57B3213-0D1D-48A2-8E39-A8D16552757E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6219198-99D8-4646-81C2-5C0A2795CF52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E686C1E0-A0AD-4F8D-985B-54407BA5238D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7048F4D-36D4-42BA-AF39-762DAF8702E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7325E01-CE71-4E93-BA63-B01D13D54C84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E746DC00-AA00-4153-931A-8D771DC12CD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E882F7F1-D26C-444D-B1F2-85A15CE22FC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E97DABFB-6FAD-48FA-B0D1-B228E2089BF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9E2C93B-F6DB-4104-A7E3-78D9D0E52F6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA7BEF45-7B51-4C2B-AD67-D362C87D3549}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA7E18FA-88AB-495B-804E-F59C5722E93F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAE17AA0-2D5A-4A2D-B0C1-4D622DB14FB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAEB431F-3178-4081-B13A-BE1E36501BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB2024F3-60A8-4565-AB7F-8D73D83A2298}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EBB4B9B6-28F0-4AD3-BF64-22EF1C94C403}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EBB7C54B-09EF-40C6-8864-3EDFB7C0BD0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC4A8B3E-F000-421C-BCCD-8D43D1822B36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC762D63-0129-4246-8A74-F46BD83A0140}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC996CDC-EC4D-4DD9-9750-DE4CEDB1B177}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED6797D9-71A7-4351-932C-C20CEB7DA6FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE626FBA-6277-49D0-BECD-B493E1CE5C40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE6BF99F-6D39-4449-BC47-0C93F418EE46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF1DDB0A-F145-4051-827A-3F6201CC4074}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFE3D3EE-9F14-446B-9298-486E9472E07F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0BB1B3F-FEAD-470C-BBC8-97F66674BD77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0C0E0A5-2ACD-4A03-92C6-57777574614E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0D46EE0-B03C-441C-B220-20DCB59ED060}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1360872-77DD-458E-A5BA-3CC530E5765C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F35AE5F8-4447-4868-9B68-0BF6B9B049F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4545632-D533-425A-938C-32E7F86A6200}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F46BE1EA-DC28-4123-9162-CD0C80461E9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F613FCFD-7B88-4CFC-BA73-0B22B417BA12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6CBD290-A003-4941-B719-E596312FF81E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F721B7CC-9E22-4949-8E04-6AE0319F4B5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F75CC576-0F7A-4840-B5DA-F01F1893AA47}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC789FAD-571E-47C1-91B8-E4EBAFE5F648}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCDEB1BA-AD43-4C65-BAEA-C93071D1C3B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCEF37C1-3E96-49CC-BCEC-90EE01FCDFED}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{FD851E46-6199-4EB8-B8C5-316D1FAC6271}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDDAEC99-AA0D-4A54-9287-072E3D794F15}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{B1109FF5-7265-4BF6-BA6A-F2604FAC0D51}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{AFF096AF-021E-4261-92C4-9095AF4FEC11}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07B48D2C-E60D-41E6-B546-11D128F633EC}" = HP Deskjet 2510 series Hilfe
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18DC1F9A-15B9-4707-A9CD-C2F66239261E}" = COMPUTERBILD-Abzockschutz
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de AddOn Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ED4869A-6D7B-4a8f-8261-B842DA4852FA}_is1" = MT66 MP3 Recorder for YouTube 1.0 Professional-E
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEE763B1-34D4-494E-920C-12BCD8A9E76B}" = HP Deskjet 2510 series - Grundlegende Software für das Gerät
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = A4TECH PC Camera K
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ed2403d6-1914-4962-bed4-ce24749b2f51}" = Nero 9 Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1" = MT66 Software Update
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}" = General Module
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audio Record Wizard" = Audio Record Wizard
"Audiograbber" = Audiograbber 1.83 SE 
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"ezCoverMaker 3.1.0" = ezCoverMaker 3.1.0
"Focus MP3 Recorder Pro_is1" = Focus MP3 Recorder Pro 4.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"HP Photo Creations" = HP Photo Creations
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3MyMP3_is1" = MP3MyMP3 3.1
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"RonyaSoft CD DVD Label Maker" = RonyaSoft CD DVD Label Maker 3.01
"ScummVM_is1" = ScummVM 1.2.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.7
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.8
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2348935875-1290815277-1805202927-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"Fastest Free YouTube Downloader to MP3 Converter" = Fastest Free YouTube Downloader to MP3 Converter
"fbDownloader" = fbDownloader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.12.2012 12:27:07 | Computer Name = AgentMango-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 19.12.2012 12:39:54 | Computer Name = AgentMango-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.12.2012 12:39:55 | Computer Name = AgentMango-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 19.12.2012 12:39:55 | Computer Name = AgentMango-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 19.12.2012 19:03:36 | Computer Name = AgentMango-PC | Source = VSS | ID = 8194
Description = 
 
