Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner (mit Cam), nur ein Benutzerkonto betroffen? (https://www.trojaner-board.de/121742-gvu-trojaner-cam-nur-benutzerkonto-betroffen.html)

karsten.g 10.08.2012 16:55
GVU Trojaner (mit Cam), nur ein Benutzerkonto betroffen?
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo
habe auch diesen GUV Trojaner auf meinem Rechner:heulen:,
habe ein zweites Benutzerkonto mit diesen Trojaner.
System ist Win7, das Administrator Konto ist scheinbar nicht betroffen.

Habe jetzt schon nach mehreren Anleitungen versucht den Trojaner zu löschen, leider ohne Erfolg.!!:confused:

Benutze gerade den ESET Online Scanner, habe mal einen Screenshot angefügt, ist unter den 3 erkannten Files schon der GVU Trojaner?

Danke!:daumenhoc

karsten.g

t'john 10.08.2012 17:31
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

karsten.g 10.08.2012 21:09
So,
ich habe jetz mal alles laufen lassen!


Anti-Malware ( nur Quick Scan ):

2012/08/10 19:10:36 +0200 COMPUTERNAME Administrator MESSAGE Starting protection
2012/08/10 19:10:41 +0200 COMPUTERNAME Administrator MESSAGE Protection started successfully
2012/08/10 19:10:44 +0200 COMPUTERNAME Administrator MESSAGE Starting IP protection
2012/08/10 19:10:53 +0200 COMPUTERNAME Administrator MESSAGE IP Protection started successfully
2012/08/10 19:11:01 +0200 COMPUTERNAME Administrator MESSAGE Starting database refresh
2012/08/10 19:11:01 +0200 COMPUTERNAME Administrator MESSAGE Stopping IP protection
2012/08/10 19:17:03 +0200 COMPUTERNAME Yannic MESSAGE Executing scheduled update: Daily
2012/08/10 19:17:06 +0200 COMPUTERNAME Yannic MESSAGE IP Protection stopped
2012/08/10 19:17:07 +0200 COMPUTERNAME Yannic MESSAGE Database already up-to-date
2012/08/10 19:17:14 +0200 COMPUTERNAME Yannic MESSAGE Database refreshed successfully
2012/08/10 19:17:14 +0200 COMPUTERNAME Yannic MESSAGE Starting IP protection
2012/08/10 19:17:22 +0200 COMPUTERNAME Yannic MESSAGE IP Protection started successfully
2012/08/10 21:35:27 +0200 COMPUTERNAME Administrator MESSAGE Starting database refresh
2012/08/10 21:35:27 +0200 COMPUTERNAME Administrator MESSAGE Stopping IP protection
2012/08/10 21:43:15 +0200 COMPUTERNAME Administrator MESSAGE IP Protection stopped
2012/08/10 21:43:40 +0200 COMPUTERNAME Administrator MESSAGE Database refreshed successfully
2012/08/10 21:43:40 +0200 COMPUTERNAME Administrator MESSAGE Starting IP protection
2012/08/10 21:44:03 +0200 COMPUTERNAME Administrator MESSAGE IP Protection started successfully

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: COMPUTERNAME [Administrator]

Schutz: Aktiviert

10.08.2012 19:11:20
mbam-log-2012-08-10 (19-11-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214024
Laufzeit: 3 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Yannic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



OTL Log:OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 10.08.2012 21:52:54 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 52,08% Memory free
7,46 Gb Paging File | 5,33 Gb Available in Paging File | 71,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 58,41 Gb Free Space | 39,22% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 334,80 Gb Free Space | 71,88% Space Free | Partition Type: NTFS
Drive G: | 3,66 Gb Total Space | 3,38 Gb Free Space | 92,28% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERNAME | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Capture Device Service) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\drivers\ext2fs.sys (Stephan Schreiber)
DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\drivers\ifsmount.sys (Stephan Schreiber)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lego.de/
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE CB D5 CF 15 E8 CC 01  [binary data]
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 AB 7F 06 93 57 CC 01  [binary data]
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..\SearchScopes\{19046F77-CB90-4848-BB89-7BE5387D60D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.focus.de"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.07 22:12:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 13:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.13 16:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.06.07 20:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\ymfisr66.default\extensions
[2012.06.07 20:35:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\ymfisr66.default\extensions\ich@maltegoetz.de
[2012.03.24 21:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.31 19:48:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.07 13:47:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.25 11:45:06 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: APK Downloader = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnbkiaddgodnooflghhbdpbdheanmpjp\1.2.1_0\
CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FEA51E7-30EC-4A4F-BC0C-CDE03457F49C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8feb97a1-37d6-11e1-9497-00199958ad72}\Shell - "" = AutoRun
O33 - MountPoints2\{8feb97a1-37d6-11e1-9497-00199958ad72}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.10 19:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.10 19:10:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.08.10 19:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.10 19:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.10 19:10:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.10 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.10 18:18:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012.08.10 16:42:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.62.0.1300.exe
[2012.08.10 16:18:36 | 002,322,184 | ---- | C] (ESET) -- C:\esetsmartinstaller_enu.exe
[2012.08.10 15:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.10 15:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.10 15:21:34 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.10 15:21:34 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.10 14:52:54 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\jxpiinstall.exe
[2012.08.10 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.08.10 01:17:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.10 21:24:12 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.10 21:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.10 19:24:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.10 19:16:17 | 000,021,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 19:16:17 | 000,021,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 19:10:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.10 19:08:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.10 19:08:27 | 3005,927,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.10 18:18:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012.08.10 15:44:36 | 431,638,632 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.10 15:39:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad
[2012.08.10 15:21:14 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.10 15:21:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.10 15:21:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.10 14:53:17 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\jxpiinstall.exe
[2012.08.08 13:38:47 | 000,044,094 | ---- | M] () -- C:\Preisliste_Tchibo_Einheitstarif_01.07.2012_NEU.pdf
[2012.08.08 12:08:16 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.08 12:08:16 | 000,649,012 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.08 12:08:16 | 000,610,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.08 12:08:16 | 000,127,832 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.08 12:08:16 | 000,104,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.07 13:59:59 | 000,019,907 | ---- | M] () -- C:\HermesPaketschein2.pdf
[2012.08.07 11:41:08 | 000,019,905 | ---- | M] () -- C:\HermesPaketschein.pdf
[2012.08.05 20:12:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.05 20:12:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.17 19:01:43 | 000,019,913 | ---- | M] () -- C:\druckHermesPaketschein(1).pdf
[2012.07.12 15:58:54 | 000,458,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.10 19:10:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.10 16:42:15 | 000,614,903 | ---- | C] () -- C:\adwcleaner.exe
[2012.08.09 20:22:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad
[2012.08.08 13:38:47 | 000,044,094 | ---- | C] () -- C:\Preisliste_Tchibo_Einheitstarif_01.07.2012_NEU.pdf
[2012.08.07 13:59:59 | 000,019,907 | ---- | C] () -- C:\HermesPaketschein2.pdf
[2012.08.07 11:41:08 | 000,019,905 | ---- | C] () -- C:\HermesPaketschein.pdf
[2012.07.17 19:01:40 | 000,019,913 | ---- | C] () -- C:\druckHermesPaketschein(1).pdf
[2012.05.16 20:10:16 | 000,000,000 | ---- | C] () -- C:\Windows\PROGDIS4.INI
[2012.05.16 19:56:58 | 000,001,492 | ---- | C] () -- C:\Windows\netdet.ini
[2012.05.16 19:56:36 | 000,007,680 | R--- | C] () -- C:\Windows\SysWow64\CCNMMNT.DLL
[2012.05.16 19:56:27 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\u25dts.dll
[2012.05.16 19:56:27 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\u2lbar.dll
[2012.05.16 19:56:27 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\u2ldts.dll
[2012.05.16 19:56:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\u2lexch.dll
[2012.05.16 19:56:27 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\u2lsamp1.dll
[2012.05.16 19:56:27 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\u2lfinra.dll
[2012.05.16 19:56:26 | 000,306,176 | ---- | C] () -- C:\Windows\SysWow64\p2smcube.dll
[2012.05.16 19:56:26 | 000,300,544 | ---- | C] () -- C:\Windows\SysWow64\p2molap.dll
[2012.05.16 19:56:26 | 000,239,616 | ---- | C] () -- C:\Windows\SysWow64\p2solap.dll
[2012.05.16 19:56:25 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012.04.19 17:43:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.10 12:57:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.03.10 12:57:44 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.12 12:36:25 | 000,005,632 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.10 18:18:31 | 000,000,680 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.05 22:47:39 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2012.01.05 22:47:39 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2012.01.05 22:47:39 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2012.01.05 22:47:39 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2012.01.05 22:47:39 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2012.01.05 22:47:39 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011.12.04 19:36:50 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.27 10:20:11 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.08.27 10:20:11 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011.08.27 10:20:10 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.08.13 16:27:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.12 15:01:24 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.04.19 20:59:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012.02.21 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG
[2012.02.12 12:36:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BestOn
[2012.06.16 01:07:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CadSoft
[2011.08.12 16:16:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CoSoSys
[2012.01.05 22:38:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012.06.16 23:26:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2012.01.22 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\elsterformular
[2012.06.16 14:01:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2012.05.10 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gutscheinmieze
[2012.03.27 20:08:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MTE
[2012.03.18 11:20:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyPhoneExplorer
[2012.06.16 00:22:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.09.25 11:50:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhotoScape
[2012.03.15 21:07:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2012.03.15 21:00:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\systweak
[2012.03.15 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Temp
[2011.08.13 14:47:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TrueCrypt
[2012.01.05 22:55:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2012.08.06 18:45:28 | 000,000,000 | ---D | M] -- C:\Users\Yannic\AppData\Roaming\.minecraft
[2012.03.03 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\Yannic\AppData\Roaming\.minecraft.old
[2012.03.27 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\Yannic\AppData\Roaming\gtk-2.0
[2012.03.27 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\Yannic\AppData\Roaming\MTE
[2012.06.03 12:31:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
--- --- ---

