Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/ATRAPS.Gen Meldung in Antivir (https://www.trojaner-board.de/114210-tr-atraps-gen-meldung-antivir.html)

michi69 27.04.2012 08:43
TR/ATRAPS.Gen Meldung in Antivir
 
Ich habe auf meinem Rechner die Meldung bekommen, dass der TR/ATRAPS.Gen in einer dll gefunden wurde

Mein Rechner
ASUS Notebook
Windows 7 64-bit
Antivir 10.2.0.707
Windows Firewall
Spybot 1.6.2

Ich habe mit die Anleitung für das OTL Tool durchgelesen und hier sind die beiden Datein:

OTL.txt
Code:
OTL logfile created on: 4/27/2012 3:15:54 AM - Run 2
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\Rahman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 23.59% Memory free
7.89 Gb Paging File | 4.01 Gb Available in Paging File | 50.85% Paging File free
Paging file location(s): e:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 14.70 Gb Free Space | 19.73% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 41.41 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive E: | 208.92 Gb Total Space | 81.66 Gb Free Space | 39.09% Space Free | Partition Type: NTFS
 
Computer Name: SPUTNIK | User Name: Rahman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rahman\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
PRC - C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Users\Rahman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Program Files (x86)\Miranda IM\miranda32.exe ( )
PRC - E:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - E:\Program Files (x86)\LaunchBarCommander\LaunchBarCommander.exe (DonationCoder.com)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.)
PRC - C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.)
PRC - C:\Users\Rahman\AppData\Roaming\Telekom Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\tools\n52te\razerhid.exe (Razer USA Ltd.)
PRC - C:\tools\n52te\razertra.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\tools\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - E:\Program Files (x86)\WinHotKey\WinHotKey.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Program Files (x86)\1Password\js3215R.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\srmm.dll ()
MOD - E:\Program Files (x86)\Miranda IM\zlib.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\ICQ.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\clist_classic.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\chat.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\Aim.dll ()
MOD - E:\Program Files (x86)\Miranda IM\Plugins\IRC.dll ()
MOD - C:\Windows\SysWOW64\d3dyxom5s.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\IS_ContextMenu.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\tools\n52te\razertra.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\tools\totalcmd\TCUNZLIB.DLL ()
MOD - C:\tools\totalcmd\WCMZIP32.DLL ()
MOD - E:\Program Files (x86)\WinHotKey\WinHotKey.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\aptwbvy8v.dll ()
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Agile1Password) -- C:\Program Files (x86)\1Password\Agile1pService.exe (AgileBits)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (rtpMIDIService) -- C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (GFIBckHAtt) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.)
SRV - (GFIBckHSched) -- C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ipMIDI) nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM) -- C:\Windows\SysNative\drivers\ipmidi.sys (nerds.de)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (teVirtualMIDI64) -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys (Tobias Erichsen)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (bomebus) -- C:\Windows\SysNative\drivers\bomebus.sys (Bome Software)
DRV:64bit: - (bomemidi) -- C:\Windows\SysNative\drivers\bomemidi.sys (Bome Software)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation)
DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation)
DRV:64bit: - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation)
DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation)
DRV:64bit: - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation)
DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation)
DRV:64bit: - (RL_DJIFIE2_USB) -- C:\Windows\SysNative\drivers\rldjif2u.sys (Ploytec GmbH)
DRV:64bit: - (RL_DJIFIE2_WDM) -- C:\Windows\SysNative\drivers\rldjif2a.sys (Ploytec GmbH)
DRV:64bit: - (RL_DJIFIE2_MIDI) -- C:\Windows\SysNative\drivers\rldjif2m.sys (Ploytec GmbH)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SRS_PremiumSound_Service) -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys ()
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (vhidmini) -- C:\Windows\SysNative\drivers\vhidmini.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (JmtFltr) -- C:\Windows\SysNative\drivers\JmtFltr.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (GETPADD64) -- C:\Program Files (x86)\ASUS\WinFlash\GETPADD64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/tempcleaner/{AC877D46-89A1-4D1E-91E1-BDB49287334D}
IE - HKLM\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\InprocServer32 File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - SOFTWARE\Classes\CLSID\\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\DealBulldog Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {D9D829B2-7DFF-4A5C-90C0-6506364DD688}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/tempcleaner/{AC877D46-89A1-4D1E-91E1-BDB49287334D}?q={searchTerms}
