| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.07.2013, 23:49
| #1 |
| |  Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" Hallo zusammen, vorweg: Ich bin neu hier in diesem Forum.  Schön, dass es sowas wie hier gibt.Ich habe mich wohl vor 3 Tagen mit einem sog. Verschlüsslungstrojaner infiziert. Eingelteitete Maßnahmen: - Avira Virenscanner durchgelaufen - Kaspersky Online Scanner durchgelaufen - Malewarebytes Anti-Maleware durchgelaufen, hatte mehrere Bedrohungen gefunden, leider ohne Log-Datei Es scheint sich wohl um einen "trojan.ransom" oder "Decrypt Protect Virus" zu handeln. Wie macht sich dieser Virus bemerkbar? Beispiel: Im Windows-Explorer unter "Eigene Bilder" finde ich eine .html Datei namens "READ TO DECRYPT!!!" Der Inhalt dieser Datei sieht wie folgt aus:  Ich habe zunächst mal unter "Ordner und Dateien" alle versteckten Dateien wieder eingeblendet. Und siehe da, die vermeintlich entfernten Dateien (durch den Virus) sind wieder dort. Allerdings nicht mehr lesbar. Leider hat es auch meine externe Festplatte erwischt, die wohl zu dem Zeitpunkt mitgelaufen ist. Es sind immer 3 Dateien, die im Ordner neben "READ TO DECRYPT!!!.html" zu finden sind. - Thumbs.db - 2 x die Datei desktop.ini Inhalte der beiden Dateien desktop.ini: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21803 InfoTip=@%SystemRoot%\system32\shell32.dll,-12689 IconResource=%SystemRoot%\system32\imageres.dll,-3 [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21790 InfoTip=@%SystemRoot%\system32\shell32.dll,-12689 IconResource=%SystemRoot%\system32\imageres.dll,-108 IconFile=%SystemRoot%\system32\shell32.dll IconIndex=-237 Inhalt der Datei "READ TO DECRYPT!!!"  Ich werde mein System komplett neu aufsetzen, um restlos die infizierten Dateien zu löschen. Gibt es aber eine Möglichkeit, die betroffenen Dateien wiederherzustellen? Sollten irgendwelche Log-Dateien wie OTL, defogger etc. erforderlich sein, so poste ich diese selbstverständlich. Vielen Dank schonmal, MrMatrix |
|
06.07.2013, 23:52
| #2 |
| /// Malware-holic   | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" Hi
__________________das löschen bei Malware, die Dateien verschlüsselt is eher ungünstig. Formatieren is noch schlechter. ich benötige alle bisher erstellten logs. http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
|
07.07.2013, 00:11
| #3 |
| | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" Ok, sollte kein Problem sein. Leider habe ich die bisherigen Scans nicht mit der Log-Datei gespeichert.
__________________Malwarebytes Logdatei Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.05.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 MrMatrix :: CORE2DUO [Administrator] Schutz: Aktiviert 06.07.2013 02:17:45 mbam-log-2013-07-06 (02-17-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 548162 Laufzeit: 3 Stunde(n), 13 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\MrMatrix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4dd97ad9-65b35511 (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL Logdateien OTL.txt Datei OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.07.2013 00:24:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrMatrix\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,96% Memory free 15,95 Gb Paging File | 13,12 Gb Available in Paging File | 82,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 622,42 Gb Free Space | 66,82% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 284,11 Gb Free Space | 95,31% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 25,02 Gb Free Space | 5,37% Space Free | Partition Type: NTFS Computer Name: CORE2DUO | User Name: MrMatrix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.07 00:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrMatrix\Desktop\OTL.exe PRC - [2013.07.03 08:13:22 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.07.02 19:45:48 | 000,239,496 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe PRC - [2013.06.27 16:13:29 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 16:13:22 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.27 16:13:22 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.06.11 22:05:09 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.06.05 14:18:06 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe PRC - [2013.06.03 13:06:20 | 003,999,512 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.07 03:57:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.03.20 07:23:33 | 000,513,048 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe PRC - [2013.03.20 07:23:29 | 000,323,336 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe PRC - [2013.03.20 07:23:27 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe PRC - [2013.02.07 18:38:55 | 001,838,872 | ---- | M] (Tobit.Software) -- C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe PRC - [2012.12.07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2012.11.09 21:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyD.exe PRC - [2012.11.09 21:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Connectify\ConnectifyService.exe PRC - [2010.04.23 09:14:00 | 000,126,976 | R--- | M] () -- C:\Windows\system\3DG4me.exe ========== Modules (No Company Name) ========== MOD - [2013.07.03 08:13:22 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.06.11 22:05:08 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.05 14:21:18 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll MOD - [2013.06.03 13:06:00 | 009,907,712 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll MOD - [2013.05.16 14:28:32 | 000,242,688 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger MOD - [2013.03.20 07:24:55 | 000,043,272 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DHProcedure\DHProcedure.dll MOD - [2012.12.12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll MOD - [2012.12.07 15:15:16 | 007,422,392 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll MOD - [2012.12.07 15:15:12 | 002,126,264 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll MOD - [2012.12.07 15:15:12 | 001,270,200 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll MOD - [2012.12.07 15:15:12 | 000,192,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll MOD - [2012.12.07 15:15:10 | 002,453,944 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll MOD - [2012.12.07 15:15:10 | 000,795,064 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll MOD - [2011.08.24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_ssl.pyd MOD - [2011.08.24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\koan\_ctypes.pyd MOD - [2011.08.24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_socket.pyd MOD - [2010.04.23 09:14:00 | 000,143,360 | R--- | M] () -- C:\Windows\system\3DG4me.dll MOD - [2010.04.23 09:14:00 | 000,126,976 | R--- | M] () -- C:\Windows\system\3DG4me.