--- --- ---OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 10.08.2012 21:52:54 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 52,08% Memory free
7,46 Gb Paging File | 5,33 Gb Available in Paging File | 71,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 58,41 Gb Free Space | 39,22% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 334,80 Gb Free Space | 71,88% Space Free | Partition Type: NTFS
Drive G: | 3,66 Gb Total Space | 3,38 Gb Free Space | 92,28% Space Free | Partition Type: FAT32
 
Computer Name: COMPUTERNAME | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017934DA-D4A2-47FA-AFEC-57414F5D6FE7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{03A1E1DA-2A51-4945-A470-5C9888115DB0}" = rport=138 | protocol=17 | dir=out | app=system |
"{043FD972-9481-4AD6-9C44-2461409B8366}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{074EBBE6-68B6-49BF-8E61-8AB69BC99C3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{0E14969E-3671-4AF9-A911-DCC29E604247}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{113BF37B-35C0-4E8C-B227-67C618DEFA5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{12ED4482-083F-4AC4-B3AF-E56D5A9CB5E6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{13E8EBF9-8E17-477A-A53E-B7890A620A5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{17ABEE0E-1990-4AEA-87B0-B467CBCF9AEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{184CBFA7-79FA-4624-B0E5-E0DC7CE4261E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D4A5BC7-7089-4BAB-BF6C-D236FC9E4283}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1E65E529-13CD-4032-A861-F37A13175846}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1F106289-E910-4F19-BE93-1E2BD12D41C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29E1F882-EF2D-42C7-9D96-44164EE8BA27}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2C5B7BDF-B627-431F-B0D6-EFF9BB8D19F4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2CDE8D1A-C911-402B-87EA-A611B17E4F7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E594B06-DB4B-4085-BED8-259B0011E96F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3068941E-AD35-4DA9-A2B4-4A72AF9CB724}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{311BF407-8BB5-4CD0-9F40-9DAD5C408E70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35C56108-CA12-4101-9EC3-77348C205215}" = lport=138 | protocol=17 | dir=in | app=system |
"{3AA9D0CF-BAB9-4DC7-8A38-44212B45AF9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40728E96-628C-4D48-818B-438B684F9D50}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4107139C-8BAD-4F2B-A05C-E1C574FDDB3A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{450797FE-596D-43E5-A03B-4DEB486DEEF4}" = rport=445 | protocol=6 | dir=out | app=system |
"{54B0B813-6A65-4A73-8FA6-9BC058D7C1BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{554B3642-E6F4-4C25-B026-20DEB04341C1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{60163726-0E86-4980-B69F-F453A82C7024}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63A43DE6-C590-48F9-AB37-87CB1C04B3C5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{64E8599F-045B-46A8-BB15-2D57F02C1040}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F83F7D8-93E5-409B-ACA7-B17ED87120A6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72AB7E5E-5F91-4309-A5BE-8E90004B0977}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7724ADA7-4802-4F5A-9046-BA928F2867E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EB6537B-954E-499B-B7DE-B8ED6B93E572}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F9D5590-24BF-45BA-ABF6-58F67C8726C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{951CB060-A38B-40B1-8D88-8A2FEEF4F05B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1D7D2E3-C807-4747-90B9-62A6893E2A4A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{AD003815-AD03-44DC-993A-3D8D61A7B438}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFFFA7BF-8499-4FBE-8FA3-3FB9D9D8B6CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B11C949C-3F11-43EF-92CB-23AFEF46E867}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1373ED5-B6AE-4FF1-935B-2EF5A1846D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5BA1FC5-624D-440F-9248-09467DC7214C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7F0F95D-C635-443A-B60A-9855AF204BB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCB606EC-5E97-4288-85DB-5684CEEF28CB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CB0E0B2B-7360-44F8-ACC7-6EF751C46B7B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D0A009AC-69F3-46FC-8CEE-159317AC10D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D2BBD7FC-DD15-4314-B80F-D09BE12210D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBF815A8-792F-47D1-85F8-09DB67B3470A}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED92FD9F-ED47-473F-8714-24E475AE16EF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE9937EB-989A-4EFA-A2B4-BBFB38FF817B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3A9E01C-1F34-41A1-9701-0950272FA93B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6014021-9C83-4E6E-9755-5C8DF66E0D87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9B3029E-DB0E-4EC7-939E-E792B470C539}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FA70FB72-3F17-40BE-AD8D-7E5B6A690AE3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FC0EE1B6-EB01-4858-8DE8-BF0EA30FDC21}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C23DD6B-DD62-4737-AA88-B5DAB9EAF03C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{0C35A762-4062-4537-8D9E-DAC03C79CFEC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{101EBB0B-C647-488D-9896-64FF7920AF74}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{118AD015-66BB-40DA-9C85-72404F13E7EC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{14E8F7D8-9E07-4F9C-A3D2-32DECDE9A149}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{15B70E98-870A-413A-AA73-CC1727E7D8EC}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{15CB5536-51FF-4763-8BA7-250B885C8691}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1941E899-942A-426A-9615-50BDD416F9C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D483EB1-ED27-4F4C-AF7D-C2DD997C268B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2319725D-CACC-44BB-A5DC-873DF45211E4}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D7DC4CB-9750-4FBB-BF0B-EB0B13124B6A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{32E5441B-D808-434F-83DE-8E479DF09A09}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32F41E75-327A-4946-A74D-3F499448BF1D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3B302D64-ABC2-4133-9619-D69AAEC0CE7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B8192DF-8DDD-44B2-A0F9-5B67DF6F6D25}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{3C1F4FD5-6DB1-4FBE-8CAE-94C071F3BA62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\freemax2000\team fortress 2\hl2.exe |
"{43FE353D-87A1-4975-8FE2-0EAE99B2C7C0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A2B6FD7-A1A0-412D-8694-FA17443DBF1A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4D0C2CC5-1B6A-42D4-8108-C7D458210086}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57457448-FAF8-4317-B885-6BF7FCDE99A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5B4FD733-7DDD-40EC-BC5E-8780C251D243}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{5FB25631-D79B-45A4-B7C1-4C3B8B0D02FF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60138B36-251B-46EF-859D-1F40400613AA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6213F1C0-9A60-4EFD-A3B6-B2E0D498E052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{647E9548-EABD-4293-9D30-AD0B0A276B7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{66254D6E-0A80-4BFA-8460-74AA19F23BD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6669C2B0-E643-4FD7-81C0-8EA39FFEA217}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67E42760-9F9F-4FAC-95E9-0EC9C76A1BFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B36AFB4-FA1B-469C-BC26-4B77EF74CE25}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6D91ED70-9B53-450A-AA7E-7F6185D3614E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6DCA9005-8587-480D-9411-D2E1B13E7656}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{7543AB8A-3736-41EE-B306-7526735B8A29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75BEFAB1-E610-4A08-B2F5-41E60CC74220}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{76968491-DF50-4CE8-96F5-F8818CA03C99}" = protocol=6 | dir=out | app=system |
"{76C8DB33-9873-49E6-AE19-C7FB27E27053}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7837D196-B84F-4878-87B0-CCD457F78CFF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78FD1209-9BCA-42F1-AE56-0A13126CD742}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7F50541B-7FA8-4547-99E9-3210AD08FDCC}" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"{80466A23-0E4A-493A-9FF7-0A875F162B30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{85B6CBBB-0AFB-44E6-8CC9-FE94CBA7B556}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{86C75E52-8F57-46F2-A262-DC1974BBD5A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8896A158-016A-4ABB-A311-7F37015991A5}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B7D78D6-6A72-42A9-AF84-52A0C7C55D9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8C198FB6-1253-41AF-9396-1A0D28E00F2C}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E45C07B-70AB-46BE-BB01-DB8683962332}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8E974406-74CB-4D69-8EBD-91750D46780D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F1CC3FE-1AD6-46EB-9F78-02DEBFEE243F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8FB825FE-07E6-403A-9735-F47B1DA9DADF}" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"{91295E02-34B0-4EF7-B31D-119459D728CE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{93E5B5BA-F78B-4444-9202-39113A8EE3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{97DC3510-E0B1-487A-9319-6E21725996D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9CC62DF8-3208-4ABF-BB7A-E1B7C2CF407E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E2719CC-C18D-4BDD-AFF8-426239C6A4BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A128F2D5-AC67-4304-9F81-FB9FD6F73764}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B387F244-BA2D-4229-B906-9014A9B04B46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"{B4E2369C-40B3-4796-B8C2-51AB800FA131}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8ED503A-C1A3-42E2-9D0E-0D94FBD0A3CD}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE32DA64-E5AA-4E1D-BE93-D8A374DFA7AD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9A7BCB2-F5A1-49EF-962D-3AC4425D08A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D08A6485-B089-4AD8-AFB3-6D96FBBB93FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D789EC2D-74C9-4351-9663-183333BE0198}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\freemax2000\team fortress 2\hl2.exe |
"{DD38B403-5D2D-43F3-9177-7A3FB65FD218}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"{DD9E34AE-6DF0-469F-A28C-597F5B6C0DFD}" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"{E4546BB2-882D-4916-916E-D2AF72FA5998}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F40422E6-59D3-4FF6-8CB0-9CA5F3C1290D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F929EB33-9D72-4604-B9EE-3943A3FF29B1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FB52389C-4907-4006-8825-59280B09043B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FD3F71B3-A642-4365-B64A-B760EBF1D507}" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{15C4C486-7589-4170-B073-8F40FE73F11C}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{17B59E7B-A75B-4A36-94E2-F0882134A169}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{4E3A5F2C-3B71-404A-A974-0D8AE47F9DEB}C:\program files (x86)\beston\webcam suite 2.0\webcamsuite2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beston\webcam suite 2.0\webcamsuite2.exe |
"TCP Query User{5AE421B0-E99C-4160-88A6-9637D489A3E3}C:\program files (x86)\steam\steamapps\freemax2000\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\freemax2000\team fortress 2\hl2.exe |
"TCP Query User{A10054AD-6FEA-46F0-AFAB-EF385EB762DF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FAA95A1C-0442-4479-8B79-27C4BBBF48ED}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{50614492-ADDF-42D9-B859-E8463EB09F02}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{53D755A3-683B-4B3D-B586-30617C39CECF}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7E1EB421-4A10-432A-B1F0-A1784635C301}C:\program files (x86)\beston\webcam suite 2.0\webcamsuite2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beston\webcam suite 2.0\webcamsuite2.exe |
"UDP Query User{B2DF56C2-CAAD-4295-B6F8-53B9971FB911}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C837DD98-D4E1-4F3B-AEC0-3F57E1A185B0}C:\program files (x86)\steam\steamapps\freemax2000\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\freemax2000\team fortress 2\hl2.exe |
"UDP Query User{D05C97E4-CE1C-4B63-8377-4F083AD61F72}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6090DF46-8BA4-54AA-F60C-4647AE1016A4}" = ATI AVIVO64 Codecs
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{C6BF8F09-89DB-2CB0-AB90-A8D02BD37DBC}" = AMD Drag and Drop Transcoding
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0CBDB99A-11CB-4A00-BD94-812E22DEC31D}" = Audials USB
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4E029F9D-A709-4B0A-89C9-D56AA4B1254B}" = WebCam Suite 2.0
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CADdy++ Elektrotechnik" = CADdy++ Elektrotechnik
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Minecraft Texturepack Editor" = Minecraft Texturepack Editor
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"PhotoScape" = PhotoScape
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.08.2012 04:49:33 | Computer Name = ComputerName | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 08.08.2012 06:49:45 | Computer Name = ComputerName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.2,
 Zeitstempel: 0x4e94a58c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x5fc6bc00  ID des fehlerhaften
 Prozesses: 0xb10  Startzeit der fehlerhaften Anwendung: 0x01cd755378a64378  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: c3d31c66-e146-11e1-872c-00199958ad72
 
