| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: schadware gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.03.2013, 21:01
| #1 |
 |  schadware gefunden Hallo an alle Helfer, ich habe heute Nachmittag schon ein Thema "Programme geben oft "Keine Rückmeldung"" erstellt und wurde daraufhingewiesen, dass ich mit hoher Wahrscheinlichkeit eine Schadware auf meinem PC habe. C:\Users\Stephie\AppData\Roaming\kb00690909.exe Habe die Datei bei Virustotal scannen lassen und es hat einen Trojaner... Wie kann ich die Datei sicher entfernen? Vielen Dank im voraus, stephie-m |
|
28.03.2013, 21:29
| #2 |
| | schadware gefunden Virustotal-Analyse |
|
01.04.2013, 20:22
| #3 |
| /// Helfer-Team  | schadware gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
01.04.2013, 20:43
| #4 |
| | schadware gefunden Logfile - Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.01.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stephie :: STEPHIE-PC [Administrator] 01.04.2013 21:30:04 mbam-log-2013-04-01 (21-30-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214942 Laufzeit: 5 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 3 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1988 -> Keine Aktion durchgeführt. C:\Users\Stephie\AppData\Roaming\kb00690909.exe (Trojan.Ransom.ED) -> 4140 -> Löschen bei Neustart. C:\Users\Stephie\AppData\Roaming\Syloge\ente.exe (IPH.Trojan.Zbot.Rke) -> 4480 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00690909.exe (Trojan.Ransom.ED) -> Daten: "C:\Users\Stephie\AppData\Roaming\KB00690909.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zysuhena (IPH.Trojan.Zbot.Rke) -> Daten: C:\Users\Stephie\AppData\Roaming\Syloge\ente.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lxnxyett (Trojan.Ransom.ED) -> Daten: C:\Users\Stephie\Rpwmsryrm\jutfyett.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|logoned (Trojan.FakeMS.PRGen) -> Daten: "C:\Users\Stephie\AppData\Roaming\logoned.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 30 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Users\Stephie\AppData\Roaming\kb00690909.exe (Trojan.Ransom.ED) -> Löschen bei Neustart. C:\Users\Stephie\AppData\Roaming\Syloge\ente.exe (IPH.Trojan.Zbot.Rke) -> Löschen bei Neustart. C:\Users\Stephie\Rpwmsryrm\jutfyett.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\logoned.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Ahok\abvua.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Fyduom\ezuro.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Goynz\oryc.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Irniyq\amah.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Piwena\ubow.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Pogi\omiti.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Rohu\paipa.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Roaming\Togu\ihpif.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\defv.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\execot.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\fpgafjajaf.pre (Trojan.VBAgent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\hpylpnmybc.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\lshzlfwhfl.pre (Trojan.VBAgent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\mixerca.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\montjvideo.exe (Trojan.Agent.RV) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\{0D58-249F1F8-249F5F8} (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\{1346A-253F778-253FB78} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\{335C-55F434-55F834} (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\{4C8B-5EF150-5EF550} (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\{DC45-99F2E0-99F6E0} (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\{E328-87F7A8-87FBA8} (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\tmp24f41928\win86-update.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\tmp88ad218c\vv07031a.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\tmpc39dc4f2\vv2603.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Stephie\AppData\Local\Temp\tmpef0a59ee\vv1303.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 01.04.2013 21:47:07 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephie\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,41% Memory free 7,81 Gb Paging File | 5,94 Gb Available in Paging File | 76,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 40,53 Gb Free Space | 34,00% Space Free | Partition Type: NTFS Drive D: | 153,85 Gb Total Space | 134,55 Gb Free Space | 87,46% Space Free | Partition Type: NTFS Computer Name: STEPHIE-PC | User Name: Stephie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stephie\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Tobit Radio.fx\Server\rfx-server.exe () PRC - D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Users\Stephie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe () PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) ========== Modules (No Company Name) ========== MOD - D:\Tobit Radio.fx\Client\rfx-client$.ger () MOD - D:\Tobit Radio.fx\Client\tobitclt.