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.03 08:13:22 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.27 16:13:29 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 16:13:22 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.13 11:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.06.11 22:05:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 13:06:20 | 003,999,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.08 00:37:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2013.04.07 03:57:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.20 07:23:29 | 000,323,336 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe -- (CyberLink PowerDVD 13 Media Server Service) SRV - [2013.03.20 07:23:27 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe -- (CyberLink PowerDVD 13 Media Server Monitor Service) SRV - [2013.02.28 20:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2012.11.09 21:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.30 22:36:28 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cm11264.sys -- (USBADVAU) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.30 18:34:34 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.30 18:34:34 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 18:34:34 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.13 23:03:07 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:64bit: - [2012.12.26 19:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.03.19 11:08:28 | 000,130,320 | ---- | M] (CyberLink Corp.) [2013/07/01 21:05:49] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl -- ({09F57980-3432-4AFC-957D-27AC45FAE1F5}) DRV - [2012.11.16 17:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=UP72DHP&pc=UP72&dt=031613 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 DE 5B A6 92 21 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: betterfacebook%40mattkruse.com:6.603 FF - prefs.js..extensions.enabledAddons: admin%40proxy-listen.de:1.0.4.5 FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.601 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..network.proxy.http: "41.78.26.154" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 08:13:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 08:13:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.05 20:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\Extensions [2013.06.24 21:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\Firefox\Profiles\phezuvoi.default\extensions [2013.06.24 21:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\Firefox\Profiles\phezuvoi.default\extensions\trash [2013.06.01 18:26:37 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\firefox\profiles\phezuvoi.default\extensions\admin@proxy-listen.de.xpi [2013.03.06 23:35:27 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\firefox\profiles\phezuvoi.default\extensions\betterfacebook@mattkruse.com.xpi [2013.06.24 21:03:53 | 000,155,222 | ---- | M] () (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\firefox\profiles\phezuvoi.default\extensions\socialfixer@mattkruse.com.xpi [2013.05.09 04:42:11 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\firefox\profiles\phezuvoi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.06 23:38:55 | 000,155,983 | ---- | M] () (No name found) -- C:\Users\MrMatrix\AppData\Roaming\mozilla\firefox\profiles\phezuvoi.default\extensions\trash\socialfixer@mattkruse.com.xpi [2013.03.05 20:28:36 | 000,002,376 | ---- | M] () -- C:\Users\MrMatrix\AppData\Roaming\mozilla\firefox\profiles\phezuvoi.default\searchplugins\icq.xml [2013.07.03 08:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.03 08:13:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [3DG4me] C:\Windows\system\3DG4me.exe () O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [icq] C:\Users\MrMatrix\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKCU..\Run: [NoIPDUCv4] C:\Program Files (x86)\No-IP\DUC40.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E6F8DC2-8342-422F-8564-9FC3CB280E75}: NameServer = 192.168.104.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A03A52FE-4128-40EE-BB39-EB34B222FDE8}: NameServer = 192.168.152.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E93E8608-3BDC-4FF2-9CAF-3DF98FE1D073}: DhcpNameServer = 83.169.185.161 83.169.185.225 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.06 01:22:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{615954bc-85bf-11e2-9e46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{615954bc-85bf-11e2-9e46-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Msetup4.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.07 00:23:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MrMatrix\Desktop\OTL.exe [2013.07.06 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\SUPERAntiSpyware.com [2013.07.06 02:58:49 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.07.06 02:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.07.06 02:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.07.06 02:51:13 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013.07.06 02:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.07.06 02:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.07.06 02:10:26 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Malwarebytes [2013.07.06 02:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.06 02:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.06 02:10:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.06 02:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.06 01:51:48 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\ElevatedDiagnostics [2013.07.06 01:23:11 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\JPEGsnoop [2013.07.06 01:22:16 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.07.06 01:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.06 01:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.07.06 00:59:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.07.03 08:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.02 21:47:01 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\WinRAR [2013.07.02 16:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQM [2013.07.02 15:43:56 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2013.07.02 15:43:56 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\Apps [2013.07.02 14:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.07.02 03:07:00 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\Diagnostics [2013.07.02 03:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.07.02 02:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7 MAC Address Changer [2013.07.02 02:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win7 MAC Address Changer [2013.07.02 02:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.07.01 21:13:28 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\Cyberlink SoftDMA [2013.07.01 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\Documents\CyberLink [2013.07.01 21:10:32 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\CyberLink [2013.07.01 21:05:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2013.07.01 21:05:44 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\MediaServer [2013.07.01 21:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2013.07.01 21:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.07.01 21:05:25 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\CyberLink [2013.07.01 21:05:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13 [2013.07.01 21:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.07.01 21:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.07.01 21:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013.07.01 20:54:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\bptable [2013.07.01 20:54:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\bdplus [2013.07.01 19:12:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\vid [2013.07.01 19:12:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\tks [2013.07.01 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\log [2013.07.01 18:20:51 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\Documents\BDCopy [2013.07.01 18:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blu-ray Copy [2013.07.01 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Blu-ray Copy [2013.07.01 18:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blu-ray Copy [2013.07.01 18:11:10 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\Documents\O&O [2013.07.01 18:11:07 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Local\O&O [2013.07.01 18:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2013.07.01 18:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2013.07.01 18:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software [2013.06.30 19:42:14 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\Documents\Nero [2013.06.30 19:41:53 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Nero [2013.06.30 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.06.30 19:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2013.06.30 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\dvdcss [2013.06.30 17:50:40 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\vlc [2013.06.30 17:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.06.30 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.06.17 21:57:31 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\Documents\Staatsexamen [2013.06.16 15:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64 [2013.06.16 15:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64 [2013.06.15 22:59:30 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.06.15 22:23:13 | 000,262,144 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbaListView6.ocx [2013.06.15 22:23:13 | 000,094,208 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalIml6.ocx [2013.06.15 22:23:13 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll [2013.06.15 22:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ Ignore Checker [2013.06.15 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ Ignore Checker [2013.06.15 22:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ Status Checker [2013.06.15 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ Status Checker [2013.06.10 19:45:35 | 000,000,000 | ---D | C] -- C:\Users\MrMatrix\AppData\Roaming\NeatImage SL [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.07 00:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MrMatrix\Desktop\OTL.exe [2013.07.07 00:19:21 | 000,050,477 | ---- | M] () -- C:\Users\MrMatrix\Desktop\Defogger.exe [2013.07.07 00:18:34 | 000,000,000 | ---- | M] () -- C:\Users\MrMatrix\defogger_reenable [2013.07.07 00:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.06 23:50:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.06 23:01:33 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.06 23:01:33 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.06 22:53:21 | 001,612,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.06 22:53:21 | 000,696,730 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.06 22:53:21 | 000,652,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.06 22:53:21 | 000,148,026 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.06 22:53:21 | 000,120,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.06 22:47:42 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.06 22:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.06 10:59:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 00d9ab8c-d749-46ce-af89-c49e3f665ab2.job [2013.07.06 10:44:03 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5c2e7433-4451-484a-b7ae-4e31f0502f97.job [2013.07.06 01:22:43 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.07.02 16:29:29 | 000,001,829 | ---- | M] () -- C:\Users\MrMatrix\Desktop\ICQ.lnk [2013.07.02 02:14:17 | 000,002,041 | ---- | M] () -- C:\Users\MrMatrix\Desktop\JDownloader.lnk [2013.07.02 00:44:12 | 000,004,984 | R--- | M] () -- C:\Users\MrMatrix\READ_TO_DECRYPT!!!.html [2013.07.02 00:44:00 | 005,486,312 | -H-- | M] () -- C:\Users\MrMatrix\Documents\IMG_9617.jpg [2013.07.02 00:44:00 | 000,022,232 | -H-- | M] () -- C:\Users\MrMatrix\Documents\Staatsexamen 2013 – Schriftliche Prüfung - 1. Tag.odt [2013.07.02 00:44:00 | 000,020,616 | -H-- | M] () -- C:\Users\MrMatrix\Documents\Sturmjagd 2013 - Erstes Chasing.odt [2013.07.02 00:44:00 | 000,019,608 | -H-- | M] () -- C:\Users\MrMatrix\Documents\Folder.jpg [2013.07.02 00:44:00 | 000,009,720 | -H-- | M] () -- C:\Users\MrMatrix\Documents\Dienstplan.odt [2013.07.02 00:43:59 | 000,044,648 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{EF8ED277-52BA-46A9-B49E-10D67A934360}_Large.jpg [2013.07.02 00:43:59 | 000,040,056 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{8FA89C72-BA81-4FE1-A612-E896AC2E6DAC}_Large.jpg [2013.07.02 00:43:59 | 000,030,248 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{A331ADFC-ABF7-4B45-A34A-D33C7843D5EC}_Large.jpg [2013.07.02 00:43:59 | 000,028,152 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{FF2486D7-4C5B-45DB-ADC0-3BDDA5B90228}_Large.jpg [2013.07.02 00:43:59 | 000,023,288 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{34A38A07-DEDD-493C-97E6-A7E4FF417719}_Large.jpg [2013.07.02 00:43:59 | 000,008,376 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{A331ADFC-ABF7-4B45-A34A-D33C7843D5EC}_Small.jpg [2013.07.02 00:43:59 | 000,008,184 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{8FA89C72-BA81-4FE1-A612-E896AC2E6DAC}_Small.jpg [2013.07.02 00:43:59 | 000,008,040 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{EF8ED277-52BA-46A9-B49E-10D67A934360}_Small.jpg [2013.07.02 00:43:59 | 000,005,864 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{FF2486D7-4C5B-45DB-ADC0-3BDDA5B90228}_Small.jpg [2013.07.02 00:43:59 | 000,004,984 | R--- | M] () -- C:\Users\MrMatrix\Documents\READ_TO_DECRYPT!!!.html [2013.07.02 00:43:59 | 000,004,920 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArtSmall.jpg [2013.07.02 00:43:59 | 000,004,792 | -H-- | M] () -- C:\Users\MrMatrix\Documents\AlbumArt_{34A38A07-DEDD-493C-97E6-A7E4FF417719}_Small.jpg [2013.07.02 00:43:31 | 000,004,984 | R--- | M] () -- C:\Users\MrMatrix\AppData\Local\READ_TO_DECRYPT!!!.html [2013.07.01 21:05:22 | 000,001,415 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk [2013.07.01 18:20:39 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Blu-ray Copy.lnk [2013.07.01 18:15:26 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\O&O SafeErase.lnk [2013.07.01 00:02:33 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.06.30 17:50:21 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.06.27 16:13:30 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.26 21:33:05 | 002,446,641 | ---- | M] () -- C:\Users\MrMatrix\Documents\Loreen - Euphoria.mp3 [2013.06.25 21:08:39 | 000,000,866 | ---- | M] () -- C:\Users\MrMatrix\Desktop\CCleaner.lnk [2013.06.25 20:59:48 | 002,590,685 | ---- | M] () -- C:\Users\MrMatrix\Documents\Real Life - Send Me An Angel.mp3 [2013.06.23 18:34:39 | 002,866,654 | ---- | M] () -- C:\Users\MrMatrix\Documents\Icehouse - Hey Little Girl.mp3 [2013.06.22 17:48:20 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk [2013.06.15 18:31:57 | 002,960,177 | ---- | M] () -- C:\Users\MrMatrix\Documents\Pet Shop Boys - Suburbia.mp3 [2013.06.15 18:31:06 | 003,144,550 | ---- | M] () -- C:\Users\MrMatrix\Documents\Europe - The Final Countdown.mp3 [2013.06.15 18:18:43 | 003,037,937 | ---- | M] () -- C:\Users\MrMatrix\Documents\Kid Rock - All Summer Long.mp3 [2013.06.15 18:18:13 | 002,419,288 | ---- | M] () -- C:\Users\MrMatrix\Documents\Toto - Hold The Line.mp3 [2013.06.15 18:17:49 | 002,516,771 | ---- | M] () -- C:\Users\MrMatrix\Documents\Kate Ryan - The Promise You Made.mp3 [2013.06.15 18:15:02 | 003,786,164 | ---- | M] () -- C:\Users\MrMatrix\Documents\R.E.M. - Drive.mp3 [2013.06.15 18:14:26 | 003,020,511 | ---- | M] () -- C:\Users\MrMatrix\Documents\Wax - Rosana.mp3 [2013.06.15 18:12:08 | 003,951,342 | ---- | M] () -- C:\Users\MrMatrix\Documents\Rod Stewart - Baby Jane.mp3 [2013.06.15 18:11:51 | 003,661,985 | ---- | M] () -- C:\Users\MrMatrix\Documents\John Farnham - You're The Voice.mp3 [2013.06.15 18:09:18 | 001,791,987 | ---- | M] () -- C:\Users\MrMatrix\Documents\Nik Kershaw - Wouldn't It Be Good.mp3 [2013.06.15 18:08:52 | 002,283,656 | ---- | M] () -- C:\Users\MrMatrix\Documents\Gossip - Move In The Right Direction.mp3 [2013.06.15 18:08:44 | 003,754,570 | ---- | M] () -- C:\Users\MrMatrix\Documents\Billy Idol - Sweet Sixteen.mp3 [2013.06.15 18:07:56 | 002,181,457 | ---- | M] () -- C:\Users\MrMatrix\Documents\Eurythmics - Sweet Dreams.mp3 [2013.06.15 18:07:19 | 003,524,123 | ---- | M] () -- C:\Users\MrMatrix\Documents\Daft Punk - Get Lucky (Feat. Pharrell Williams) (Radio Edit).mp3 [2013.06.15 18:06:55 | 001,897,885 | ---- | M] () -- C:\Users\MrMatrix\Documents\Jimmy Sommerville - Never Can Say Goodbye.mp3 [2013.06.15 17:14:26 | 003,318,441 | ---- | M] () -- C:\Users\MrMatrix\Documents\Robin Thicke - Blurred Lines (Feat. T.I. & Pharrell).mp3 [2013.06.14 17:19:07 | 002,795,516 | ---- | M] () -- C:\Users\MrMatrix\Documents\David Guetta - When Love Takes Over (Feat. Kelly Rowland).mp3 [2013.06.14 17:18:41 | 003,000,137 | ---- | M] () -- C:\Users\MrMatrix\Documents\Peter