IE - HKCU\..\SearchScopes\{CC47177A-5DC6-42F5-B03D-CD647F85375F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=STC3&o=APN10175&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A7U&apn_dtid=^YYYYYY^YY^DE&apn_uid=DAA5F1E6-2C93-4D75-80DE-5B74868F1597&apn_sauid=C1600372-407A-4892-85EE-410FE55B2051
IE - HKCU\..\SearchScopes\{D9D829B2-7DFF-4A5C-90C0-6506364DD688}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rahman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rahman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/22 01:35:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 11:25:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/08 07:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/22 10:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/22 01:35:43 | 000,000,000 | ---D | M]
 
[2010/02/05 17:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahman\AppData\Roaming\mozilla\Extensions
[2010/02/05 17:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahman\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/26 14:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahman\AppData\Roaming\mozilla\Firefox\Profiles\bzar4i1z.rachi\extensions
[2012/01/17 00:40:40 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Rahman\AppData\Roaming\mozilla\Firefox\Profiles\bzar4i1z.rachi\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/04/25 11:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/25 11:25:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/18 03:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/08 16:14:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/08 16:14:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/08 16:14:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/08 16:14:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/26 01:05:31 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011/10/08 16:14:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/08 16:14:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Private delicious = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfagpejgjjbooinnahooadnlbfhnbcid\1.3_0\
CHR - Extension: Google-Suche = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: 1Password = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkndfifopckmhdkohjeoljlbfnjhekfg\3.9.4.39499_0\
CHR - Extension: Save in Delicious = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd\1.1_0\
CHR - Extension: Google Mail = C:\Users\Rahman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011/11/20 18:16:37 | 000,438,702 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15087 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - Locked - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [EasyMessage] E:\Program Files (x86)\Easy Message\em2.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Jomantha] C:\tools\n52te\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [GoogleContactSync] E:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe (WebGear Ltd, New Zealand + Create Software + Stru.be + saller.NET)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [LaunchBarCommander] E:\Program Files (x86)\LaunchBarCommander\LaunchBarCommander.exe (DonationCoder.com)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WinHotKey] E:\Program Files (x86)\WinHotKey\WinHotKey.exe ()
O4 - Startup: C:\Users\Rahman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rahman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: In RSS Bandit abonnieren - C:\Users\Rahman\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: In RSS Bandit abonnieren - C:\Users\Rahman\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : 1Password        Ctrl+Alt+AKUT - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\d3dyxom5s.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CFBC708-27E0-4ACF-927A-E701D7123DBE}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CAD134E-017D-469B-91D3-CFE3E4D3594D}: NameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC6A3074-1BDD-415A-A80F-91AB11E2A17D}: NameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF365844-9F87-47D8-AA55-4BCD2EB15B71}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42af1e3e-58e8-11e0-a639-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{42af1e3e-58e8-11e0-a639-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{458ae1d5-0c33-11e0-be50-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{458ae1d5-0c33-11e0-be50-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6eb7e275-640d-11e0-b501-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb7e275-640d-11e0-b501-002243d52601}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{a6ebe72b-2853-11e1-911c-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{a6ebe72b-2853-11e1-911c-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a6ebe743-2853-11e1-911c-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{a6ebe743-2853-11e1-911c-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a6ebe76a-2853-11e1-911c-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{a6ebe76a-2853-11e1-911c-002243d52601}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b5ab2430-2850-11e1-8e2a-90e6bae9a26d}\Shell - "" = AutoRun