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe () SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe () SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe () SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe () SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS File not found DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS File not found DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek) DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://bl150w.blu150.mail.live.com/default.aspx IE - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://bl150w.blu150.mail.live.com/default.aspx" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.08 20:40:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.07 19:51:39 | 000,000,000 | ---D | M] [2012.04.19 16:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephie\AppData\Roaming\mozilla\Extensions [2012.10.23 18:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephie\AppData\Roaming\mozilla\Firefox\Profiles\qywex7t2.default\extensions [2012.07.07 19:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001..\Run: [muluwzss] C:\Users\Stephie\AppData\Roaming\Fwclrczbf\ysfcnwzss.exe () O4 - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stephie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6084424-62D9-4208-9DB7-F693DD8B94DA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.01 21:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.01 21:28:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.01 21:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.01 21:27:42 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Local\Programs [2013.03.28 17:46:08 | 000,000,000 | ---D | C] -- C:\Users\Stephie\Desktop\Gin Wigmore [2013.03.26 13:47:25 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Utewp [2013.03.26 13:47:25 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Togu [2013.03.26 13:47:25 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Oqvuty [2013.03.21 09:26:57 | 000,000,000 | ---D | C] -- C:\Users\Stephie\Documents\Visual Studio 2010 [2013.03.21 01:21:43 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Osmei [2013.03.21 01:21:43 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Irniyq [2013.03.21 01:21:43 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Arhi [2013.03.20 14:53:54 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.15 09:51:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.15 09:51:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.15 09:51:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.15 09:51:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.15 09:51:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.15 09:51:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.15 09:51:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.15 09:51:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.15 09:51:34 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.15 09:51:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.15 09:51:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.15 09:51:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.15 09:51:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.15 09:51:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.15 09:51:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.15 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Sepe [2013.03.15 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Egzea [2013.03.15 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Ahok [2013.03.15 09:42:46 | 000,000,000 | -H-D | C] -- C:\Users\Stephie\AppData\Roaming\Fwclrczbf [2013.03.14 00:05:14 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\hdbADS [2013.03.14 00:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5 [2013.03.14 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor [2013.03.13 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Welad [2013.03.13 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Fyduom [2013.03.13 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Ahtona [2013.03.09 11:30:50 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Iwtu [2013.03.09 11:30:50 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Goynz [2013.03.09 11:30:50 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Coof [2013.03.07 17:47:40 | 000,000,000 | -H-D | C] -- C:\Users\Stephie\AppData\Roaming\FA028CBC [2013.03.07 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Qaiwro [2013.03.07 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Ofbyal [2013.03.07 17:37:56 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Rohu [2013.03.07 09:08:38 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Kuge [2013.03.07 09:08:38 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Egyne [2013.03.07 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Pogi [2013.03.07 08:55:23 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Piwena [2013.03.07 08:55:23 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Dalie [2013.03.07 08:55:23 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Boolco [2013.03.06 18:16:53 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Odyf [2013.03.06 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Wuerqu [2013.03.06 