Kent - It's A Real Good Feeling.mp3 [2013.06.14 17:17:21 | 002,781,592 | ---- | M] () -- C:\Users\MrMatrix\Documents\Capital Cities - Safe And Sound.mp3 [2013.06.10 19:06:40 | 000,000,132 | ---- | M] () -- C:\Users\MrMatrix\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.06.09 18:28:06 | 000,132,387 | ---- | M] () -- C:\Users\MrMatrix\Documents\bookmarks-2013-06-09.json [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.07 00:15:11 | 000,050,477 | ---- | C] () -- C:\Users\MrMatrix\Desktop\Defogger.exe [2013.07.06 12:36:16 | 000,000,000 | ---- | C] () -- C:\Users\MrMatrix\defogger_reenable [2013.07.06 02:59:18 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 00d9ab8c-d749-46ce-af89-c49e3f665ab2.job [2013.07.06 02:59:17 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5c2e7433-4451-484a-b7ae-4e31f0502f97.job [2013.07.06 01:22:43 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.07.02 02:14:17 | 000,002,041 | ---- | C] () -- C:\Users\MrMatrix\Desktop\JDownloader.lnk [2013.07.02 02:14:14 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.07.02 02:14:14 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.07.02 02:14:14 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.07.02 00:44:12 | 000,004,984 | R--- | C] () -- C:\Users\MrMatrix\READ_TO_DECRYPT!!!.html [2013.07.02 00:43:59 | 000,004,984 | R--- | C] () -- C:\Users\MrMatrix\Documents\READ_TO_DECRYPT!!!.html [2013.07.02 00:43:31 | 000,004,984 | R--- | C] () -- C:\Users\MrMatrix\AppData\Local\READ_TO_DECRYPT!!!.html [2013.07.01 21:05:21 | 000,001,415 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk [2013.07.01 18:20:39 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Blu-ray Copy.lnk [2013.07.01 18:10:46 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\O&O SafeErase.lnk [2013.07.01 00:02:33 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.06.30 17:50:21 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.06.30 16:36:24 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013.06.26 21:30:46 | 000,028,152 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{FF2486D7-4C5B-45DB-ADC0-3BDDA5B90228}_Large.jpg [2013.06.26 21:30:46 | 000,005,864 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{FF2486D7-4C5B-45DB-ADC0-3BDDA5B90228}_Small.jpg [2013.06.25 21:08:19 | 005,486,312 | -H-- | C] () -- C:\Users\MrMatrix\Documents\IMG_9617.jpg [2013.06.25 20:41:28 | 000,040,056 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{8FA89C72-BA81-4FE1-A612-E896AC2E6DAC}_Large.jpg [2013.06.25 20:41:28 | 000,008,184 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{8FA89C72-BA81-4FE1-A612-E896AC2E6DAC}_Small.jpg [2013.06.23 18:34:38 | 000,044,648 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{EF8ED277-52BA-46A9-B49E-10D67A934360}_Large.jpg [2013.06.23 18:34:38 | 000,008,040 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{EF8ED277-52BA-46A9-B49E-10D67A934360}_Small.jpg [2013.06.23 03:35:32 | 000,023,288 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{34A38A07-DEDD-493C-97E6-A7E4FF417719}_Large.jpg [2013.06.23 03:35:32 | 000,004,792 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{34A38A07-DEDD-493C-97E6-A7E4FF417719}_Small.jpg [2013.06.22 17:48:20 | 000,001,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk [2013.06.22 17:48:20 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk [2013.06.18 00:14:56 | 000,022,232 | -H-- | C] () -- C:\Users\MrMatrix\Documents\Staatsexamen 2013 – Schriftliche Prüfung - 1. Tag.odt [2013.06.16 15:09:51 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll [2013.06.16 15:09:51 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll [2013.06.16 15:09:50 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll [2013.06.15 22:59:30 | 000,000,866 | ---- | C] () -- C:\Users\MrMatrix\Desktop\CCleaner.lnk [2013.06.15 18:31:57 | 002,960,177 | ---- | C] () -- C:\Users\MrMatrix\Documents\Pet Shop Boys - Suburbia.mp3 [2013.06.15 18:31:06 | 003,144,550 | ---- | C] () -- C:\Users\MrMatrix\Documents\Europe - The Final Countdown.mp3 [2013.06.15 18:19:06 | 002,590,685 | ---- | C] () -- C:\Users\MrMatrix\Documents\Real Life - Send Me An Angel.mp3 [2013.06.15 18:18:43 | 003,037,937 | ---- | C] () -- C:\Users\MrMatrix\Documents\Kid Rock - All Summer Long.mp3 [2013.06.15 18:18:13 | 002,419,288 | ---- | C] () -- C:\Users\MrMatrix\Documents\Toto - Hold The Line.mp3 [2013.06.15 18:17:49 | 002,516,771 | ---- | C] () -- C:\Users\MrMatrix\Documents\Kate Ryan - The Promise You Made.mp3 [2013.06.15 18:15:02 | 003,786,164 | ---- | C] () -- C:\Users\MrMatrix\Documents\R.E.M. - Drive.mp3 [2013.06.15 18:14:26 | 003,020,511 | ---- | C] () -- C:\Users\MrMatrix\Documents\Wax - Rosana.mp3 [2013.06.15 18:12:07 | 003,951,342 | ---- | C] () -- C:\Users\MrMatrix\Documents\Rod Stewart - Baby Jane.mp3 [2013.06.15 18:11:50 | 003,661,985 | ---- | C] () -- C:\Users\MrMatrix\Documents\John Farnham - You're The Voice.mp3 [2013.06.15 18:09:18 | 001,791,987 | ---- | C] () -- C:\Users\MrMatrix\Documents\Nik Kershaw - Wouldn't It Be Good.mp3 [2013.06.15 18:08:52 | 002,283,656 | ---- | C] () -- C:\Users\MrMatrix\Documents\Gossip - Move In The Right Direction.mp3 [2013.06.15 18:08:44 | 003,754,570 | ---- | C] () -- C:\Users\MrMatrix\Documents\Billy Idol - Sweet Sixteen.mp3 [2013.06.15 18:07:56 | 002,181,457 | ---- | C] () -- C:\Users\MrMatrix\Documents\Eurythmics - Sweet Dreams.mp3 [2013.06.15 18:07:32 | 002,866,654 | ---- | C] () -- C:\Users\MrMatrix\Documents\Icehouse - Hey Little Girl.mp3 [2013.06.15 18:07:18 | 003,524,123 | ---- | C] () -- C:\Users\MrMatrix\Documents\Daft Punk - Get Lucky (Feat. Pharrell Williams) (Radio Edit).mp3 [2013.06.15 18:06:54 | 001,897,885 | ---- | C] () -- C:\Users\MrMatrix\Documents\Jimmy Sommerville - Never Can Say Goodbye.mp3 [2013.06.15 17:11:26 | 000,030,248 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{A331ADFC-ABF7-4B45-A34A-D33C7843D5EC}_Large.jpg [2013.06.15 17:11:26 | 000,008,376 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArt_{A331ADFC-ABF7-4B45-A34A-D33C7843D5EC}_Small.jpg [2013.06.15 17:11:13 | 000,019,608 | -H-- | C] () -- C:\Users\MrMatrix\Documents\Folder.jpg [2013.06.15 17:11:13 | 000,004,920 | -H-- | C] () -- C:\Users\MrMatrix\Documents\AlbumArtSmall.jpg [2013.06.14 17:19:07 | 002,795,516 | ---- | C] () -- C:\Users\MrMatrix\Documents\David Guetta - When Love Takes Over (Feat. Kelly Rowland).mp3 [2013.06.14 17:18:41 | 003,000,137 | ---- | C] () -- C:\Users\MrMatrix\Documents\Peter Kent - It's A Real Good Feeling.mp3 [2013.06.14 17:18:14 | 002,446,641 | ---- | C] () -- C:\Users\MrMatrix\Documents\Loreen - Euphoria.mp3 [2013.06.14 17:17:33 | 003,318,441 | ---- | C] () -- C:\Users\MrMatrix\Documents\Robin Thicke - Blurred Lines (Feat. T.I. & Pharrell).mp3 [2013.06.14 17:17:21 | 002,781,592 | ---- | C] () -- C:\Users\MrMatrix\Documents\Capital Cities - Safe And Sound.mp3 [2013.06.10 19:06:40 | 000,000,132 | ---- | C] () -- C:\Users\MrMatrix\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.06.09 18:28:06 | 000,132,387 | ---- | C] () -- C:\Users\MrMatrix\Documents\bookmarks-2013-06-09.json [2013.06.01 20:13:30 | 000,789,200 | ---- | C] () -- C:\Users\MrMatrix\test 3.wav [2013.05.30 22:58:53 | 000,846,800 | ---- | C] () -- C:\Users\MrMatrix\ts3_recording_13_05_30_22_58_52.wav [2013.05.30 22:37:58 | 000,000,370 | ---- | C] () -- C:\Windows\Cm112.ini.cfl [2013.05.30 22:37:34 | 000,001,198 | R--- | C] () -- C:\Windows\Cm112.ini.cfg [2013.05.30 22:37:34 | 000,000,230 | ---- | C] () -- C:\Windows\Cm112.ini.imi [2013.05.30 22:37:32 | 000,000,678 | R--- | C] () -- C:\Windows\cm112.ini [2013.05.21 19:02:13 | 000,003,584 | ---- | C] () -- C:\Users\MrMatrix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.21 05:12:01 | 001,165,520 | ---- | C] () -- C:\Users\MrMatrix\test.wav [2013.04.14 03:27:15 | 000,337,857 | ---- | C] () -- C:\Users\MrMatrix\bookmarks-2013-03-03.json [2013.03.31 17:46:58 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.31 17:46:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.28 23:02:49 | 