Error - 08.08.2012 08:04:17 | Computer Name = ComputerName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066e69f  ID des fehlerhaften Prozesses: 0xe48  Startzeit der fehlerhaften Anwendung:
 0x01cd755d6bcede22  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 2d0e1f7d-e151-11e1-872c-00199958ad72
 
Error - 08.08.2012 08:08:02 | Computer Name = ComputerName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066e69f  ID des fehlerhaften Prozesses: 0x11f8  Startzeit der fehlerhaften Anwendung:
 0x01cd755df428e2ee  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 b36ff666-e151-11e1-872c-00199958ad72
 
Error - 08.08.2012 08:08:31 | Computer Name = ComputerName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066e69f  ID des fehlerhaften Prozesses: 0x10c8  Startzeit der fehlerhaften Anwendung:
 0x01cd755e7b350615  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 c4585d97-e151-11e1-872c-00199958ad72
 
Error - 08.08.2012 08:09:17 | Computer Name = ComputerName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066e69f  ID des fehlerhaften Prozesses: 0x119c  Startzeit der fehlerhaften Anwendung:
 0x01cd755e8a0d4a3a  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 e04de8f5-e151-11e1-872c-00199958ad72
 
Error - 08.08.2012 08:10:14 | Computer Name = ComputerName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0066e69f  ID des fehlerhaften Prozesses: 0x1360  Startzeit der fehlerhaften Anwendung:
 0x01cd755ea68a3003  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 01c4d636-e152-11e1-872c-00199958ad72
 
Error - 10.08.2012 10:19:19 | Computer Name = ComputerName | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10.08.2012 10:19:26 | Computer Name = ComputerName | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10.08.2012 13:16:31 | Computer Name = ComputerName | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 10.08.2012 13:24:42 | Computer Name = ComputerName | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Media Center Events ]
Error - 04.12.2011 13:43:43 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 04.12.2011 14:18:16 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 06.12.2011 12:54:54 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 06.12.2011 14:24:32 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 15.12.2011 14:25:37 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 16.12.2011 12:26:01 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 16.12.2011 13:00:44 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 23.12.2011 16:13:41 | Computer Name = ComputerName | Source = Microsoft-Windows-Media Center Extender | ID = 800
Description =
 
Error - 23.12.2011 22:25:16 | Computer Name = ComputerName | Source = MCUpdate | ID = 0
Description = 03:25:12 - Fehler beim Herstellen der Internetverbindung.  03:25:12
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 23.12.2011 23:25:28 | Computer Name = ComputerName | Source = MCUpdate | ID = 0
Description = 04:25:24 - Fehler beim Herstellen der Internetverbindung.  04:25:24
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 12.05.2012 15:42:14 | Computer Name = ComputerName | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.27  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.05.2012 16:04:36 | Computer Name = ComputerName | Source = BROWSER | ID = 8020
Description =
 
Error - 14.05.2012 11:37:39 | Computer Name = ComputerName | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.27  registriert werden. Der Computer mit IP-Adresse 192.168.178.1
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.05.2012 15:39:06 | Computer Name = ComputerName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
Error - 14.05.2012 15:39:07 | Computer Name = ComputerName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
Error - 14.05.2012 15:39:07 | Computer Name = ComputerName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
Error - 16.05.2012 13:56:43 | Computer Name = ComputerName | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\Haspnt.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.05.2012 13:56:43 | Computer Name = ComputerName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Haspnt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
Error - 16.05.2012 13:56:44 | Computer Name = ComputerName | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.05.2012 13:56:44 | Computer Name = ComputerName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hardlock" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
 
< End of report >
--- --- ---


Ich kann den Rechner jetzt starten!! Kein Trojaner-Screen mehr vorhanden..