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Syloge [1 C:\Users\Stephie\Desktop\*.tmp files -> C:\Users\Stephie\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.01 21:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.01 21:44:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 21:44:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 21:43:41 | 001,827,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.01 21:43:41 | 000,773,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.01 21:43:41 | 000,728,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.01 21:43:41 | 000,176,398 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.01 21:43:41 | 000,149,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.01 21:37:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.01 21:37:04 | 3146,620,928 | -HS- | M] () -- C:\hiberfil.sys [2013.04.01 21:28:03 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 22:27:50 | 000,042,671 | ---- | M] () -- C:\Users\Stephie\Documents\virustotal Copy.pdf [2013.03.21 12:00:59 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2013.03.21 11:56:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.21 11:56:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.19 19:58:17 | 512,483,290 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.15 10:00:28 | 000,000,197 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.03.13 09:28:23 | 000,431,985 | ---- | M] () -- C:\Users\Stephie\Desktop\fl_gutsch_wellness_2013.pdf [1 C:\Users\Stephie\Desktop\*.tmp files -> C:\Users\Stephie\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.01 21:28:03 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 22:27:49 | 000,042,671 | ---- | C] () -- C:\Users\Stephie\Documents\virustotal Copy.pdf [2013.03.15 10:00:28 | 000,000,197 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2013.03.13 09:28:22 | 000,431,985 | ---- | C] () -- C:\Users\Stephie\Desktop\fl_gutsch_wellness_2013.pdf [2011.12.17 00:06:40 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2011.10.18 15:13:37 | 001,805,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.27 21:46:30 | 000,003,584 | ---- | C] () -- C:\Users\Stephie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.24 05:35:51 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.24 05:35:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.06.24 05:35:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.06.24 05:35:49 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.06.24 05:35:49 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Ahok [2013.03.13 10:03:28 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Ahtona [2013.01.08 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\APP_NAME_NON_STRING [2013.03.21 01:21:43 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Arhi [2011.09.21 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\ASUS WebStorage [2013.03.07 08:55:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Boolco [2013.03.09 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Coof [2012.03.25 16:24:05 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\DAEMON Tools Lite [2013.03.07 08:55:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Dalie [2013.04.01 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Dropbox [2013.03.07 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Egyne [2013.03.15 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Egzea [2013.03.21 11:59:31 | 000,000,000 | -H-D | M] -- C:\Users\Stephie\AppData\Roaming\FA028CBC [2013.03.15 09:42:46 | 000,000,000 | -H-D | M] -- C:\Users\Stephie\AppData\Roaming\Fwclrczbf [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Fyduom [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Goynz [2013.03.14 00:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\hdbADS [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Irniyq [2013.03.09 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Iwtu [2013.03.07 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Kuge [2011.09.22 23:20:57 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Nuance [2013.03.06 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Odyf [2013.03.07 17:37:57 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Ofbyal [2011.10.18 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\OpenCandy [2013.03.26 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Oqvuty [2013.03.21 01:21:43 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Osmei [2013.01.12 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\PDF Architect [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Piwena [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Pogi [2013.03.07 17:37:57 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Qaiwro [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Rohu [2013.03.15 09:43:39 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Sepe [2013.04.01 21:37:02 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Syloge [2013.01.09 15:19:45 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Systweak [2012.04.23 13:13:53 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\TerraTec [2011.12.17 00:07:00 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Tobit [2013.04.01 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Togu [2011.11.19 16:18:02 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Ubisoft [2013.03.26 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Utewp [2013.03.13 10:03:28 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Welad [2011.10.13 09:35:36 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Windows Live Writer [2013.04.01 21:24:24 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Wuerqu [2011.09.22 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Stephie\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > [/CODE] OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.04.2013 21:47:07 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,41% Memory free