O33 - MountPoints2\{b5ab2430-2850-11e1-8e2a-90e6bae9a26d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d5df726f-ff41-11df-9f3e-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{d5df726f-ff41-11df-9f3e-002243d52601}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{def33b65-8f2d-11e1-a771-002243d52601}\Shell - "" = AutoRun
O33 - MountPoints2\{def33b65-8f2d-11e1-a771-002243d52601}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/26 01:49:35 | 000,000,000 | ---D | C] -- C:\Users\Rahman\AppData\Local\FeedDemon
[2012/04/26 01:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedDemon
[2012/04/26 01:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FeedDemon
[2012/04/25 11:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/24 17:23:23 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/24 17:23:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/24 17:23:22 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/24 17:23:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/24 17:23:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/24 17:23:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/24 17:23:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/24 17:23:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/24 17:23:20 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/24 17:23:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/24 17:23:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/24 17:22:37 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/24 17:22:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/24 17:22:36 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/24 17:17:54 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/24 17:17:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/24 17:17:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/13 04:35:58 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 04:10:29 | 000,000,000 | ---D | C] -- C:\Users\Rahman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/13 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/04/13 03:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/13 03:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/13 03:55:08 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rahman\Desktop\mbam-setup-1.60.0.1800.exe
[2012/03/30 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 16:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/30 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 16:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/27 03:30:28 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001UA.job
[2012/04/27 03:11:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 02:54:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 00:54:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/27 00:43:41 | 000,026,278 | ---- | M] () -- C:\Users\Rahman\_viminfo
[2012/04/27 00:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 18:40:51 | 000,032,070 | ---- | M] () -- C:\Users\Rahman\.recently-used.xbel
[2012/04/26 17:45:02 | 001,817,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 17:45:02 | 000,769,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/04/26 17:45:02 | 000,724,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 17:45:02 | 000,175,866 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/04/26 17:45:02 | 000,148,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 01:49:33 | 000,001,867 | ---- | M] () -- C:\Users\Rahman\Desktop\FeedDemon.lnk
[2012/04/26 01:33:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 01:33:52 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 01:26:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/04/26 01:26:30 | 000,002,459 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/04/26 01:25:04 | 3212,697,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 11:30:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001Core.job
[2012/04/23 17:32:15 | 000,289,280 | ---- | M] () -- C:\Windows\SysNative\aptwbvy8v.dll
[2012/04/20 03:36:49 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/20 03:36:49 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/18 03:03:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/18 03:03:51 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/18 03:03:51 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/18 03:03:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/13 04:34:04 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/04/13 04:10:32 | 000,002,981 | ---- | M] () -- C:\Users\Rahman\Desktop\HiJackThis.lnk
[2012/04/13 04:09:29 | 001,402,880 | ---- | M] () -- C:\Users\Rahman\Desktop\HiJackThis-2-04.msi
[2012/04/13 03:57:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 03:55:27 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rahman\Desktop\mbam-setup-1.60.0.1800.exe
[2012/04/11 12:44:56 | 000,093,506 | ---- | M] () -- C:\Users\Rahman\Documents\kompetenz.PDF
[2012/04/04 17:06:38 | 000,000,981 | ---- | M] () -- C:\Users\Rahman\Desktop\1Password.lnk
[2012/04/04 17:06:11 | 000,001,004 | ---- | M] () -- C:\Users\Rahman\Desktop\Dropbox.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/30 16:26:10 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/30 16:24:41 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 11:59:03 | 000,969,043 | ---- | M] () -- C:\Users\Rahman\Documents\interkulturelle kompetenz.PDF
[2012/03/30 11:56:14 | 000,078,366 | ---- | M] () -- C:\Users\Rahman\Documents\konpentenz relevanz.PDF
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/26 18:40:51 | 000,032,070 | ---- | C] () -- C:\Users\Rahman\.recently-used.xbel