001,589,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2013.03.18 22:37:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.03.17 00:38:21 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2013.03.05 20:31:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.14 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\Bioshock2 [2013.04.22 23:41:02 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\DVDVideoSoft [2013.03.06 21:22:49 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\ICQ-Profile [2013.07.02 16:29:08 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\ICQM [2013.05.21 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\IrfanView [2013.07.06 01:23:11 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\JPEGsnoop [2013.03.28 23:07:10 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\Lansoftware [2013.07.01 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\log [2013.06.10 19:45:35 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\NeatImage SL [2013.03.06 23:59:38 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\OpenOffice.org [2013.06.23 14:57:09 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\Origin [2013.05.21 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\PDAppFlex [2013.07.02 00:43:49 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\Stellarium [2013.07.02 00:43:49 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\Subversion [2013.07.02 00:43:49 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\TeamViewer [2013.03.17 00:38:34 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\Tobit [2013.07.04 01:12:17 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\TS3Client [2013.03.05 20:24:33 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\TuneUp Software[2013.07.02 00:43:50 | 000,000,000 | ---D | M] -- C:\Users\MrMatrix\AppData\Roaming\XnView ========== Purity Check ========== < End of report > EXTRAS.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.07.2013 00:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MrMatrix\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 71,96% Memory free
15,95 Gb Paging File | 13,12 Gb Available in Paging File | 82,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 622,42 Gb Free Space | 66,82% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 284,11 Gb Free Space | 95,31% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 25,02 Gb Free Space | 5,37% Space Free | Partition Type: NTFS
Computer Name: CORE2DUO | User Name: MrMatrix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062FCD0A-2E74-4CC1-AE21-AEFABB8238B7}" = lport=3658 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{08E95CFA-7AD5-4140-9945-CAD290B1F55A}" = lport=3074 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{0D3AD6B2-94D1-4A77-9DD3-270F1489925F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{131AA560-D73A-46E3-84EB-04343A9436D9}" = lport=138 | protocol=17 | dir=in | app=system |
"{14C8F06F-DBCE-4211-A4F7-8E59BC882F62}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{1E0EACE4-F9E5-41D6-9DD6-A3DA27FD83B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{223F3799-A059-4DF8-B474-3165865CAA57}" = lport=445 | protocol=6 | dir=in | app=system |
"{31281F4E-B0BA-497D-801F-97998868A648}" = rport=138 | protocol=17 | dir=out | app=system |
"{336E6FF8-A146-4CEF-B0C5-408ECF262F2E}" = lport=3074 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{3A2FB0BB-BE8F-4429-805F-F4DC2A738AC4}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{3BF94933-8209-495E-BEAC-4878E9C35B1B}" = lport=88 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{3E478096-10CE-4D82-BC79-20C3B79F81D2}" = lport=59278 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{41FBF03A-B9DF-4C93-A8E6-EE1DC3BD2A66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45723412-061A-4B05-B008-A54CA2176F7B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4621E489-9898-4BB5-A8FB-86D1B8F560DB}" = lport=3074 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{462A4755-73B0-45FA-B8EB-473625A4206F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E3B6CC-569C-49B1-AF00-D13BD4F3148E}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{4D0278CF-14B6-4B97-9B34-6FB39FD3CEFD}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4F4BB1A2-FCD9-4F60-A7CF-9681DC387409}" = lport=5223 | protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{52323736-62DA-430B-A40D-492F989CC329}" = rport=445 | protocol=6 | dir=out | app=system |
"{5889F54A-F5AF-4C33-AA6A-E97F75D51E84}" = lport=3478 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{5B534922-D823-4C0E-B9F5-DEFEBA73C5CD}" = lport=5000 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5F4BA275-5986-4A48-8E48-9C9EC2CEBA4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69F8A731-A28C-4A75-B935-70A8136EA986}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{7034D833-A94A-4EB1-B8F5-D4C870FE0BA5}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{72E40083-827B-4F48-A876-D5F9C8B3ABFE}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{78512423-2AC4-4C1D-9BF7-C5923F226378}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79D55298-3749-44A6-8CE9-FB745461BEF4}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{7F127A2C-19BD-425F-BCB7-943E75029A77}" = lport=88 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{83D12A51-B6A1-42D4-AFFA-2C04C9E6DB1C}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{884FFB4D-0FC7-494B-A37B-E9902F2DDBEB}" = lport=3478 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{8C9B562A-768D-4E7B-B6A8-DAF10EF4B21D}" = rport=139 | protocol=6 | dir=out | app=system |
"{92FEA427-C842-4AE2-8FDD-822AE41B5607}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93BF748B-0975-48C6-B74B-1552B35E59FC}" = lport=3479 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{98A03BC7-9C95-492E-B0EF-5AF04E581167}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98CA604F-B2FE-4774-960B-5F57FEACF4CA}" = lport=5000 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{A5B8CDA6-26CA-45B2-BCB9-3657FB8372B5}" = lport=5223 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{A8448A4D-FA07-477D-A502-D9A6BEF7EAFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC3416B1-436A-44A2-8FFE-13A9F448B547}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF8B1AD6-E31B-4347-B158-C087A12AB3BF}" = lport=3658 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{B0295943-BF0E-4658-BF81-E20ECFE1B378}" = lport=59278 | protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{B8EB3584-05C1-4B0E-B4ED-7323864CB5D2}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{C9D81BA9-7D14-4D11-BCB4-6150A73AF47A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB3FE80E-B371-49B4-8E05-33D536B7CFBB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CBDF618C-8AEF-4C1F-B428-BB51D044ABDB}" = lport=139 | protocol=6 | dir=in | app=system |
"{D06BEF45-F334-45EB-AE14-5E00B66545FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D26B9D48-15F4-4304-90A9-4E87F4A4D125}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D518EA01-E206-4209-BCEC-259D9DB2EDC7}" = lport=137 | protocol=17 | dir=in | app=system |
"{D950C6A0-820E-48FF-BF4C-595926F838A4}" = lport=3479 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{DB68EF2F-51E7-4A01-B7CD-FF09AA9AD618}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD921DAD-33D7-4E29-8B75-91AF8699645C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E387CFA3-681D-4D26-B0B5-E965146A29E7}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{E6417705-1719-4B25-B083-D79723095CE6}" = lport=3074 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{EA85B941-BA4C-4F78-B1C2-7CB5A9829578}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC37D324-0970-4D11-9F58-DB540801F489}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00729B02-9190-471F-8019-8E45CCB1F02A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{00DE732B-98EC-492A-B8EE-2693026F9F31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{01587D62-AEE8-4112-945F-8AF20B048555}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{015F7377-D333-48E9-9F33-6207B30C7DBB}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{027BF9BC-DE10-41DF-8BC0-D75A9AD6A98A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{02EBD406-DC1A-470B-80A6-22D30C9E1284}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd cinema\powerdvdcinema13.exe |