7,81 Gb Paging File | 5,94 Gb Available in Paging File | 76,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 40,53 Gb Free Space | 34,00% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 134,55 Gb Free Space | 87,46% Space Free | Partition Type: NTFS
Computer Name: STEPHIE-PC | User Name: Stephie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2697099691-3998865766-2942868751-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0251A35E-0D4A-41C5-91CF-76A3C4962575}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0610149B-A0EF-47B5-B7DE-2968AE0EC39D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13CD9274-D0DF-49CD-ABD0-6AC8B0F3F6E0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{15882703-EF3E-4397-A936-D271E19469B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1A9E3AEB-C9AD-4D3E-A19F-4EF3C7C2E6EC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1D9FC9D4-951D-4F11-A7B2-DD58904C86B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26B42F3C-D8B9-41AE-A22F-42B66736B758}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2976FFB7-CC14-4C56-9920-7352D2F74FFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EE635C1-D5BF-459D-9381-C51AD46092EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35BD656B-E36A-45CA-AC44-F9CC6984DD12}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{402CDA59-B8DA-4EC5-BFA9-F5E42D6202B9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{624F893F-0FAD-48DC-876F-CAF95C7966F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{62C44C00-3409-4212-856B-8DE7CC0E0453}" = rport=445 | protocol=6 | dir=out | app=system |
"{6AA67A5B-76D3-4DF2-81CD-472FF0792550}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8EAE4816-3189-4F81-A75E-B4A10CE105D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{9397316A-26B8-4CCB-8D84-CA72C50E98A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99566637-2929-49BA-8B1A-6B4860442E87}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A089B195-8112-423A-A3D2-99B1DDEE0AC1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{A9E98CDB-0828-4327-B582-35D997A0B8D7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B6E2796D-876D-4A1E-8D43-EEB8B936DF0E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B827E1C7-5A7A-484C-9653-2FE388A8B888}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B8EB73F2-BD26-460A-96AE-9A1AE3C5C002}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD363F5C-31DE-43C2-BE15-96A8A25D3A8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C378691C-ED9E-46AD-B29C-F796B37B8459}" = lport=138 | protocol=17 | dir=in | app=system |
"{E144C2DE-DDE1-44BF-86BB-ECE0BA4E26C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5843EDA-F609-4454-9E1A-6EEFFB1A0846}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4CA4BB3-0431-4038-ABD3-228DE45E4C7D}" = rport=137 | protocol=17 | dir=out | app=system |
"{F51FB0E7-3BC0-4465-9B67-977943E6E1CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F562CA04-BD17-4EB4-A536-781FAFD93530}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9CAEF4E-1635-404E-85F6-2A9ED7D60993}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB9B1A3E-7109-4F3A-A197-481B86BBB43F}" = lport=139 | protocol=6 | dir=in | app=system |
"{FF14D4A2-DB1E-4727-B718-8B88955DD0B8}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017735B0-1C53-4F87-AF6B-AED21B697F90}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{0A6C4451-B642-4642-B920-59FF90B1F619}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11E825CA-56ED-4682-BFB5-D10E97629CE2}" = protocol=17 | dir=in | app=c:\users\stephie\appdata\roaming\dropbox\bin\dropbox.exe |
"{125BB9F1-41D0-4580-B6AD-8B51C98481EE}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{128BA36E-730E-4B39-BB66-2542556906C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17BA377C-B6BA-430B-ADE2-8CD34D5F786C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1D1BCECF-1FC4-4675-94ED-DF34DBB27159}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{21B90AB8-760A-47A8-8625-3976825AE858}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24367EF0-F874-47F6-98ED-09DB8E07AC1D}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{25BDD843-A815-48A8-A216-66D065687049}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{26710C0E-EEED-4642-9758-D4EFB4C9BC23}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{27324633-883E-4F9F-B131-DD4AA76C27FD}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{2FA45838-D945-4BD0-816E-6D2232237F28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31072CEC-AE4A-49D3-81BF-934F22C50D83}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{34214841-A803-4774-AC53-F2A93CBC4F4C}" = protocol=17 | dir=in | app=c:\program files (x86)\mypublicwifi\mypublicwifi.exe |