Error - 20.12.2012 07:12:01 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2012 07:50:54 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.12.2012 10:41:30 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.12.2012 12:37:15 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2012 08:51:39 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.12.2012 05:56:04 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.12.2012 12:05:17 | Computer Name = AgentMango-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
 Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe".  Die abhängige 
Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 20.04.2010 02:32:18 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 08:32:18 - Fehler beim Herstellen der Internetverbindung.  08:32:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 02:32:28 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 08:32:23 - Fehler beim Herstellen der Internetverbindung.  08:32:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 03:32:33 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 09:32:33 - Fehler beim Herstellen der Internetverbindung.  09:32:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 03:32:42 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 09:32:38 - Fehler beim Herstellen der Internetverbindung.  09:32:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 04:45:57 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 10:41:46 - Fehler beim Herstellen der Internetverbindung.  10:42:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 05:00:29 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 10:50:32 - Fehler beim Herstellen der Internetverbindung.  10:50:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 06:04:27 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 12:03:52 - Fehler beim Herstellen der Internetverbindung.  12:03:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2010 06:21:21 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 12:08:33 - Fehler beim Herstellen der Internetverbindung.  12:08:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.04.2010 11:12:12 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 17:12:12 - Fehler beim Herstellen der Internetverbindung.  17:12:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.04.2010 11:12:22 | Computer Name = AgentMango-PC | Source = MCUpdate | ID = 0
Description = 17:12:18 - Fehler beim Herstellen der Internetverbindung.  17:12:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 17.05.2011 11:06:22 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16137
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 18.05.2011 14:03:31 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8508
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 10.06.2011 08:42:18 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3106
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 15.11.2011 17:11:20 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3552
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2011 17:58:48 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13559
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2012 12:32:40 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 10637
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 11.03.2012 06:38:15 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1797
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2012 15:58:41 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2262
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 29.05.2012 08:05:28 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4327
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.09.2012 15:42:16 | Computer Name = AgentMango-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4665
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.12.2012 05:37:37 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Zone Alarm Firewall Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.12.2012 05:37:37 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TrueVector Internet Monitor" ist vom Dienst "Zone Alarm
 Firewall Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%2
 
Error - 29.12.2012 05:37:38 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Zone Alarm Firewall Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.12.2012 05:37:38 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TrueVector Internet Monitor" ist vom Dienst "Zone Alarm
 Firewall Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%2
 
Error - 29.12.2012 05:37:39 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Zone Alarm Firewall Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.12.2012 05:37:39 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TrueVector Internet Monitor" ist vom Dienst "Zone Alarm
 Firewall Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%2
 
Error - 29.12.2012 05:37:40 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Zone Alarm Firewall Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.12.2012 05:37:40 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TrueVector Internet Monitor" ist vom Dienst "Zone Alarm
 Firewall Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%2
 
Error - 29.12.2012 05:37:41 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Zone Alarm Firewall Driver" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 29.12.2012 05:37:41 | Computer Name = AgentMango-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TrueVector Internet Monitor" ist vom Dienst "Zone Alarm
 Firewall Driver" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%2
 
[ TuneUp Events ]
Error - 31.10.2012 18:18:38 | Computer Name = AgentMango-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >

--- --- ---

Danke für die rasche Antwort

t'john · 29.12.2012, 16:59

Deinstalliere Zonealarm

danach:

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

und

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Flowercloud · 29.12.2012, 19:58

Hier die beien Logfiles:

# AdwCleaner v2.104 - Datei am 29/12/2012 um 19:09:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : AgentMango - AGENTMANGO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Flowercloud\Downloads\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : \END
Ordner Gelöscht : C:\Program Files\1ClickDownload
Ordner Gelöscht : C:\Users\AgentMango\AppData\Local\fbDownloader
Ordner Gelöscht : C:\Users\AgentMango\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\AgentMango\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\AgentMango\AppData\Roaming\HMN
Ordner Gelöscht : C:\Users\AgentMango\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
Ordner Gelöscht : C:\Users\AgentMango\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged
Ordner Gelöscht : C:\Users\AgentMango\AppData\Roaming\Mozilla\Firefox\Profiles\wxktyh3b.default\extensions\OneClickDownload@OneClickDownload.com
Ordner Gelöscht : C:\Users\AgentMango\AppData\Roaming\SDIV 2.0
Ordner Gelöscht : C:\Users\Flowercloud\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FBDownloader.DownloadPhoto
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{553318DA-D010-469E-84B1-496563CAE1BF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\SweetIM
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Protector]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [TU]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\AgentMango\AppData\Roaming\Mozilla\Firefox\Profiles\wxktyh3b.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20");
Gelöscht : user_pref("browser.search.defaultenginename", "FBDownloader");
Gelöscht : user_pref("browser.search.selectedEngine", "FBDownloader");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20");
Gelöscht : user_pref("extensions.fbdownloader.issearch", true);
Gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfat203fbdgy20&q=");