Was kann ich noch machen?

Danke schon mal!

t'john 11.08.2012 01:49
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..\SearchScopes\{19046F77-CB90-4848-BB89-7BE5387D60D5}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-692091039-3532906276-1279097590-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.focus.de"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-692091039-3532906276-1279097590-500\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8feb97a1-37d6-11e1-9497-00199958ad72}\Shell - "" = AutoRun
O33 - MountPoints2\{8feb97a1-37d6-11e1-9497-00199958ad72}\Shell\AutoRun\command - "" = F:\Autorun.exe

[2012.08.10 15:39:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

karsten.g 11.08.2012 13:57
So, bei meinem Desktop ist jetzt alles in Ordnung!!

Habe mein Laptop auch gescannt, wurden auch wieder einige Files gefunden!!

Bitte nochmal um Hilfe!!

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.11.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Karsten :: COMPAQ615 [Administrator]

Schutz: Aktiviert

11.08.2012 14:18:13
mbam-log-2012-08-11 (14-18-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 174893
Laufzeit: 4 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2012/08/11 14:17:30 +0200 COMPAQ615 Karsten MESSAGE Starting protection
2012/08/11 14:17:35 +0200 COMPAQ615 Karsten MESSAGE Protection started successfully
2012/08/11 14:17:38 +0200 COMPAQ615 Karsten MESSAGE Starting IP protection
2012/08/11 14:17:45 +0200 COMPAQ615 Karsten MESSAGE IP Protection started successfully
2012/08/11 14:17:56 +0200 COMPAQ615 Karsten MESSAGE Starting database refresh
2012/08/11 14:17:56 +0200 COMPAQ615 Karsten MESSAGE Stopping IP protection
2012/08/11 14:24:03 +0200 COMPAQ615 Karsten MESSAGE IP Protection stopped
2012/08/11 14:24:07 +0200 COMPAQ615 Karsten MESSAGE Database refreshed successfully
2012/08/11 14:24:07 +0200 COMPAQ615 Karsten MESSAGE Starting IP protection
2012/08/11 14:24:14 +0200 COMPAQ615 Karsten MESSAGE IP Protection started successfully
OTL Logfile:
Code:
OTL logfile created on: 11.08.2012 14:30:36 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = D:\Software\Kaspersky Virus remove\Trojaner Board
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 61,87% Memory free
3,75 Gb Paging File | 2,17 Gb Available in Paging File | 58,07% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,83 Gb Total Space | 109,99 Gb Free Space | 66,33% Space Free | Partition Type: NTFS
Drive D: | 130,25 Gb Total Space | 21,97 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
 
Computer Name: COMPAQ615 | User Name: Karsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Software\Kaspersky Virus remove\Trojaner Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Connectify\ConnectifyD.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d5d5d29f399379c0\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d5d5d29f399379c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d5d5d29f399379c0\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d5d5d29f399379c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (CH341SER_A64) -- C:\Windows\SysNative\drivers\CH341S64.SYS (www.winchiphead.com)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin)
DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys (Danish Wireless Design A/S)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (12387081) -- C:\Windows\SysNative\drivers\12387081.sys (Kaspersky Lab)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys ()
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.focus.de/ [binary data]
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 8F B3 DB 7A AA CA 01  [binary data]
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\..\SearchScopes,DefaultScope = {04D08E5F-5D6A-4F61-ADC0-080C206AF641}
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\..\SearchScopes\{04D08E5F-5D6A-4F61-ADC0-080C206AF641}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.focus.de"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..network.proxy.http: "221.130.162.249"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6i: d:\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.11.28 15:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.06.27 19:01:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 20:53:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 20:42:55 | 000,000,000 | ---D | M]
 