"{36214E67-66A2-4F2C-BF0B-E48A8CC84A50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{392A14FD-D0FA-4DD7-B4C5-E8733265595E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40BC9029-5868-47CF-BDEC-6355774CB266}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{46894235-6439-4105-BE9B-E81158C4490A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4AE7EDE0-E02F-4DD1-805A-C4CB3C71253A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F8448D3-FD12-4BC1-80AE-53B63FA236FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50591F20-5D2A-4DB1-872B-6677F45B1191}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{50D76052-134E-46DB-AF8E-63827F883C0F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{521D26E4-09D5-4F77-8A43-88ABC0C2D828}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{54513A67-455D-4440-8D57-E4777B242214}" = protocol=6 | dir=in | app=c:\program files (x86)\mypublicwifi\mypublicwifi.exe |
"{5DCFD8A7-644A-4E3D-9A53-DA04F4FE2718}" = protocol=6 | dir=in | app=c:\users\stephie\appdata\roaming\dropbox\bin\dropbox.exe |
"{65ACE937-DEF4-43C6-AC96-E8AC7A46486C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{66388BA0-4221-4B93-BCE7-1931BF34370D}" = protocol=6 | dir=out | app=system |
"{6958E222-A82E-4828-960F-096609220C90}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{72A58780-D9B5-409A-ACF0-C0B742F36833}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{758C8C9A-42B2-41CD-BCD9-D42FA41C7347}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{82BD611D-EB67-4A30-A6F3-F676F3F45961}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{84C34DF7-D4D7-4D5C-81A8-EE72BE2B77CF}" = protocol=6 | dir=in | app=c:\program files (x86)\mypublicwifi\mypublicwifi.exe |
"{8660E44C-BD6E-454D-AAF8-11A9B6E0A673}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{8BB402D1-7DB1-4C41-9AEE-D979F1F58332}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{909D87DA-C534-411A-A597-0DDE4FF9242F}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{92E00AC1-F491-4ABD-A842-56479FC42A12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9B059DE7-B9AC-4BCE-B60E-1220488242AE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5093F98-7C1E-4FF1-BFC6-474E962C5C87}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A8B185AF-D8EC-4AFE-B253-8B514BB636EC}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{BB790368-BEA4-4B28-85EC-842455BD2DCF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BB83CEA5-F037-41C8-8A26-C5723CEBBDF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCD46770-A7F1-4975-A4DA-942AC8D47480}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{BF292D59-3102-4572-98D5-B0D28A6D7548}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3492F38-8072-4496-904B-3BEE929EC999}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6C6B1D3-0B45-4739-8005-64F32425532B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C94D9796-4B69-45D9-BA0B-DEF173908CD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C98DB1A8-58D8-49EA-B5D0-C90FEDE6ED32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC8401CC-997D-4452-B5C9-1610168DF2D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCEB306C-EED7-44C6-B7E4-7DF10C9DF462}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCF1CD67-D2D0-4CC8-AB84-2C32B0376C8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3449E73-5F2C-4C05-A24C-C6150666303E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D694415D-F2C0-4317-B17D-CD95A19FCA27}" = dir=in | app=d:\itunes\itunes.exe |
"{D904829A-3A20-4EEB-A001-7A92B3A2BA70}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBD92D2E-C04F-40AA-A21B-CDA54D49EF0B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{E0E4F101-2A2D-4558-8FCB-1E5E0A20A55F}" = protocol=17 | dir=in | app=c:\program files (x86)\mypublicwifi\mypublicwifi.exe |
"{E7AE60E9-4BAC-4FA2-83A7-905A2BAA2692}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F87166A2-BE11-4F7C-A9F2-FF7D81B5277B}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{FDC8A22B-E121-435E-A79D-0C0ED5B46F6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{3AFA617D-AEC7-457B-A3F4-9E967A204045}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{48BB861B-C93D-472D-850C-79FFCBF1A334}C:\users\stephie\appdata\roaming\syloge\ente.exe" = protocol=6 | dir=in | app=c:\users\stephie\appdata\roaming\syloge\ente.exe |
"TCP Query User{54F7FCB6-C2EC-492F-BB60-BFC0DAB9356A}C:\users\stephie\appdata\roaming\syloge\ente.exe" = protocol=6 | dir=in | app=c:\users\stephie\appdata\roaming\syloge\ente.exe |
"TCP Query User{78E29D03-1EF4-4B4C-B455-DC4D458BE5B0}C:\users\stephie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stephie\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8010B3F7-DE6D-4443-A346-B2B833F05606}C:\users\stephie\dropbox\wirtschaftsinformatik\gw2.exe" = protocol=6 | dir=in | app=c:\users\stephie\dropbox\wirtschaftsinformatik\gw2.exe |