[2012/04/26 01:49:33 | 000,001,867 | ---- | C] () -- C:\Users\Rahman\Desktop\FeedDemon.lnk
[2012/04/23 17:32:15 | 000,289,280 | ---- | C] () -- C:\Windows\SysNative\aptwbvy8v.dll
[2012/04/13 04:36:41 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 04:10:32 | 000,002,981 | ---- | C] () -- C:\Users\Rahman\Desktop\HiJackThis.lnk
[2012/04/13 04:09:27 | 001,402,880 | ---- | C] () -- C:\Users\Rahman\Desktop\HiJackThis-2-04.msi
[2012/04/13 03:56:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/11 12:46:12 | 000,093,506 | ---- | C] () -- C:\Users\Rahman\Documents\kompetenz.PDF
[2012/04/04 17:06:11 | 000,001,004 | ---- | C] () -- C:\Users\Rahman\Desktop\Dropbox.lnk
[2012/03/30 16:26:10 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/30 16:24:41 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 11:59:21 | 000,969,043 | ---- | C] () -- C:\Users\Rahman\Documents\interkulturelle kompetenz.PDF
[2012/03/30 11:57:48 | 000,078,366 | ---- | C] () -- C:\Users\Rahman\Documents\konpentenz relevanz.PDF
[2012/03/23 10:50:07 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/03/23 10:50:06 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2012/02/23 15:18:11 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2012/02/22 01:27:07 | 000,234,716 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012/02/22 01:27:07 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2012/02/17 12:46:43 | 000,000,036 | ---- | C] () -- C:\Windows\SysWow64\doc2pdf_config.ini
[2012/02/12 16:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012/02/12 16:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012/02/12 16:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012/02/09 04:23:03 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_LaunchBarCommander_InstallInfo.dat
[2012/02/09 04:23:03 | 000,000,058 | ---- | C] () -- C:\Users\Rahman\AppData\Local\DonationCoder_LaunchBarCommander_InstallInfo.dat
[2012/02/09 03:29:23 | 000,000,000 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\Stardockfences_debug_snapshot.dat
[2012/02/06 16:51:13 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2012/01/31 22:57:10 | 000,004,096 | -H-- | C] () -- C:\Users\Rahman\AppData\Local\keyfile3.drm
[2012/01/15 17:53:33 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\d3dyxom5s.dll
[2012/01/08 07:14:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/12/24 23:05:11 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2011/10/11 01:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Rahman\AppData\Local\{0809AAF6-117F-47BE-92D5-345142EAF55B}
[2011/09/17 02:27:33 | 001,153,159 | ---- | C] () -- C:\Windows\SysWow64\libvorbisenc-2.dll
[2011/09/17 02:27:33 | 001,138,027 | ---- | C] () -- C:\Windows\SysWow64\libfftw3-3.dll
[2011/09/17 02:27:33 | 001,086,487 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/09/17 02:27:33 | 000,434,914 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2011/09/17 02:27:33 | 000,177,273 | ---- | C] () -- C:\Windows\SysWow64\libvorbis-0.dll
[2011/09/17 02:27:33 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\libgnurx-0.dll
[2011/09/17 02:27:33 | 000,047,490 | ---- | C] () -- C:\Windows\SysWow64\libvorbisfile-3.dll
[2011/09/17 02:27:33 | 000,027,071 | ---- | C] () -- C:\Windows\SysWow64\libogg-0.dll
[2011/09/17 02:27:33 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\libdl.dll
[2011/09/17 02:25:57 | 000,029,803 | ---- | C] () -- C:\Windows\SysWow64\cyclist.exe
[2011/09/17 02:25:57 | 000,014,322 | ---- | C] () -- C:\Windows\SysWow64\pdreceive.exe
[2011/09/17 02:25:57 | 000,009,579 | ---- | C] () -- C:\Windows\SysWow64\pdsend.exe
[2011/09/11 01:08:11 | 000,188,308 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/20 03:45:47 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011/04/21 21:27:07 | 000,000,600 | ---- | C] () -- C:\Users\Rahman\AppData\Local\PUTTY.RND
[2011/02/20 04:37:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/02/16 07:48:52 | 000,000,067 | ---- | C] () -- C:\Windows\A1 DVD Ripper.INI
[2011/01/25 07:22:02 | 000,005,260 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\servetome-fonts.conf
[2011/01/12 16:58:10 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/01/11 15:42:43 | 000,037,058 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010/12/29 01:28:29 | 000,000,000 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\AVSMediaPlayer.m3u
[2010/12/29 01:25:00 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/12/29 01:25:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/16 04:05:10 | 000,047,633 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2010/12/14 07:48:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/21 19:27:31 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\virport.dll
[2010/07/03 08:09:16 | 000,012,477 | ---- | C] () -- C:\Users\Rahman\AppData\Roaming\ShortcutSettings.xml
 
========== LOP Check ==========
 
[2010/08/07 11:36:17 | 000,000,000 | -HSD | M] -- C:\Users\Rahman\AppData\Roaming\.#
[2012/02/03 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\.purple
[2011/11/18 00:18:26 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\.servetome-fontconfig
[2011/09/14 21:21:55 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Ableton
[2010/12/14 01:14:36 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Agile Web Solutions