"{04B33C11-1B5B-4795-AFA7-4F4F2AC1E088}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{060C10BF-8A06-4E2D-B3C6-F3E64DD90018}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{0806BFA7-5764-4B51-9746-847DBB41D074}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{087A5C2B-80C8-4532-948C-7D2F9C9DEB9D}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{0D4C74DD-AADC-4ADC-9A97-022CAA0C5A88}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{103C0297-8158-4017-B687-A361F6AAF190}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{13878FC3-DB1D-40AC-8593-4F53FF5CBB4E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{139803C2-18E7-4B9D-B7BB-0AAED91059FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{14F1C44D-405B-4B7B-8BA0-13AD39D2D79A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1A674064-BDCB-4E4C-9DF9-FC6D58F81922}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dms\clmsserverpdvd13.exe |
"{1B693BE4-CD29-47ED-BB02-FB2C91EA1E4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{1D545B72-BFF1-4E2F-8220-4572838B7684}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{221D05B2-14F9-411B-AD0E-FFE294D12D49}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{2495115F-E663-4D3E-BC48-76D8C5DB2D0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matrix1337\garrysmod\hl2.exe |
"{29C40907-D1E7-450A-B29C-4DFBE3826FA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2 demo\bin\win_x86\eurotrucks2.exe |
"{2A0E96A1-37CA-47B8-B227-DB792B25548F}" = protocol=58 | dir=in | app=system |
"{2B3B4148-D172-4FC7-93BD-69F0310B53AF}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{2EC38DC0-B412-4D5E-B6F2-4E9E3E03289E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{2F8DFD48-64E8-4A79-8712-75E7196CB17F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{302FEFC3-9620-4636-9608-C739EF1C07F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanet.exe |
"{31E9EF31-8F3B-4B77-9DB6-D77A13BF7079}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{347B3E6C-044E-4CDD-906F-A7D70FFFD142}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3BCDC815-87D8-4C07-A9E2-32ACD04B2F41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{3DE6B07C-1BEE-4E2C-BE46-98D0E538F636}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3E83B547-F02D-454E-9CDB-11C06E91D172}" = protocol=6 | dir=out | app=system |
"{3EE38A1F-0B49-47B7-BB4B-1B7B9ACA40D8}" = protocol=6 | dir=in | app=c:\users\MrMatrix\appdata\roaming\icqm\icq.exe |
"{4161F1E1-BA6C-47EE-89FD-54BB09E0265A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{42A56ED8-1AAA-4F19-863E-13588DCFE363}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4408C1C2-B3CA-4727-A2FC-42B2381163C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matrix1337\garrysmod\hl2.exe |
"{457C1CA2-83D9-4F37-B919-6AAC5F1C43C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46091D70-EA26-4C7A-A24C-BF0B4C6F5475}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{466E358C-BA37-4CA7-90DE-48E70A8B9419}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4B4FD7FC-829A-4A2B-81C0-33B91C8533B4}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{4D4CBE7C-C844-44A0-B5A0-327CB2C5426D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13ml.exe |
"{4FC78864-9C4C-493C-8277-407AD6DD93A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{5029A6DF-7686-4401-8CA9-BCE6251B6A45}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe |
"{50CDE436-716F-4D6B-83AE-D085CE1E6556}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13.exe |
"{515919BC-837B-440F-A515-60B55B1388D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{516E94E6-60D6-4C89-9015-16AF65B1E974}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5180154B-1DF2-4C54-BFFF-2B515092BC63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{521D08E4-D376-49B6-9D76-9C830B69DE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{54864F66-DEC2-456C-B7F6-618A4A06DECB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{54945A71-F5C1-4F0D-9F75-04939231F2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe |
"{56F2867F-08CA-485A-808B-D976CBA91776}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{57FCC265-6E01-485A-AF02-8D2256885ACF}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5818C072-D3F7-4485-BF66-355C33C7E929}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{595CA5E5-823C-4CFF-B09C-7B366DF68F90}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{5BE7A079-1E13-4077-9FE6-9B41C3FED231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{5D5C4FD6-2FEF-49E7-A6BC-8FEA77BC0585}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5F844DEF-83A0-4654-9AD5-1266D3F34143}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{60A8FC04-5064-4A0B-9CED-D7AB3CAB794A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6172552A-F2D2-4451-8B4B-4E72844BED61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{62E25632-5CB4-4902-AFA1-3F9F630A9086}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{6413B1B0-44C3-41A5-BE49-10187B198DC3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6414B34F-8C5A-4275-8CD2-BB7107830228}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe |
"{64D70046-F5AA-428D-AADF-C4DF78183770}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{69119C34-E407-4549-A7F8-C6D2891D8C45}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{697CEC63-D1CA-4D05-A1F3-5E7A54C6EAFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{6F58FFB3-5C8B-4A11-94AE-1F57F7C03461}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{725AFC35-828C-4AD6-AE2B-46856966E67B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"{7399230F-3C9A-4E59-9E55-843652C1E27D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13agent.exe |
"{749F45E2-91CC-472E-B13C-2655CA9A25F8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{757D4ED3-9256-45BA-8C54-C5C47E7978CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{7DF38B88-18FB-4F85-9C9B-EE23D56DD624}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{802C499B-167B-4D40-9EF5-66855B90780A}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{807D3F67-D802-42D5-BD22-58FA7D3B6B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{851133CC-ADBF-4CCA-B0D1-F317D5F43BF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanet.exe |
"{854726EF-B5AF-4C4F-8051-F49AE69FC4B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86E78B0A-028F-48F7-9BBA-75592B4B41CC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dmr\powerdvd13dmrengine.exe |
"{895113BA-8873-41A4-B11F-18AF89F0D6DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8DB041B5-3CB3-4FAE-8284-EC28663209D3}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{959072FD-9248-437F-B445-87A87E6DA2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{972E7A2E-6C0A-4E83-A5ED-79E11604EC31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9995D74F-C85D-4ADD-AEE6-B392980A5923}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{9A45D9FD-BB50-4B60-9FAB-057B7442A25C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2 demo\bin\win_x86\eurotrucks2.exe |
"{9AA677A0-66D2-4553-A68D-233EE5AA2D85}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A0287D2E-E098-47D5-A57A-6BBEF4C9A663}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{A380393A-DC60-4AC4-B403-428ACCFA7449}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A68BC676-4AF9-485F-B0D7-EAA8DCDB380D}" = dir=out | app=c:\windows\system32\svchost.exe |