"TCP Query User{B779CFE7-BE7D-41C5-B2A5-F53569F428BC}C:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"TCP Query User{C28372C0-B93E-4CBE-89BB-01BBE4E45012}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{FC51CAC0-1FA2-4656-A64A-562FFCD4C54D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{0D196B11-5964-4956-A00B-CB2B87FAFF41}C:\users\stephie\dropbox\wirtschaftsinformatik\gw2.exe" = protocol=17 | dir=in | app=c:\users\stephie\dropbox\wirtschaftsinformatik\gw2.exe |
"UDP Query User{25CD9467-D3DE-4F91-A91F-D8A8A5A6D602}C:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"UDP Query User{36BBD3FF-E91C-4A59-BCD2-EF65F551C8E8}C:\users\stephie\appdata\roaming\syloge\ente.exe" = protocol=17 | dir=in | app=c:\users\stephie\appdata\roaming\syloge\ente.exe |
"UDP Query User{4C95677E-37DD-454D-8A48-D3F718EB2E1B}C:\users\stephie\appdata\roaming\syloge\ente.exe" = protocol=17 | dir=in | app=c:\users\stephie\appdata\roaming\syloge\ente.exe |
"UDP Query User{9234CB19-2624-418C-9E4A-1677D520B31F}C:\users\stephie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stephie\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A04D8A4D-946F-4A5B-8B66-868BF8387CFB}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{B5B8BB11-98E5-446B-9AF8-3B9C5780AB27}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{D3CC3CAB-CA71-4127-877C-7FD84BD9C19D}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{38B1233D-8170-407A-ACE0-C68892D9ACB5}" = Microsoft SQL Server 2008 Management Studio
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"nbi-nb-base-7.1.2.0.0" = NetBeans IDE 7.1.2
"Shrew Soft VPN Client" = Shrew Soft VPN Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DD2DCC6-21AE-4678-8629-1084B17BE077}" = Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch)
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695E67B6-8B95-4160-9650-92974980CDC1}" = Microsoft SQL Server 2008-Richtlinien
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ASUS_Screensaver" = ASUS_Screensaver
"Cinergy T Stick RC" = Cinergy T Stick RC V86.001.1129.2011
"Cooking Dash" = Cooking Dash
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.6.804
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"SpecialSavings" = SpecialSavings
"Tobit Radio.fx Server" = Radio.fx
"Updater Service" = Updater Service
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2697099691-3998865766-2942868751-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2013 14:20:28 | Computer Name = Stephie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.03.2013 14:20:28 | Computer Name = Stephie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023
Error - 29.03.2013 14:20:28 | Computer Name = Stephie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023
Error - 29.03.2013 14:20:29 | Computer Name = Stephie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.03.2013 14:20:29 | Computer Name = Stephie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6084
Error - 29.03.2013 14:20:29 | Computer Name = Stephie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6084
Error - 01.04.2013 06:57:50 | Computer Name = Stephie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470,
Zeitstempel: 0x510c8801 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x030d0005 ID des fehlerhaften
Prozesses: 0x1238 Startzeit der fehlerhaften Anwendung: 0x01ce2ec7ae924575 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fe2d4955-9aba-11e2-ad24-14dae9cab928
Error - 01.04.2013 06:58:02 | Computer Name = Stephie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470,
Zeitstempel: 0x510c8801 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06110005 ID des fehlerhaften
Prozesses: 0x1288 Startzeit der fehlerhaften Anwendung: 0x01ce2ec7aeb0a357 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 05ac094d-9abb-11e2-ad24-14dae9cab928
Error - 01.04.2013 06:58:06 | Computer Name = Stephie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16470,
Zeitstempel: 0x510c8801 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x06bc0005 ID des fehlerhaften
Prozesses: 0x12b8 Startzeit der fehlerhaften Anwendung: 0x01ce2ec7aecb098a Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 080d81da-9abb-11e2-ad24-14dae9cab928
Error - 01.04.2013 06:59:06 | Computer Name = Stephie-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 920 Startzeit:
01ce2ec7d4be40eb Endzeit: 41 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
2383a22b-9abb-11e2-ad24-14dae9cab928
[ Media Center Events ]
Error - 29.11.2011 07:53:22 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 12:53:22 - Fehler beim Herstellen der Internetverbindung. 12:53:22
- Serververbindung konnte nicht hergestellt werden..
Error - 29.11.2011 07:53:32 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 12:53:27 - Fehler beim Herstellen der Internetverbindung. 12:53:27
- Serververbindung konnte nicht hergestellt werden..
Error - 29.11.2011 08:53:36 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 13:53:36 - Fehler beim Herstellen der Internetverbindung. 13:53:36
- Serververbindung konnte nicht hergestellt werden..
Error - 29.11.2011 08:53:42 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 13:53:41 - Fehler beim Herstellen der Internetverbindung. 13:53:41
- Serververbindung konnte nicht hergestellt werden..