[2011/02/16 11:51:14 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\All Free DVD Ripper
[2011/01/13 03:22:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Asus WebStorage
[2012/01/31 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Audacity
[2010/12/02 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2012/01/31 03:59:08 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\BitTorrent
[2010/12/13 14:49:20 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\CD Art Display
[2010/10/11 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\CheckPoint
[2011/09/17 03:28:07 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Cycling '74
[2010/11/30 01:59:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Digiarty
[2012/02/09 04:23:03 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\DonationCoder
[2012/04/27 02:36:36 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Dropbox
[2012/02/22 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\DVDVideoSoft
[2012/02/22 18:19:01 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/12/08 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Foxit
[2010/12/08 21:13:53 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Foxit Software
[2012/02/15 03:30:52 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GetRightToGo
[2011/01/07 12:09:35 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GHISLER
[2012/01/18 03:14:01 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GoContactSyncMOD
[2011/01/14 03:00:47 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\GoodSync
[2012/04/26 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\gtk-2.0
[2011/02/20 04:33:13 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Gutscheinmieze
[2011/02/18 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\HandBrake
[2011/08/31 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\hexler
[2011/09/21 18:53:48 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\IrfanView
[2011/12/24 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\iSkysoft Video Converter Ultimate
[2012/02/11 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
[2010/12/13 15:55:58 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\iTSfv
[2010/11/30 13:52:40 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Jumping Bytes
[2010/01/16 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Juniper Networks
[2010/01/15 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Leadertech
[2011/11/25 13:48:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\LinkeSOFT
[2011/01/30 06:06:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Memeo
[2012/02/03 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Miranda
[2010/04/27 09:09:56 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\MobMapUpdater
[2011/01/13 03:14:12 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\NCH Swift Sound
[2010/04/21 03:14:45 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Nokia
[2010/02/22 23:41:17 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Nokia Ovi Suite
[2012/01/20 02:30:22 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Nvu
[2011/11/16 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\OpenOffice.org
[2010/02/22 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\PC Suite
[2010/11/30 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\PersBackup5
[2011/03/23 00:13:51 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\PhotoSync
[2011/10/25 23:35:52 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\RCP 6
[2011/11/18 23:13:09 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\redsn0w
[2011/10/03 21:52:59 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\rinsebyreal
[2012/01/17 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\RssBandit
[2011/01/28 15:18:01 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Seagate
[2012/02/06 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\SoftMaker
[2012/02/09 03:29:14 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Stardock
[2010/12/04 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\T-Mobile
[2010/12/18 04:09:02 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\T-Mobile Internet Manager
[2011/01/06 23:24:28 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\TeamViewer
[2011/12/17 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Telekom
[2011/12/17 04:35:59 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Telekom Internet Manager
[2010/02/05 17:09:49 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Thunderbird
[2010/12/15 04:42:14 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\tidysongs16
[2012/01/10 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\toolplugin
[2012/01/15 12:56:24 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Trillian
[2012/03/12 06:38:53 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\TuneUp Software
[2011/01/28 17:44:43 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\WD
[2011/03/25 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Windows Live Writer
[2012/02/15 03:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\WordToPDF
[2010/11/30 01:31:08 | 000,000,000 | ---D | M] -- C:\Users\Rahman\AppData\Roaming\Xilisoft
[2012/04/21 00:47:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Das Extras.txt Log poste ich gleich im nachsten Thread

Ich hoffe ihr könnt mir weiterhelfen.
Ich habe einiges über den Virus gelesen und hoffe, dass ich meinen Rechner nicht neu aufsetzen muss.