"{A7B647CE-1368-4E98-83D7-57127A7F1F73}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A923B606-93A9-4CE8-A0B0-4A96F5E3C3FC}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{A93C053B-FE00-477E-8EF4-F85E1FFE459C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{AEB7733A-6B06-43FB-822E-3946467EFC09}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{B26B36DD-00B1-4CEE-89D5-03B46E47E1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{B45EE0ED-6A25-41C3-ABD4-B191B64ABF8A}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{B59B4911-6FDB-4122-A8AB-C05921028E54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA437094-105F-42F9-86D7-DF8CE6F952ED}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{BADDA7BC-AFB3-466D-9D7F-0C2DBC827D60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0A33674-267B-4387-A880-DB1FA7560261}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{C120DD73-450A-4FAC-94BB-CE2EF1900417}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"{C87A5925-C55F-41C8-B05A-4F9613C62775}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{CBD55D95-58E2-463F-9D4C-38EBD11BA7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 2 complete collection\bf2.exe |
"{CC2090A9-187A-4342-B0D9-598D66FA57AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD1B9F8F-528C-47E1-BEA0-EDDEFE6F5B73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{D090062F-7F63-4801-8056-D8A60A353D83}" = protocol=17 | dir=in | app=c:\users\MrMatrix\appdata\roaming\icqm\icq.exe |
"{D0AF3AA3-F6E2-470A-B2D2-39AA9296833E}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{D0B02B6A-2D4E-43C6-AC54-05B5728378A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D0EB00BE-43BC-4224-AEE9-7830CC9C4328}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"{D3C838F6-BCC3-48B8-8A16-9B34C2508249}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{D4421BB6-B063-4CDD-93C9-AED7F285E477}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5FB2B53-7FF6-4BD4-877A-1664F6EAB7A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe |
"{D7333815-F96C-48C2-BCF1-158A3E3B1603}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\launcher.exe |
"{D798ACE8-63C0-4447-8BC1-95ED8DD7E525}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{D7BCEDDD-D9BC-45CB-9996-16B09B820F0C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd.exe |
"{DDAF5F55-78AF-45D7-BB6C-E58792573105}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF15592A-C72C-4526-BF44-941C94998678}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{E3DB2BF3-F238-497A-ABF9-AF1C6F1E597C}" = dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{E57F3BE8-DBE5-4421-9F9C-1B94C6B1C1CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{E920877F-FF41-4AD3-9BFB-C3CB77003D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9B38066-F3F6-4A50-9F72-69112E186F02}" = dir=out | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{EA6C2470-982B-4A34-856F-4AD033E8688F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{ECA8DA34-9CC7-497D-9C99-C72AB97D5303}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{EFB8193E-9CB0-470C-902F-453F695A73BD}" = dir=out | app=c:\program files (x86)\connectify\connectifyd.exe |
"{F1345F3A-E7C0-4725-AFB7-C1BCF8B94653}" = protocol=1 | dir=in | name=icmp - in |
"{F632DB9A-7115-4A97-BB2D-EA3CFBCF3A89}" = dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
"{F65BC6A2-2822-4B00-B195-721E0DDED006}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9E6AC6F-0CD2-403E-A539-D54BB9EE9969}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{FA168DC0-15B0-4B03-9809-27184A0EB4BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FC11AF2C-E04D-4B19-93B0-7DF09D5A6062}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{FC78ABEB-52DB-4504-A6BA-6D63040444D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD076692-8FF4-4F74-B39E-57033B4B15AD}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{FE4F26AF-55B4-47A3-974E-26D6C3DB384C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\day of defeat source\hl2.exe |
"{FFCDE7C7-AE92-47ED-B61C-952907371129}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0BB8272F-E6F2-49B3-9D5A-EB8FD11ADF2D}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe |
"TCP Query User{3CBC5581-2A8B-4732-83F2-78D4CCCC0908}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{41932885-3634-4A82-B6C1-0D2CBF4DCE4D}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{511D1D40-F91D-4F77-89FA-660841656C8D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{52EE95AB-450C-44BB-A215-57613DA6B7F4}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe |
"TCP Query User{5529BC31-E851-443F-895A-D457DADD2B29}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{6A6467EF-1564-49EF-8178-12BF17729F4B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{8E90C307-A2AF-4F18-BE5E-713AB8808F4A}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{AA370514-0969-45DD-960B-487A6F66A0C2}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{D36E00E4-1C80-42DC-8FF2-321B90B03928}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{1C3EF344-B2CA-468D-A5EA-E2C89D4405D4}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{2DDE8502-3D83-42A1-93FA-585510DEE0D7}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{53ED4F13-E5E7-441E-B636-9C9FD0AE8AED}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{6DACC6AF-EDA6-4C93-9F1F-E991CDACDD6A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{7BF0DF73-0543-40EE-91E6-98926E41F561}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{7D9C00EA-1865-4DAF-980C-DC3EAA7766CF}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe |
"UDP Query User{85E7A561-81F1-43E4-99EC-0A175DB4077E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{9B49CDE6-5C9E-46AC-9DE2-B32BD8FEF940}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A4A2AF30-DB4D-4551-8D0C-2B9B8E6A86D7}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx10.exe |
"UDP Query User{F9631DED-3120-4C89-942E-32935077FA9F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{12DA3057-6836-4C8B-A44D-A447474E302B}" = O&O SafeErase Professional
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67E1227E-D553-4A6A-96CD-40CCBBC705D8}" = SpyHunter
"{6B13A3F1-F66A-42FB-9E62-98952D582187}" = TortoiseSVN 1.7.11.23600 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Connectify" = Connectify Hotspot
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.9.5 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Stellarium_is1" = Stellarium 0.12.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{350E3960-DE20-4FE6-9E6B-26B464AD27FD}" = DeepSkyStacker
"{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}" = Sennheiser 3D G4ME1
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.4
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.9
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D25E16F9-902D-4B08-B6AD-C28882C6EBFE}" = Garry's Mod Manager
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE56B531-B655-4afa-9664-0C0970E5798B}_is1" = Blu-ray Copy 1.0.30
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F9A76116-6D56-4CEA-830E-E95C168DC95B}_is1" = Win7 MAC Address Changer version 1.9.5
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2013-05-21 18.14.44" = Anti-Twin (Installation 21.05.2013)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.419
"Garry's Mod Manager 8.30.0000" = Garry's Mod Manager
"Guild Wars 2" = Guild Wars 2
"InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 200710" = Torchlight II
"Steam App 21690" = Resident Evil 5
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 22600" = Worms Reloaded
"Steam App 231120" = Euro Truck Simulator 2 Demo
"Steam App 233070" = TrackMania² Stadium Open Beta
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 310" = Source Multiplayer Dedicated Server
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 4000" = Garry's Mod
"Steam App 410" = Portal: First Slice
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8850" = BioShock 2
"TeamViewer 8" = TeamViewer 8
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.1 (build 6327)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.05.2013 13:19:54 | Computer Name = core2duo | Source = Application Hang | ID = 1002
Description = Programm xnview.exe, Version 2.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 32e4 Startzeit:
01ce56471df8d50d Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\XnView\xnview.exe