Error - 02.12.2011 13:14:27 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 18:14:26 - Fehler beim Herstellen der Internetverbindung. 18:14:27
- Serververbindung konnte nicht hergestellt werden..
Error - 02.12.2011 13:14:38 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 18:14:32 - Fehler beim Herstellen der Internetverbindung. 18:14:32
- Serververbindung konnte nicht hergestellt werden..
Error - 04.12.2011 05:16:17 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 10:16:17 - Fehler beim Herstellen der Internetverbindung. 10:16:17
- Serververbindung konnte nicht hergestellt werden..
Error - 04.12.2011 05:16:30 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 10:16:22 - Fehler beim Herstellen der Internetverbindung. 10:16:22
- Serververbindung konnte nicht hergestellt werden..
Error - 10.12.2011 06:25:56 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 11:25:56 - Fehler beim Herstellen der Internetverbindung. 11:25:56
- Serververbindung konnte nicht hergestellt werden..
Error - 10.12.2011 06:26:18 | Computer Name = Stephie-PC | Source = MCUpdate | ID = 0
Description = 11:26:01 - Fehler beim Herstellen der Internetverbindung. 11:26:01
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.04.2013 06:59:07 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 01.04.2013 15:23:36 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 01.04.2013 15:23:47 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 01.04.2013 15:24:04 | Computer Name = Stephie-PC | Source = ipnathlp | ID = 31004
Description =
Error - 01.04.2013 15:25:48 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update Service (gupdate) erreicht.
Error - 01.04.2013 15:25:48 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 01.04.2013 15:37:18 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 01.04.2013 15:37:32 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SASDIFSV SASKUTIL
Error - 01.04.2013 15:39:34 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update Service (gupdate) erreicht.
Error - 01.04.2013 15:39:34 | Computer Name = Stephie-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
[/CODE] Mfg  stephie-m |
|
02.04.2013, 06:51
| #5 |
| /// Helfer-Team | schadware gefunden Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O4 - HKU\S-1-5-21-2697099691-3998865766-2942868751-1001..\Run: [muluwzss] C:\Users\Stephie\AppData\Roaming\Fwclrczbf\ysfcnwzss.exe ()
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2013.03.15 09:42:46 | 000,000,000 | -H-D | C] -- C:\Users\Stephie\AppData\Roaming\Fwclrczbf
[2013.03.15 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Sepe
[2013.03.15 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Egzea
[2013.03.15 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\Stephie\AppData\Roaming\Ahok
[2013.03.07 17:47:40 | 000,000,000 | -H-D | C] -- C:\Users\Stephie\AppData\Roaming\FA028CBC
[2013.04.01 21:44:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 21:44:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Stephie\*.tmp
C:\Users\Stephie\AppData\*.dll
C:\Users\Stephie\AppData\*.exe
C:\Users\Stephie\AppData\Local\Temp\*.exe
C:\Users\Stephie\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
02.04.2013, 09:37
| #6 |
| | schadware gefundenCode:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2697099691-3998865766-2942868751-1001\Software\Microsoft\Windows\CurrentVersion\Run\\muluwzss deleted successfully.
File move failed. C:\Users\Stephie\AppData\Roaming\Fwclrczbf\ysfcnwzss.exe scheduled to be moved on reboot.
C:\ProgramData\FullRemove.exe moved successfully.
Folder move failed. C:\Users\Stephie\AppData\Roaming\Fwclrczbf scheduled to be moved on reboot.
C:\Users\Stephie\AppData\Roaming\Sepe folder moved successfully.
C:\Users\Stephie\AppData\Roaming\Egzea folder moved successfully.
C:\Users\Stephie\AppData\Roaming\Ahok folder moved successfully.
C:\Users\Stephie\AppData\Roaming\FA028CBC folder moved successfully.
File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Stephie\*.tmp not found.
File\Folder C:\Users\Stephie\AppData\*.dll not found.
File\Folder C:\Users\Stephie\AppData\*.exe not found.