michi69 27.04.2012 08:45
Und hier noch das zweite LOG

Extras.txt
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 4/27/2012 3:15:54 AM - Run 2
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\Rahman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 23.59% Memory free
7.89 Gb Paging File | 4.01 Gb Available in Paging File | 50.85% Paging File free
Paging file location(s): e:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 14.70 Gb Free Space | 19.73% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 41.41 Gb Free Space | 4.44% Space Free | Partition Type: NTFS
Drive E: | 208.92 Gb Total Space | 81.66 Gb Free Space | 39.09% Space Free | Partition Type: NTFS
 
Computer Name: SPUTNIK | User Name: Rahman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021757AA-C8EE-44A0-8C6A-27C145BCBC0C}" = lport=35722 | protocol=6 | dir=in | name=photosync |
"{081621D0-981E-4EB3-847D-5DA03A792DBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08669822-97FE-47B7-9158-AB045B422672}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{19212C3C-84D6-4A52-8327-AA3F6D523847}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19C5F5A1-5BBB-4FE7-9D43-B709840B31F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AFFC854-3786-4B09-BF7F-3003A590A0CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{1F11DE9A-22D3-49D5-A2FD-269AF08E5688}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DB305E8-40BE-40B9-A025-B37BE4F0A127}" = rport=10243 | protocol=6 | dir=out | app=system |
"{35D6F950-3703-4A94-BF1A-144697CD47B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E2DBA3F-30E3-4C08-BF42-3006191AF656}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56915D01-78F2-491C-AFD0-12BD6D563363}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5CC1F9B2-3F8E-42BC-904F-72F92268470F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D954935-95CD-48AD-B446-818C3A9ADA77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DB49556-20D3-437F-96C2-BC230BB61465}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{61401B2F-CADD-4007-8B00-50B4F56EA35B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63F4BF32-F17B-46F2-A259-32E36FC66B32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79BFBD8E-E944-4F6B-A43F-ED445EC77CF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CDA2BB8-1545-487E-BCC5-6959E1C8C0C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD77C36E-E5A7-4575-85BE-3C825314B242}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B7B425D9-8DF0-4F24-9111-CE356B4BEB6C}" = rport=138 | protocol=17 | dir=out | app=system |
"{BA71F74E-76FF-43B8-B305-AFB50275CB88}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE7DDB8E-DE0D-4626-B298-285DE5A4C74F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF25CCCA-3768-45F3-BE85-C280921CBA71}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5485C0A-2ACE-4F13-AE2B-C363096954E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6C6A257-8902-41DB-B97B-DFC85712B512}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB276834-1D70-45D7-9804-37897DFFFA8F}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBC73643-8CF5-4520-9225-E5C27DAA0F00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF5F2D48-1B50-4F9B-A426-5966D881624C}" = lport=445 | protocol=6 | dir=in | app=system |
"{F02C9B1E-A85A-4948-B87F-082BDD3EAF80}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00819DCF-C64B-4C40-AD2E-6FBF50FAE68E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{00FDB826-9604-4F65-87DB-4F8A397A7C00}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0183329F-F53B-4184-9403-04E4BD4F34D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{03AC73B3-AB74-49AA-9AA6-98F331178E32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{04580BE4-8893-406B-81D6-C30232071CC3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{04ABE78C-87F9-456A-9627-99304EF1DCFE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{05A8E119-7BF2-4E5A-8B4D-03D0B437428C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{08781D13-8217-462D-9298-5E78E7497715}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0902202D-9208-4213-9E24-4ABED41366DD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{090BA9E1-C4D3-4701-92D7-32FFCE694FD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A172182-8286-4EAF-B214-56F0D67B9E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0C5842BA-1D5C-4002-857A-98DA757899F7}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0D98A1BC-BD25-47B7-BA71-B908865A8A73}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0DF8C64F-1A0A-4BFD-8E91-D2CAFEB8D9C4}" = protocol=17 | dir=in | app=e:\programme\ftp-uploader\ftpuploader.exe |