[2010.03.12 22:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karsten\AppData\Roaming\mozilla\Extensions
[2012.08.07 14:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karsten\AppData\Roaming\mozilla\Firefox\Profiles\7um8rpf5.default\extensions
[2012.05.18 19:28:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Karsten\AppData\Roaming\mozilla\Firefox\Profiles\7um8rpf5.default\extensions\ich@maltegoetz.de
[2012.02.22 20:27:56 | 000,000,933 | ---- | M] () -- C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\searchplugins\11-suche.xml
[2012.02.22 20:27:57 | 000,002,419 | ---- | M] () -- C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\searchplugins\englische-ergebnisse.xml
[2012.02.22 20:27:57 | 000,010,525 | ---- | M] () -- C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\searchplugins\gmx-suche.xml
[2012.02.22 20:27:57 | 000,002,457 | ---- | M] () -- C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\searchplugins\lastminute.xml
[2012.02.22 20:27:56 | 000,005,508 | ---- | M] () -- C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\searchplugins\webde-suche.xml
[2011.11.09 19:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 20:53:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.22 17:55:47 | 000,003,187 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2012.06.23 22:04:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 22:04:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 22:04:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 22:04:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 22:04:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 22:04:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:38 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Karsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\K10STAT.exe - Verknüpfung.lnk = D:\k10stat\K10STAT.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0AB0E93-64F7-4940-97D3-2B49A94116D3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F67AF5D0-8EF3-4633-849B-CFF10A1E8524}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03fbd6ed-2e23-11e0-b613-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{03fbd6ed-2e23-11e0-b613-0027137559d4}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\{24b44d4d-3a8d-11df-ab85-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{24b44d4d-3a8d-11df-ab85-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{3b1f44cc-f4d0-11df-b8a2-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{3b1f44cc-f4d0-11df-b8a2-0027137559d4}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{5a19bf8c-2955-11df-89c4-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{5a19bf8c-2955-11df-89c4-0027137559d4}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e7353bbb-b9de-11df-842e-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{e7353bbb-b9de-11df-842e-0027137559d4}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.11 14:17:19 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Roaming\Malwarebytes
[2012.08.11 14:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.11 14:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 14:17:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.11 14:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.09 21:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SetEditDream
[2012.08.09 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetEditDream
[2012.08.06 21:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
[2012.08.06 21:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2012.08.06 20:37:16 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.08.06 20:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2012.08.06 20:36:19 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Local\SkinSoft
[2012.08.06 11:23:10 | 000,000,000 | ---D | C] -- C:\Users\Karsten\.thumbnails
[2012.08.05 20:16:25 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Local\fontconfig
[2012.08.05 20:16:23 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Local\gegl-0.2
[2012.08.05 20:16:23 | 000,000,000 | ---D | C] -- C:\Users\Karsten\.gimp-2.8
[2012.08.05 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.08.05 15:49:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom Wireless
[2012.08.05 15:48:28 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012.08.05 15:48:28 | 000,022,520 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012.08.05 15:48:27 | 004,423,168 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012.08.05 15:48:27 | 000,073,216 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012.08.05 15:48:27 | 000,060,416 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012.08.05 15:48:26 | 007,606,784 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012.08.05 15:46:45 | 003,555,328 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012.08.05 15:46:44 | 003,890,688 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012.08.05 15:46:43 | 002,978,296 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012.08.05 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012.08.05 14:51:38 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Local\Roxio
[2012.08.03 20:21:58 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Roaming\FLEXnet
[2012.08.03 20:16:18 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Roaming\Vodafone
[2012.08.03 20:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012.08.03 20:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2012.08.03 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2012.08.03 20:14:42 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
[2012.07.22 18:06:28 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Roaming\Apple Computer
[2012.07.22 18:06:28 | 000,000,000 | ---D | C] -- C:\Users\Karsten\AppData\Local\Apple Computer
[2012.07.22 18:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.22 18:06:18 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.07.22 18:06:18 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.07.22 18:06:18 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.07.22 18:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.22 18:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.22 18:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.22 18:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.07.22 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.07.22 18:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.22 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.22 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.15 21:13:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.15 21:13:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.15 21:13:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.15 21:13:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.15 21:13:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.15 21:13:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.15 21:13:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.15 21:13:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.15 21:13:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.15 21:13:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.15 21:13:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.15 21:13:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.15 21:13:23 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.15 21:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.15 21:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.15 21:10:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.15 21:10:00 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.15 21:09:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2011.03.16 22:29:56 | 000,016,792 | ---- | C] (NTWind Software) -- C:\Users\Karsten\AppData\Local\hide.exe
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.11 14:42:28 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP
[2012.08.11 14:37:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 14:23:04 | 000,031,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 14:23:04 | 000,031,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 14:17:11 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.11 14:15:41 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 14:15:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 14:15:06 | 4023,246,848 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 13:45:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.09 11:42:41 | 000,000,521 | ---- | M] () -- C:\Users\Karsten\Desktop\Ordner.lnk
[2012.08.06 21:08:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Connectify.lnk
[2012.08.06 20:37:16 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.08.06 11:23:10 | 000,002,059 | ---- | M] () -- C:\Users\Karsten\AppData\Local\recently-used.xbel
[2012.08.05 20:59:58 | 000,418,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.05 15:48:19 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012.08.05 15:48:19 | 000,073,216 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012.08.05 15:48:19 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012.08.05 15:48:19 | 000,000,457 | ---- | M] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012.08.05 15:48:18 | 007,606,784 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012.08.05 15:48:18 | 004,423,168 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmttls.dll
[2012.08.05 15:48:18 | 001,010,688 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\BCMLogon.dll
[2012.08.05 15:48:18 | 000,060,416 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlrmt.dll
[2012.08.05 15:48:18 | 000,022,520 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012.08.05 15:48:17 | 004,961,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012.08.05 15:48:17 | 000,000,459 | ---- | M] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012.08.05 15:48:16 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012.08.05 15:47:38 | 000,998,786 | ---- | M] () -- C:\Windows\SysNative\oem49.inf
[2012.08.05 15:46:36 | 002,978,296 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012.08.05 15:46:35 | 003,890,688 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012.08.05 15:46:35 | 003,555,328 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012.08.03 20:15:34 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2012.08.03 11:45:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 11:45:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.22 18:06:21 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.11 14:17:11 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.09 11:18:59 | 000,000,521 | ---- | C] () -- C:\Users\Karsten\Desktop\Ordner.lnk
[2012.08.06 21:08:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Connectify.lnk
[2012.08.06 11:23:10 | 000,002,059 | ---- | C] () -- C:\Users\Karsten\AppData\Local\recently-used.xbel
[2012.08.05 20:11:23 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.08.05 15:48:28 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012.08.05 15:47:53 | 000,998,786 | ---- | C] () -- C:\Windows\SysNative\oem49.inf
[2012.08.05 15:46:45 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012.08.03 20:15:34 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2012.07.22 18:06:21 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.22 18:04:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.07.01 17:34:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP
[2012.06.25 20:12:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.12.18 13:27:54 | 000,256,560 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.12.18 13:27:54 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.12.18 13:27:54 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.08.28 13:02:38 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.08.28 11:07:02 | 002,293,712 | ---- | C] () -- C:\Windows\1200cp30.exe
[2011.08.06 17:40:25 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.06.19 21:13:48 | 000,001,214 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat
[2011.06.19 21:12:54 | 000,000,140 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2011.06.19 21:12:54 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2011.05.27 20:37:30 | 000,000,000 | ---- | C] () -- C:\Users\Karsten\__ng3d.lock
[2011.03.16 23:25:26 | 000,087,040 | -HS- | C] () -- C:\Windows\RearmTask.exe
[2011.03.12 13:57:32 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2011.01.18 16:39:31 | 000,000,680 | RHS- | C] () -- C:\Users\Karsten\ntuser.pol
[2011.01.14 21:53:32 | 000,315,682 | ---- | C] () -- C:\Windows\SysWow64\slwc.exe
[2011.01.14 21:49:10 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe
[2011.01.14 21:49:10 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe
[2010.12.26 12:15:48 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.21 13:58:03 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.11.20 20:10:55 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010.11.20 20:10:55 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.09.28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010.04.26 18:48:06 | 000,007,614 | ---- | C] () -- C:\Users\Karsten\AppData\Local\resmon.resmoncfg
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2010.09.12 19:47:52 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\ACD Systems
[2010.02.11 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Acronis
[2010.04.05 13:44:21 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Ashampoo
[2012.06.24 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\AVG
[2011.08.28 14:31:36 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\BOM
[2011.11.21 19:13:01 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Broad Intelligence
[2010.02.11 22:53:43 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\CoSoSys
[2010.09.06 19:49:55 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\DAEMON Tools Lite
[2012.05.01 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Dropbox
[2010.12.05 11:04:57 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\FRITZ!
[2010.03.28 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\HD Tune Pro
[2012.04.24 15:27:47 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Klett
[2010.06.12 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\LEGO Company
[2012.08.06 11:42:48 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\MOBackup
[2012.03.25 17:30:45 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Nokia
[2012.03.25 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\PC Suite
[2011.03.02 21:07:03 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\SmartTools
[2011.04.03 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\TrueCrypt
[2011.06.15 20:25:53 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Trusteer
[2012.08.03 20:16:18 | 000,000,000 | ---D | M] -- C:\Users\Karsten\AppData\Roaming\Vodafone
[2012.08.05 14:57:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 11.08.2012 14:30:36 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = D:\Software\Kaspersky Virus remove\Trojaner Board
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 61,87% Memory free
3,75 Gb Paging File | 2,17 Gb Available in Paging File | 58,07% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,83 Gb Total Space | 109,99 Gb Free Space | 66,33% Space Free | Partition Type: NTFS
Drive D: | 130,25 Gb Total Space | 21,97 Gb Free Space | 16,87% Space Free | Partition Type: NTFS
 