C:\Users\Stephie\AppData\Local\Temp\memkbwin.exe moved successfully.
C:\Users\Stephie\AppData\Local\Temp\SkypeSetup.exe moved successfully.
File\Folder C:\Users\Stephie\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Stephie\Downloads\cmd.bat deleted successfully.
C:\Users\Stephie\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Stephie
->Temp folder emptied: 194981812 bytes
->Temporary Internet Files folder emptied: 619856980 bytes
->FireFox cache emptied: 112531486 bytes
->Flash cache emptied: 2997 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 405920426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 130257938 bytes
Total Files Cleaned = 1.396,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04022013_102616
Files\Folders moved on Reboot...
C:\Users\Stephie\AppData\Roaming\Fwclrczbf\ysfcnwzss.exe moved successfully.
C:\Users\Stephie\AppData\Roaming\Fwclrczbf folder moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Users\Stephie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.02.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stephie :: STEPHIE-PC [Administrator] 02.04.2013 10:40:32 mbam-log-2013-04-02 (10-40-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386061 Laufzeit: 1 Stunde(n), 21 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 1888 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Löschen bei Neustart. C:\_OTL\MovedFiles\04022013_102616\C_Users\Stephie\AppData\Roaming\Fwclrczbf\ysfcnwzss.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.115 - Datei am 02/04/2013 um 12:46:15 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Stephie - STEPHIE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stephie\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\PriceGong
Ordner Gelöscht : C:\Program Files (x86)\SpecialSavings
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Linkury
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Stephie\AppData\Local\Linkury
Ordner Gelöscht : C:\Users\Stephie\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Stephie\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Ordner Gelöscht : C:\Users\Stephie\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v13.0.1 (de)
Datei : C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\qywex7t2.default\prefs.js
C:\Users\Stephie\AppData\Roaming\Mozilla\Firefox\Profiles\qywex7t2.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4434 octets] - [02/04/2013 12:45:48]
AdwCleaner[S1].txt - [4476 octets] - [02/04/2013 12:46:15]
########## EOF - C:\AdwCleaner[S1].txt - [4536 octets] ##########
[/CODE] |
|
18.05.2013, 10:37
| #7 |
| /// Helfer-Team | schadware gefunden Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
20.05.2013, 20:18
| #8 |
| | schadware gefunden aswMBR scan ist abgestürzt und habe ihn dan nochmal mit der AV Scan Einstellung (none) durchlaufen lassen. aswMBR logfiel Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 18:13:59
-----------------------------
18:13:59.944 OS Version: Windows x64 6.1.7601 Service Pack 1
18:13:59.944 Number of processors: 4 586 0x2A07
18:13:59.945 ComputerName: STEPHIE-PC UserName: Stephie
18:14:01.019 Initialize success
18:14:12.083 AVAST engine defs: 13052000
18:14:17.748 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:14:17.753 Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3
18:14:17.942 Disk 0 MBR read successfully
18:14:17.946 Disk 0 MBR scan
18:14:17.951 Disk 0 Windows 7 default MBR code
18:14:17.966 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
18:14:17.988 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122098 MB offset 52430848
18:14:17.992 Disk 0 Partition - 00 0F Extended LBA 157545 MB offset 302487552
18:14:18.017 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 157544 MB offset 302489600
18:14:18.142 Disk 0 scanning C:\Windows\system32\drivers
18:14:31.426 Service scanning
18:14:59.670 Modules scanning
18:14:59.676 Disk 0 trace - called modules:
18:15:00.036 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:15:00.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006673060]
18:15:00.047 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004767630]
18:15:00.052 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800476d050]
18:15:00.056 Scan finished successfully
18:15:34.506 Disk 0 MBR has been saved successfully to "C:\Users\Stephie\Desktop\MBR.dat"
18:15:34.510 The log file has been saved successfully to "C:\Users\Stephie\Desktop\aswMBR.txt"
|
|
21.05.2013, 14:31
| #9 |
| /// Helfer-Team | schadware gefunden ESET und SC? |
|
13.09.2013, 17:00
| #10 |
| /// Helfer-Team | schadware gefunden Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
Linear-Darstellung