Berichts-ID:
a54652a5-c23a-11e2-851f-f46d049685c7
Error - 25.05.2013 22:16:23 | Computer Name = core2duo | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: left4dead2.exe, Version: 0.0.0.0,
Zeitstempel: 0x519d2316 Name des fehlerhaften Moduls: xfire_toucan_46139.dll, Version:
1.0.0.46139, Zeitstempel: 0x514a81a7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000498d9
ID
des fehlerhaften Prozesses: 0x1cc4 Startzeit der fehlerhaften Anwendung: 0x01ce599e34c6d735
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\left
4 dead 2\left4dead2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Xfire\xfire_toucan_46139.dll
Berichtskennung:
42adb9f8-c5aa-11e2-a1f6-f46d049685c7
Error - 08.06.2013 19:16:44 | Computer Name = core2duo | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 73c Startzeit: 01ce645f0e0417b1 Endzeit: 14910 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 6e50613a-d091-11e2-97af-f46d049685c7
Error - 20.06.2013 20:11:27 | Computer Name = core2duo | Source = Application Error | ID = 1000
Error - 24.06.2013 15:03:55 | Computer Name = core2duo | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x162c
Startzeit der fehlerhaften Anwendung: 0x01ce70e1ac2ec3f0
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: d0629429-dd00-11e2-a57c-f46d049685c7
Error - 24.06.2013 17:41:39 | Computer Name = core2duo | Source = Application Error
| ID = 1000
Error - 30.06.2013 13:15:03 | Computer Name = core2duo | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2b44 Startzeit: 01ce75b5524830e7 Endzeit: 24 Anwendungspfad:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 96ecf450-e1a8-11e2-9a36-f46d049685c7
Error - 30.06.2013 13:36:17 | Computer Name = core2duo | Source = Application Hang | ID = 1002
Description = Programm Nero-12.5.01900_trial.exe, Version 12.0.3.0 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 295c Startzeit: 01ce75b84d4f353a Endzeit: 3 Anwendungspfad:
C:\Users\MrMatrix\Downloads\Nero-12.5.01900_trial.exe Berichts-ID: 8f9f0367-e1ab-11e2-9a36-f46d049685c7
Error - 30.06.2013 13:37:16 | Computer Name = core2duo | Source = MsiInstaller | ID = 1013
Description =
Error - 01.07.2013 13:17:21 | Computer Name = core2duo | Source = Application Error | ID = 1000
Error - 02.07.2013 15:38:57 | Computer Name = core2duo | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1c28
Startzeit der fehlerhaften Anwendung: 0x01ce775bc81f0f44
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 08c48291-e34f-11e2-90cf-12319e29871b
Error - 03.07.2013 19:52:10 | Computer Name = core2duo | Source = Application Error
| ID = 1000
[ System Events ]
Error - 05.07.2013 20:13:25 | Computer Name = core2duo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 20:13:25 | Computer Name = core2duo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 05.07.2013 20:13:25 | Computer Name = core2duo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.07.2013 06:45:22 | Computer Name = core2duo | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.07.2013 16:49:59 | Computer Name = core2duo | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 06.07.2013 16:49:59 | Computer Name = core2duo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.07.2013 16:50:29 | Computer Name = core2duo | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.07.2013 16:55:57 | Computer Name = core2duo | Source = volsnap | ID = 393232
Description = Die Schattenkopien von Volume "E:" wurden verworfen, weil die Bereitsstellungaufhebung
von Volume "E:", das einen Schattenkopiespeicher für diese Schattenkopie enthält,
erzwungen wurde.
Error - 06.07.2013 17:10:27 | Computer Name = core2duo | Source = volsnap | ID = 393226
Description = Die Schattenkopie von Volume "" hat das Installationszeitlimit überschritten.
Error - 06.07.2013 17:10:47 | Computer Name = core2duo | Source = volsnap | ID = 393226
Description = Die Schattenkopie von Volume "" hat das Installationszeitlimit überschritten.
< End of report >
|
|
08.07.2013, 12:18
| #4 |
| /// Malware-holic | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" was ist mit kaspersky und SUPERAntiSpyware funden?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.07.2013, 19:08
| #5 |
| | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" Hallo Markus, also bei Kaspersky Online Scanner und SUPERAntiSpyware wurden Funde gesichetet. Ich habe, wie bereits weiter oben beschrieben, vor dem Erstellen dieses Threads die besagten Online Scanner durchlaufen lassen, die ja auch diesen Verschlüsslungstrojaner gefunden haben. Ich meine es wäre ein "trojan.ransom" oder "Decrypt Protect Virus" gewesen. Leider habe ich davon keine Log-Dateien mehr. Mir geht es hierbei ja auch eher um die Entschlüsselung der Dateien, die durch den Virus betroffen sind. Scan-Log SUPERAntiSpyware SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/08/2013 at 01:57 PM Application Version : 5.6.1020 Core Rules Database Version : 10592 Trace Rules Database Version: 8404 Scan type : Complete Scan Total Scan Time : 00:29:51 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 757 Memory threats detected : 0 Registry items scanned : 71681 Registry threats detected : 0 File items scanned : 85523 File threats detected : 4 Adware.Tracking Cookie C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Cookies\QY63M4HN.txt [ /doubleclick.net ] C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Cookies\RIP3N10L.txt [ /server.cpmstar.com ] C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Cookies\MZCXILE0.txt [ /ad4.adfarm1.adition.com ] C:\Users\MrMatrix\AppData\Roaming\Microsoft\Windows\Cookies\WBLA1U2F.txt [ /adfarm1.adition.com ] Kaspersky Online Scanner hat hingegen als "Schädliche Programme" nur folgendes gefunden: HEUR:Exploit.Java.CVE-2013-2423.gen 2c255e23-5beb650f C:\Documents and Settings\MrMatrix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 Mfg, MrMatrix Geändert von MrMatrix (08.07.2013 um 19:16 Uhr) |
|
08.07.2013, 19:21
| #6 |
| /// Malware-holic | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" ne entschlüsselung ist warscheinlich nicht nötig. wer auch software nutzt, wie zb cracks für adobe setzt sich einem hohen risiko aus. teste mal ob du einige Daten wiederherstellen kannst. http://www.trojaner-board.de/116851-...tml#post851585
__________________ --> Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" |
|
08.07.2013, 19:31
| #7 |
| | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" Das ist natürlich klar, wenn man sich sowas runterlädt, installiert o.ä.. Okay, ich werde mich heute Abend mal damit befassen. Wenn ich dann erfolg habe, melde ich mich heute nochmal. Danke und einen schönen Abend noch, MrMatrix |
|
08.07.2013, 19:35
| #8 |
| /// Malware-holic | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" du hast ja sowas instaliert. C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2013, 22:25
| #9 |
| | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" Hmm, die Datei ist aber auch in der kostenlosen Testversion vorhanden. Sonst würde Photoshop ja garnicht laufen. Also, ich habe versucht, die Dateien wiederherzustellen. Doch leider habe ich keine Original Dateien mehr. Was mache ich nun? Kann ich übrigens die thumbs.db und desktop.ini sowie Read_To_Decrypt!!!.html löschen, ohne dabei die verschlüsselten Dateien zu beschädigen? Viele Grüße, MrMatrix |
|
09.07.2013, 22:58
| #10 |
| /// Malware-holic | Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" hi, dieste datei ist nicht in der testversion die es auf der offiziellen homepage gibt. nicht für alle programme brauchst du paarweise Dateien, shadow explorer. Die vom Desktop kannst du löschen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Wichtige Dateien durch Virus verschlüsselt "Read to Decrypt!" |
| .dll, aufsetzen, avira, bilder, dateien, erwischt, externe festplatte, festplatte, file, hallo zusammen, infiziert., infizierte, kaspersky, komplett, namens, neu, nicht mehr, online, ordner, platte, scan, scanner, system32, versteckte, virenscanner, virsu, virus, windows-explorer |
Linear-Darstellung