Datei : C:\Users\Flowercloud\AppData\Roaming\Mozilla\Firefox\Profiles\jfl1zx6y.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\AgentMango\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [70422 octets] - [09/11/2012 23:06:11]
AdwCleaner[S1].txt - [70106 octets] - [09/11/2012 23:07:40]
AdwCleaner[S2].txt - [4921 octets] - [29/12/2012 19:09:32]

########## EOF - \AdwCleaner[S2].txt - [4981 octets] ##########

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.03.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
AgentMango :: AGENTMANGO-PC [administrator]

29.12.2012 19:27:37
mbar-log-2012-12-29 (19-27-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28761
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

t'john · 30.12.2012, 09:57

Sehr gut!

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Flowercloud · 31.12.2012, 10:21

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=90da77ae9182bd44b704db04e1a9ff30
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-12 10:30:05
# local_time=2012-11-12 11:30:05 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 135597 89293447 166010 0
# compatibility_mode=5893 16776573 100 94 13637 104387782 0 0
# compatibility_mode=8192 67108863 100 0 3696 3696 0 0
# compatibility_mode=9217 16777214 75 70 50468668 93860345 0 0
# scanned=82779
# found=1
# cleaned=1
# scan_time=2814
C:\Users\AgentMango\Desktop\softonic_ggl_1.5.24.3.exe Win32/Toolbar.Funmoods application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=90da77ae9182bd44b704db04e1a9ff30
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-13 05:15:27
# local_time=2012-11-13 06:15:27 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 5275 89342666 12367 0
# compatibility_mode=5893 16776573 100 94 20350 104437001 0 0
# compatibility_mode=8192 67108863 100 0 52915 52915 0 0
# compatibility_mode=9217 16777214 75 70 50517887 93909564 0 0
# scanned=181271
# found=5
# cleaned=5
# scan_time=21117
C:\Users\AgentMango\Downloads\Nikola_Staffel_1_DVDRip_Xvid.exe Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\AgentMango\Downloads\SoftonicDownloader_fuer_fastest-free-youtube-downloader-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\AgentMango\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\AgentMango\Downloads\SoftonicDownloader_fuer_mp3directcut.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\11092012_213030\C_Users\AgentMango\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\57df9bac-7d698f70 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=90da77ae9182bd44b704db04e1a9ff30
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-31 12:35:12
# local_time=2012-12-31 01:35:12 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 188189 133623984 0 0
# compatibility_mode=2047 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 109806 108545303 0 0
# scanned=173559
# found=4
# cleaned=4
# scan_time=10370
C:\Users\Flowercloud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\6ce1fa92-371bf850 Java/Agent.FH trojan (cleaned by deleting - quarantined) 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 C
C:\Users\Flowercloud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\65f1e31a-4ab5b0c8 Java/Agent.FH trojan (cleaned by deleting - quarantined) 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 C
C:\Users\Flowercloud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-1343bf89 a variant of Win32/Kryptik.ARIS trojan (cleaned by deleting - quarantined) A9742FC70D95DF4F722D439B98A82AFC3A71F79C C
C:\Users\Flowercloud\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\401f6b1f-2b686461 Java/Agent.FH trojan (cleaned by deleting - quarantined) 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8

t'john · 31.12.2012, 14:16

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 10 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Flowercloud · 03.01.2013, 00:14

Hi,

alle Schritte ausgeführt, Java Plugin war bereits deaktiviert in meinem Browser (Firefox)
Daher bekam ich wohl 2 Mal dasselbe angezeigt beim Plugin Check:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 17.0 ist aktuell

Flash (11,5,502,135) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,0,379 ist aktuell.

t'john · 03.01.2013, 04:49

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

t'john · 02.03.2013, 11:07

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Polizeivirus, die Zweite

Log-Analyse und Auswertung: Polizeivirus, die Zweite