Computer Name: COMPAQ615 | User Name: Karsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- d:\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- d:\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- d:\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- d:\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005344C9-055A-4694-9887-252728364921}" = rport=139 | protocol=6 | dir=out | app=system |
"{01550FBD-667B-4221-832D-C7066DE8B78F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{03460142-3F2E-4EA3-8E7D-B7C869641233}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{05CF2387-8BEA-43E6-80A5-F3242E859000}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{06EB3206-D1AF-4445-B5EB-9B452BE03A52}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{0971B661-E236-4A5F-976C-DBC4DBB6F248}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0988CDA8-DECE-44A8-897C-4BE2A637B7F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{103931E3-79A0-4A43-B17C-6F49EE8E7D73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1663E4E2-CEEA-4545-9A3F-7A054D873565}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{1745D49C-7C9C-4961-AC60-6C3FEF0C2D92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19FA1BA6-DABE-49C3-8CF4-5E562448E023}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A95AE86-DE4C-40C9-B4EC-408D5E394BB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{20701ABE-293C-40A2-BC1B-B19097AF8030}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{21C87F65-AE37-4182-A739-2349206E9572}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21E61013-E31D-43B8-BD6B-0F5C45CC9A94}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2222D9F9-C142-41FC-9882-910C173A096D}" = lport=445 | protocol=6 | dir=in | app=system |
"{233B5ACD-644D-4F81-A0B6-1A14A93140B1}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{2F69816E-6DAB-4049-BACD-ED0ADA0BE820}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38A1A67A-444B-4704-B57B-CA06FE38A74F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CE2DA23-27F5-4C68-B3F7-454FBC25D160}" = rport=138 | protocol=17 | dir=out | app=system |
"{434421A4-1B55-42CB-B6F4-D763B31DC4EE}" = rport=137 | protocol=17 | dir=out | app=system |
"{47FC0E39-FBAA-4D51-80F6-7A82A1786E05}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A290ED0-48BE-41A4-B68B-5F0F372FB042}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50B7283F-834F-42F3-98D5-688D54EBFE1B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{51F50CBE-0C02-4170-ACEE-8403803AFFC0}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{56D50490-21D3-4903-8C08-DBEAE869F6C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B4790E9-2F57-440B-A203-05AD8A1E8CE4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5B9B0F79-F2E7-4671-B084-716B8AC91920}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C059347-A654-46AA-B14B-4B3F7D664750}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5C120CDC-8988-4B14-8648-A800A74943D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E269EC3-3465-4374-B0B6-397FEACBD2D9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{63888ABF-7950-45AD-8BBE-6F4C1DADBBF7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{68C350A4-0CE6-44A8-BA59-B2244EC9A22A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6A9B2B54-EF74-4D41-88F5-DCD462307197}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6CBEA4A3-66B0-4E5B-B416-B50E4DBAF210}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{729BBA0A-E786-4DCD-87F1-E91919E76181}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{79BCCE47-8DD0-4AD8-AFBF-D3306C01AD9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7BB640CC-AE6F-4693-87EC-7E12A8D3A01F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{80F34B5A-49E2-41AA-A557-E613A70C57E9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CCD8659-1544-47A6-92D9-A093F0B2D04D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{958B3B10-4247-4B85-97FE-8F4A064399AA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9A1D1667-AAB0-4A0F-8BC9-335436A2CD3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B25FADB-F237-459A-81BB-DAA80C0A269C}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{9F20D80B-7595-4090-9AE7-F2FE2C3A043B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A164AD8B-21EC-4538-9AEC-CC5E4A27B5A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1C5AA82-01B5-4C9F-B7A4-A00F0224F4F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE21376F-5C14-4E78-B14C-F8D5B5B174F5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AECEFD23-FB16-4FEF-BF93-4A22F7B8F847}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B7F2C717-3526-40D9-8752-1A08F06C8820}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF8F873F-DD1D-468C-84E1-3FB9E2B32BE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0502DDA-3AEA-4DE7-AFE2-3EB526E6691D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6559328-515B-4E55-83F3-3FBDB921F7D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D76B36CA-FFFB-4CF4-8FC2-22F8837FBC73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB0D2CF4-CB46-4CA8-ABE4-E4FE33E6C431}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{E05EF1DC-EF94-4CF4-B99A-1B121AECD886}" = lport=1688 | protocol=6 | dir=in | name=kms emulator |
"{E4EBD2FE-F11A-420B-87AA-F555EA35D946}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA8C0991-F545-4BF8-95B4-46B3112D2C7C}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{EBE52B11-A57E-413F-9994-BE821FAC7826}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE6A7062-87F1-483A-B5C0-CA52D6EE8581}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFE33CA0-9722-4584-9C91-38868F8EEF54}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1463E4C-1932-43CB-8466-5F4AEE60712D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F2371014-C35E-4F30-8087-E5D56764AD35}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F695C09C-F562-45A6-A5C7-E7CFCB24DB3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{FC75D314-E3CF-4814-9CC7-85069E831266}" = rport=2869 | protocol=6 | dir=out | app=system |
"{FCE76272-9C31-476E-AF18-6ECE9DD9B3D6}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025A2517-307D-4B6D-ACEB-2F32F68317FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{036D9A95-7AAA-40FD-B9FC-065B4EE3F470}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{08A68EA7-E83C-4346-B9C0-B1544E734A1B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0924B5A7-096D-4C2A-92A4-A62DDE252A5C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B64AC43-8C62-4992-A319-4DCCE6AEF658}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C6F6720-843E-4914-BCC2-C55CC7DED9F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D0958BA-864E-467A-AF36-2C313D12ABEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{101BBA6D-C493-4441-9339-A7BF2EFDE5C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1707FF2B-48F0-44EC-8455-F12CC47A9041}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A5F9926-AB2F-4505-964D-0145FAB16FD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1BA023E4-0968-4982-9AA6-92893B7FC5D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C56C4D7-4462-4C5A-93C7-67E388E95063}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D5D07AE-6671-428F-AA52-DF3BC6D39D1C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1FBAE661-FB15-4925-8C62-D718CB5BD738}" = protocol=17 | dir=in | app=c:\users\karsten\appdata\local\microsoft\skydrive\skydrive.exe |
"{2222B0E1-35C3-4B1B-9E6E-814A1A96F2C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2636A3B9-27BF-40F2-B129-8EB158A6890C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{26898671-4BBF-42F5-B38C-208128E0B175}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{283C30A7-4B4F-43F1-A20A-6BBF4962E556}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29A30793-3B2E-4560-9189-E7107F3C9D5D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F6174C1-FE8E-447A-BE33-A8C6B52AC5A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{300DB47A-D052-4589-A214-83DB60865108}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{333DCAB9-6711-4EED-A94E-D60640594061}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{351C7702-70D8-4C19-B614-3C24BDEB0439}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3723AA13-DEFB-431E-86B0-7E2B1B98015D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3C89F2A1-CD0F-41F8-8D02-030D191D1E7B}" = dir=out | app=c:\windows\system32\svchost.exe |
"{3CE559BB-7EBE-4199-AD78-D3613F042B70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DC9FF7F-420F-4EB2-96FC-F2C90CA11366}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DEFDF67-7F99-4BA4-9CB7-5CEA5EBBAF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F1E45B7-50B4-4D66-BEE7-940C545D3B2D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4069BFFC-9337-4D2A-B698-DBE26804C630}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{409F3E47-104C-43B9-A743-0B1E1A1B381B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{439DBA1F-A5E6-499C-BD21-89584D5853A6}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{452FBE85-8D6D-4B1B-90BD-A9E9871DD099}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47999560-FF16-4A85-B9FA-1A25F7BE7101}" = protocol=6 | dir=out | app=system |
"{48A76EC5-E175-456C-AF64-1A0CCC1D942F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4FDFA759-A9D1-49B6-83BD-8C502551B802}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54F44CFC-64C2-4F6D-BA3D-26FDA5D637D6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{555268FC-BF65-489A-BA02-A6F565ABAD05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5773B892-A649-49EF-B375-F836E9855DA0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A2AABEA-FE97-4705-8C48-C813AC9047FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{679D7B0E-4625-4647-A5F8-1941AC63A97A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69306F15-DACB-450C-BEA6-3D7AA6FA256D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A47A8DA-9536-4FE8-AFBE-3E76A2AAAD99}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B234003-6834-425E-B793-C0A45661BBE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D1DFC41-4680-4727-8998-1DE70DA9E5A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D69DF81-64D8-4D82-BCF5-3A8D4ACED957}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D964CB6-67CF-4608-A50C-7D62AB3EE9D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F8625B1-1248-4AE3-8066-41FDF5F93276}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70DCEACB-2F4D-46D7-8D50-F3493D03AD03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{746D080A-8A12-4483-B95B-CC8D92EC7AFF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{774D47CF-4A06-498B-80CF-AE330C7B5017}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B0130AE-7181-4A12-8174-F7FFF7FF6A37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BFB3D5A-37C5-46E5-911F-AAB81A2D28CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D217ADE-FC58-4335-BEE6-3265133EBA7E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7FFB7989-D285-42D7-AD10-4A326146CBF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8022FA71-11E3-4E1E-A677-F38D5099162A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{81916B8B-BFC3-41CD-9957-995DB310886B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8663C8C3-50D1-4F9B-AAF9-970FB3F93D2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8828A069-1DB5-4E8E-9003-3B48B57BDFBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89486DE6-76D1-4407-9350-211FCF8C4A06}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89E4B1A8-694D-4F60-AEE1-AB794C4C2FEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A749130-F3A0-462C-982B-F885E8B6F3B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8B30B439-2F3F-4627-8C3B-CA1449565158}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8DB4E2C8-376C-4B15-9AA4-3F07CBD41345}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E826BBA-79E6-4F68-9BFB-C900EFBB393B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8E8EBE1F-D757-4CB0-ABC2-8D3AEF823012}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94E23AA6-AA3F-417B-A8A8-EA09B5B10D35}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{94EE03A9-A69A-49DC-AC9A-FFCC9B90ED26}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{967789F2-CAFE-4346-9E69-CDDF48AA5BCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B7FE04C-5B1F-412B-B33D-0BE9E249C286}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E469D1F-5C04-47FF-897C-63F4F3D9B86F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A1F9A9E6-7942-4173-A0B7-13C1229D30CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6E09527-3297-4BD3-9537-76BC9C43DB38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8AB0A03-6960-468F-B6F5-4E20D33FD6EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9963BC6-08B7-49A9-984A-7ACE13D977BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0AC446C-A217-4956-B91C-4B148C4DD523}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B3F2E670-CBB0-4E99-ACF6-EFF9B9DFB5AE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4675AFC-1E0C-4549-AF36-A7C57E67DCA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8600524-C5EA-42BD-A73B-E4E551F6BBCC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA30B367-D64D-46CB-A4BF-86EC9110AB64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA6321F6-B389-4C02-B605-5DC55CEF71C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC7F820C-1C12-4095-BA30-1A964AEB469E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BCEEBA19-96BD-4BCA-BAA4-797DBF8854B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BF311574-BF1D-4C3F-9D4F-0248D9F9D4DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0D86497-E349-4267-A36E-6B64A3C1AA02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2E2A883-E7B0-4EFB-9650-5F5A7CDA1E71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C56868D8-269E-48A0-B6D3-FBD351761EC2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C7C18DD4-61F4-4825-AA33-B5342474944A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCFB18D6-ECD5-4D5C-9ACB-70A55AD68CC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE88471A-2B33-415D-BECC-88F1352B5162}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CFD24E8B-7EC7-48EE-AD37-7A7548F88F76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D14B19BA-A2AB-4E48-8F9C-12C6075BB386}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D217CF0A-16DF-406F-850D-0F85F9F03316}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4272BFB-0831-4D83-B6F7-8839565C32A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D55354A3-7CE9-44CD-89A1-48D75B975020}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D65A432D-4156-4B43-B4EE-C03BF7AD46CF}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{D94792B2-9CEE-4301-B679-18896A18A425}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA3B730D-5DF4-42EA-ABCB-FC0400F8819B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCCEE47F-E96D-4814-93F2-551E0AC68F4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDB0D3A7-68A1-4259-9C5D-7BAEB32B7254}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE069D59-FDBA-461D-B4C9-FD47E510D34A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE2C1E86-C55A-425E-AA49-1297A28C616B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF98CD73-27E9-4774-B7CE-143C4F0D2D53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6343F33-BD1F-4D9F-97CC-1A2A0D273249}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{E844B1C2-9947-4140-A8C0-E95C02C3AA07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA521697-0727-4EC0-9ECF-DA96821561D0}" = protocol=6 | dir=in | app=c:\users\karsten\appdata\local\microsoft\skydrive\skydrive.exe |
"{ECF7B0AC-F02E-4BBA-9A36-45A456A14A1E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EDC82710-391D-4C52-B1D0-8C7737A108DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE4C9EED-6A87-4B20-9D10-9C415175B42C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1689D67-0DF5-4672-9691-3AB158011B2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1B6E05E-7F85-43E8-B01D-70F151640E74}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F26D2A94-6913-4113-A7C0-B8670A1CE9CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F68BA928-CAE2-4730-8EF4-DA966FE87678}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F698DE6A-1A09-4A3A-AC04-8C05299187EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F70DF387-DF92-428F-9FCB-52E05338EEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F9D9C59F-DB90-4B57-B4EB-4356AAA24D99}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBB5698D-3F13-4211-8478-4CD60748BC3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{14627C68-142B-472F-93B6-F59281863127}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{335E13D1-B533-4658-8D7D-CC240504FD38}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{8996C39B-BBA0-43E2-BF0B-B2E960B48695}D:\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\videolan\vlc\vlc.exe |
"TCP Query User{8DE711BC-E8F2-4519-AE46-D5825FBB6ED0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{C3B66439-0DD1-431D-9597-1EA40CDA8EFA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{FD997FC6-7964-4DB4-8E10-651CE35A163A}C:\program files (x86)\seteditdream\seteditdream.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seteditdream\seteditdream.exe |
"UDP Query User{00EBE310-6490-4B26-8F33-912A70392C11}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{400A7E9A-D37E-40EF-859A-4E563968AC75}D:\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\videolan\vlc\vlc.exe |
"UDP Query User{62D33F50-D80E-428A-9CDE-AE85CC221267}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{62E51559-B010-4A6A-9360-0551F19B7540}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{9C122FFC-E5FB-45CF-8091-B67A5A36270D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{CA34A55F-18B4-4E2C-BC13-159BE206AF4E}C:\program files (x86)\seteditdream\seteditdream.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seteditdream\seteditdream.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"Connectify" = Connectify
"GIMP-2_is1" = GIMP 2.8.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53753510-7620-4D2B-9C0B-111F871615D9}" = LEGO MINDSTORMS NXT - English Language Pack
"{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C611440-731C-404B-9ED1-93FF8D17FCB5}" = VisualMR
"{7FAA26D8-3727-41CD-A9DE-9480E4EA9130}" = Audials
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1F25BB8-9923-4802-BF3A-EA1DEFEC6ECE}" = Microsoft ASL Compiler v2.0.2NT BETA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE6129BE-FA51-4A66-8D05-77DED7BAE0C4}" = GTS
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6317628-C85F-4CEE-A2A7-8D4477EC7C24}" = Red Line 2 Sprachtrainer
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FE465061-894A-4023-8580-56FCDD4F23F9}" = HP SoftPaq Download Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC66551-0083-425F-964E-277BD512E56C}" = Microsoft ACPI Source Language Compiler v4.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"AudioCoder" = AudioCoder 2011
"avast" = avast! Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Matroska Pack" = Matroska Pack
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"OpenAL" = OpenAL
"Rapport_msi" = Rapport
"SmartToolsFeiertags- und Ferien-Assistentv4.00" = SmartTools Publishing • Outlook Feiertags- und Ferien-Assistent
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TrueCrypt" = TrueCrypt
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.08.2012 03:40:19 | Computer Name = Compaq615 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 09.08.2012 06:49:27 | Computer Name = Compaq615 | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
 ist falsch formatiert. Die falsch formatierte Zeichenfolge ist " ". Das erste DWORD
 im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
 enthalten.
 
Error - 10.08.2012 04:24:01 | Computer Name = Compaq615 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 10.08.2012 06:13:34 | Computer Name = Compaq615 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.08.2012 13:41:26 | Computer Name = Compaq615 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.08.2012 03:44:05 | Computer Name = Compaq615 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.08.2012 03:58:11 | Computer Name = Compaq615 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Software\Kaspersky
 Virus remove\Trojaner Board\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.08.2012 03:58:20 | Computer Name = Compaq615 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Software\Kaspersky
 Virus remove\Trojaner Board\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.08.2012 08:12:38 | Computer Name = Compaq615 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 11.08.2012 08:15:34 | Computer Name = Compaq615 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ Broadcom Wireless LAN Events ]
Error - 13.02.2012 13:48:41 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 18:48:41, Mon, Feb 13, 12 Error - Unable to gain access to user store

 
Error - 04.03.2012 08:25:59 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 13:25:59, Sun, Mar 04, 12 Error - Unable to gain access to user store

 
Error - 10.03.2012 04:52:18 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 09:52:18, Sat, Mar 10, 12 Error - Unable to gain access to user store

 
Error - 30.04.2012 14:10:25 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 20:10:25, Mon, Apr 30, 12 Error - Unable to gain access to user store

 
Error - 01.05.2012 06:16:02 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 12:16:01, Tue, May 01, 12 Error - Unable to gain access to user store

 
Error - 01.05.2012 08:38:14 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 14:38:13, Tue, May 01, 12 Error - Unable to gain access to user store

 
Error - 10.05.2012 21:24:28 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 03:24:28, Fri, May 11, 12 Error - Unable to gain access to user store

 
Error - 21.05.2012 11:50:27 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 17:50:26, Mon, May 21, 12 Error - Unable to gain access to user store

 
Error - 13.06.2012 12:51:18 | Computer Name = Compaq615 | Source = WLAN-Tray | ID = 0
Description = 18:51:17, Wed, Jun 13, 12 Error - Unable to gain access to user store

 
[ HP Software Framework Events ]
Error - 05.08.2012 09:41:26 | Computer Name = Compaq615 | Source = CaslWmi | ID = 5
Description = 2012.08.05 15:41:26.162|000012E8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ Media Center Events ]
Error - 09.02.2011 12:21:00 | Computer Name = Compaq615 | Source = MCUpdate | ID = 0
Description = 17:20:51 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 09.02.2011 13:25:40 | Computer Name = Compaq615 | Source = MCUpdate | ID = 0
Description = 18:25:39 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 04.12.2011 12:36:44 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
 
Error - 04.12.2011 12:45:18 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
 
Error - 04.12.2011 12:48:11 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
 
Error - 04.12.2011 12:54:46 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
 
Error - 04.12.2011 13:00:56 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 539
Description =
 
Error - 04.12.2011 13:05:54 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
 
Error - 04.12.2011 13:20:35 | Computer Name = Compaq615 | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =
 
Error - 22.01.2012 07:16:02 | Computer Name = Compaq615 | Source = MCUpdate | ID = 0
Description = 12:16:02 - Fehler beim Herstellen der Internetverbindung.  12:16:02
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 11.08.2012 08:15:15 | Computer Name = COMPAQ615 | Source = BugCheck | ID = 1001
Description =
 
Error - 11.08.2012 08:15:09 | Computer Name = Compaq615 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.08.2012 08:15:09 | Computer Name = Compaq615 | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.08.2012 08:15:11 | Computer Name = Compaq615 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%2
 
Error - 11.08.2012 08:15:23 | Computer Name = Compaq615 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DHCP Server" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 11.08.2012 08:15:44 | Computer Name = Compaq615 | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 11.08.2012 08:15:44 | Computer Name = Compaq615 | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 11.08.2012 08:15:44 | Computer Name = Compaq615 | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 11.08.2012 08:15:44 | Computer Name = Compaq615 | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 11.08.2012 08:15:44 | Computer Name = Compaq615 | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >
--- --- ---


OK, Danke!!

t'john 11.08.2012 14:07
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\..\SearchScopes,DefaultScope = {04D08E5F-5D6A-4F61-ADC0-080C206AF641}
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\..\SearchScopes\{04D08E5F-5D6A-4F61-ADC0-080C206AF641}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.focus.de"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..network.proxy.http: "221.130.162.249"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2758281897-286584914-2894495903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03fbd6ed-2e23-11e0-b613-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{03fbd6ed-2e23-11e0-b613-0027137559d4}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\{24b44d4d-3a8d-11df-ab85-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{24b44d4d-3a8d-11df-ab85-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{3b1f44cc-f4d0-11df-b8a2-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{3b1f44cc-f4d0-11df-b8a2-0027137559d4}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
O33 - MountPoints2\{5a19bf8c-2955-11df-89c4-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{5a19bf8c-2955-11df-89c4-0027137559d4}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e7353bbb-b9de-11df-842e-0027137559d4}\Shell - "" = AutoRun
O33 - MountPoints2\{e7353bbb-b9de-11df-842e-0027137559d4}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

karsten.g 11.08.2012 15:31
Habe jetzt auch meinen Laptop gereinigt!!

Danke noch mal an die Admin's!!! Super Arbeit!!

Werde das Board auch unterstützen, aber wie schütze ich meinen
Rechner dauerhaft? Welche Software ist am betsen dafür geeignet?

t'john 11.08.2012 15:39
Wir sind noch nicht fertig!
Dein Rechner ist weder sauber noch abgesichert.

Sehr gut! :daumenhoc



1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

karsten.g 11.08.2012 19:23
Hier ist die Log vom ADW cleaner!

# AdwCleaner v1.800 - Logfile created 08/11/2012 at 20:20:41
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Karsten - COMPAQ615
# Running from : D:\Software\Kaspersky Virus remove\Trojaner Board\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2619 octets] - [11/08/2012 14:10:07]
AdwCleaner[S1].txt - [2636 octets] - [11/08/2012 14:11:06]
AdwCleaner[R2].txt - [983 octets] - [11/08/2012 20:19:03]
AdwCleaner[R3].txt - [915 octets] - [11/08/2012 20:20:41]

########## EOF - C:\AdwCleaner[R3].txt - [1042 octets] ##########

t'john 11.08.2012 19:35
Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Wo ist AdwCleaner[S1].txt?

karsten.g 17.08.2012 16:36
Ich war jetzt eine Woche im Urlaub, Wetter war ja super!!

Jetzt aber zum Problem, habe hier noch mal die Log's von meinem Laptop:

# AdwCleaner v1.800 - Logfile created 08/17/2012 at 17:25:20
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Karsten - COMPAQ615
# Running from : C:\Users\Karsten\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R6].txt - [838 octets] - [17/08/2012 17:15:42]
AdwCleaner[R7].txt - [897 octets] - [17/08/2012 17:18:47]
AdwCleaner[R8].txt - [829 octets] - [17/08/2012 17:25:20]



***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R6].txt - [838 octets] - [17/08/2012 17:15:42]
AdwCleaner[R7].txt - [897 octets] - [17/08/2012 17:18:47]
AdwCleaner[R8].txt - [956 octets] - [17/08/2012 17:25:20]
AdwCleaner[S3].txt - [888 octets] - [17/08/2012 17:25:37]

########## EOF - C:\AdwCleaner[S3].txt - [1015 octets] ##########


Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Karsten :: COMPAQ615 [Administrator]

Schutz: Aktiviert

17.08.2012 14:54:27
mbam-log-2012-08-17 (14-54-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|P:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 481237
Laufzeit: 2 Stunde(n), 16 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


2012/08/17 13:32:27 +0200 COMPAQ615 Karsten MESSAGE Starting protection
2012/08/17 13:32:31 +0200 COMPAQ615 Karsten MESSAGE Protection started successfully
2012/08/17 13:32:34 +0200 COMPAQ615 Karsten MESSAGE Starting IP protection
2012/08/17 13:32:42 +0200 COMPAQ615 Karsten MESSAGE IP Protection started successfully
2012/08/17 14:54:08 +0200 COMPAQ615 Karsten MESSAGE Starting database refresh
2012/08/17 14:54:09 +0200 COMPAQ615 Karsten MESSAGE Stopping IP protection
2012/08/17 15:00:13 +0200 COMPAQ615 Karsten MESSAGE IP Protection stopped
2012/08/17 15:00:19 +0200 COMPAQ615 Karsten MESSAGE Database refreshed successfully
2012/08/17 15:00:19 +0200 COMPAQ615 Karsten MESSAGE Starting IP protection
2012/08/17 15:00:28 +0200 COMPAQ615 Karsten MESSAGE IP Protection started successfully
2012/08/17 17:29:10 +0200 COMPAQ615 Karsten MESSAGE Starting protection
2012/08/17 17:29:14 +0200 COMPAQ615 Karsten MESSAGE Protection started successfully
2012/08/17 17:29:17 +0200 COMPAQ615 Karsten MESSAGE Starting IP protection
2012/08/17 17:29:24 +0200 COMPAQ615 Karsten MESSAGE IP Protection started successfully

Meine Logfilles vom Desktop-PC kommen noch.
Welche Software wäre denn als dauerhafter Schutz ausreichend?

Danke!:daumenhoc

t'john 17.08.2012 17:38
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

karsten.g 18.08.2012 11:09
Hier sind die Log's:

# AdwCleaner v1.800 - Logfile created 08/17/2012 at 17:25:37
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Karsten - COMPAQ615
# Running from : C:\Users\Karsten\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\7um8rpf5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R6].txt - [838 octets] - [17/08/2012 17:15:42]
AdwCleaner[R7].txt - [897 octets] - [17/08/2012 17:18:47]
AdwCleaner[R8].txt - [956 octets] - [17/08/2012 17:25:20]
AdwCleaner[S3].txt - [888 octets] - [17/08/2012 17:25:37]

########## EOF - C:\AdwCleaner[S3].txt - [1015 octets] ##########

und

Objekte: Rootkits, Speicher, Traces, C:\, D:\, P:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 18.08.2012 10:16:12

P:\DM800HDPVR\Flashen\2nd_stage_pack\diffrent method\Enforcer.exe gefunden: Riskware.Hacktool.GSM-Magic!E2

Gescannt 741693
Gefunden 1

Scan Ende: 18.08.2012 11:27:56
Scan Zeit: 1:11:44

P:\DM800HDPVR\Flashen\2nd_stage_pack\diffrent method\Enforcer.exe Gelöscht Riskware.Hacktool.GSM-Magic!E2

Gelöscht 1

t'john 18.08.2012 14:36
Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

t'john 05.10.2012 02:24
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131