"{0E30D45C-AEDF-49EF-955D-ACB27DB8B487}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0E78D71F-FE1A-40A4-BECA-A8438B41C763}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{0EA923CD-45C3-4719-966B-6548407CA845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0F76A01D-5396-4857-AB4B-709A1178F3A4}" = protocol=6 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{12BC110D-3122-469E-B6A7-E7D690379C35}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{12E440EE-4F65-4E0B-B0CD-09A2A96227C3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{1315DCFD-0EDA-430D-9B65-C5AF164F7AA9}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{139BED7D-1713-4596-9523-71277B9A608B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{143B9F63-5913-4EDF-A5FF-6E813AF7A6E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14783DD1-406F-4AC6-9611-EDF92CF86DEB}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{15F7B945-C61F-43A2-B20A-0E5E726C6430}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{16D441F0-153E-4EC6-9D30-A2DFF8937646}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{17758446-59B3-4968-8469-7D66A2B6B0A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19F2E277-8F29-4C25-AC8F-68AC51F98290}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1ACF7D25-9A35-4CE4-97E5-71584967A68A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B432697-A4DB-4B4C-8643-3ECDDEC68F2E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{1E7489BA-5D5A-4D71-BDF8-BB4299F7A8CE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{20DE0759-39CB-449F-BDC3-9AF6CC9E6C54}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{212FDF54-41E6-437D-9DC0-87D3F983F3B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{22BF1669-D2CB-4E8E-A1B4-24506A2C0F05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{24FD9F5A-8531-4AB6-AD88-DE6EF9143BAF}" = protocol=6 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"{26A4AB7A-13E8-437C-9A26-656CCCBF368D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{27EBDA86-5ED0-4E80-AAD5-AAC91ABF91A8}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{28494330-D3F6-41E0-883B-89F22C5D1510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A0ADFF9-BD8C-44EA-8996-C2FD9A983638}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{2A8E7F95-3B8A-4A0D-9596-32A0E4E679F2}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{2E61C7D2-886A-4970-9993-87914BF49F3B}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{2FB803A7-D1F6-459C-8D8E-1E6A63A15885}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{32035D65-F707-4C03-AFBE-E532C8215884}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{32CF8404-D680-4F79-B3D0-7CE1CEBD76BC}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{38E5CC09-5821-461F-9FF9-7F7C98593801}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{39ABB0C3-9C8D-42E2-9FA3-34466D052C7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3C148422-631E-4880-90D2-1C8BB6EBB1FA}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{3CB3B186-D7C9-457F-A2A8-D8AB8FBF36D8}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{3CD0CEE0-B6D1-42F9-9085-2AF32D3BF244}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FAD7BBF-F34C-4C4C-80CA-61494E7DC7C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4038142E-8534-4D70-B16F-C22969F13068}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{417A185D-A0CB-4CB1-8F27-41B1A1CF358F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{441C7916-EF3B-4101-8D0B-5B5866708299}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{44306F78-59AA-4951-81F3-8F5FA71124F6}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{44498938-C59C-4123-85AD-B43595E8AE94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{444F650D-CB04-4B83-AC0A-82868237A463}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{4790CD1C-1484-44D4-AF9F-67B78ACABDBE}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{4A4F47B2-8089-4679-A183-3C181C6ACA7C}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{4ABF6997-694B-4646-822D-20C256509415}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{4AD05A30-2D34-414F-882A-E9CCE15562A4}" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{4C655A75-E55E-49E9-9AEA-725AC83B624F}" = protocol=6 | dir=out | app=system |
"{4E74221E-C0E7-4F88-8589-7E72F9F0220F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{5048A4B5-7C3F-4CF8-A318-2915939D628C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5131D381-B2A7-4A5F-A295-E66C45CD2186}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{51857F60-66B7-439E-8141-E73C0AB23503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{52C51A88-64AB-4504-B650-57754CCC81B6}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{53AE5C32-FAC5-40BA-8EC2-1A1BD166AFBE}" = protocol=6 | dir=in | app=c:\program files (x86)\splashdata\splashshopper for iphone\splashshopper desktop.exe |
"{5538EE88-D55F-4E24-8C0D-4D2AD2776C96}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{59406EF4-3860-4D75-B3A1-6A26FCA2E588}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{59574E6C-87F9-4517-960B-1995027D0E0A}" = protocol=17 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe |
"{5B64914B-0EF5-4C2E-88AA-6C7F1AC97CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5CED72D7-1670-47DA-9162-F8AD0ED9A82A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{5D3F2162-05DC-4834-B08D-7135DB8F3681}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D82C1EB-3A71-44E6-9D66-0CAA1F29417D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5E7ABAA5-CCA1-45D1-B84E-1EF347274F07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{5EF10C47-D51E-4251-8EF7-C8E55E9660F2}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{61DCACC4-92E4-4334-BDDD-611F63A7EE32}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{648412ED-B16D-4A64-BF5F-777943D0B816}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{64A30DCF-B278-41EE-9E85-908D40627F88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{64DBF783-D024-48F0-84DB-93FCF87BE5BA}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{64E2E434-21BE-4950-A157-192562666737}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{68B92F2D-8DAD-4AD7-9618-499282E56225}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{68FF1848-AD90-415F-8A0A-6B702DA67555}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{6926DC2B-4B8F-47CD-8C40-8E8C450FCCA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BA78AEA-7254-495D-81AA-0550DC4563AF}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{6CCC3F2E-9BD2-4B78-9CEF-8FDA716C42F9}" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{6CE5E96D-772F-4FC3-BD35-0B88AB06892D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{71747EC6-D7D7-4901-AC35-25F5FA864812}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7198248C-96AB-4048-8628-C17FBEBFA331}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{72B95448-3631-430F-8280-1ABC9B204132}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{72BCA4F9-98EF-40D1-860D-525C387B3094}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{73088DF8-82D6-4195-B9B9-43A860F5E1F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75489286-11C1-43D3-B90E-723E61B57425}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{75F71360-880B-4639-8DBB-D1C5D86E1477}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7620B090-1E2A-4C62-95B9-0B3EECE8C870}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{77DC13A0-28EF-4CE8-9799-0126B56DB181}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{780D1812-CBE3-4077-9D6C-98F8CC350946}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7AB40F16-4402-4719-BF79-6A54328C5F5E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7C074D13-1727-4409-A3B4-B1A57AF85497}" = protocol=17 | dir=in | app=e:\program files (x86)\bittorrent\bittorrent.exe |
"{7D3D532F-1F4A-4EC5-8C4F-A5D02D247ACE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7D4DCB85-257B-4CFE-B3A2-EA7C839318A9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7DDFFA00-E949-469B-B8A1-36CF2F8EE853}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7E0B946A-6018-4140-84D8-7EAE19C991BF}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7E75F993-7FCC-4F6B-8FF5-B15380AE8F47}" = protocol=17 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{7ECDA63A-DC5F-44B6-B3AB-9351B85E7B46}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7F540334-A62B-4487-973E-84F43BEFE9ED}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{7FA5409A-2D25-470D-AB0D-E83A79D03152}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{83AA3446-FE4B-4EBE-8A60-69FCE6269E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{8462C6EB-74A7-4B57-B7D1-C3DC668214DD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{84F0C345-DF2E-412A-80ED-0D9CA598C04A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{86B8B374-9B07-432A-9D88-64ED18E6565F}" = dir=in | app=c:\users\rahman\appdata\local\temp\7zs716d\setup\hpznui40.exe |
"{87E034E4-539E-4F51-93BC-6E732B711294}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{8ACF8480-B0C9-41EB-8D4E-D8CE933D24AA}" = protocol=17 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C1F5E21-C5EC-4752-BCF0-0776D8DA7A94}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{8D4976CC-E4CE-4B75-9D8A-264AD35176E4}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{8FFC5DE0-B807-4A89-A5B3-E3D84274BBD2}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9114DA49-6641-45D0-B919-D0FEF566CC8A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9519D735-7D4A-4095-95D5-52551DAA5500}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{95945119-3047-41D6-BE6E-A1EC022362EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98358A78-F2BC-405D-B2E3-813BB4AD72B2}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9A7B0D92-5301-49F5-BFFF-5E788B8BD748}" = dir=in | app=%systemdrive%\tools\totalcmd\totalcmd.exe |
"{9C041C49-BEDD-4184-A1FC-9A96C14131C3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9ED0E535-C80D-4539-8A45-C2D836B76296}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{9FA06E9C-961A-4176-9823-A28E3D269461}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{9FB144F8-A8CE-4FF6-88C7-0D7D9A88BDBE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A00621E0-B878-40F5-9D65-BACB0DA3CC61}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A5F22054-4349-4EBA-85BE-735AB9408EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\splashdata\splashshopper for iphone\splashshopper desktop.exe |
"{A8F89DB9-E888-400B-AE00-F002FAF06FF9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A9AF36DE-D4A8-4F0C-9DA0-31419C52AB66}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{A9CCA6C6-77CC-42C5-BBA3-ADD1199EC1B6}" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{AC042FCE-34AC-42FC-85B5-AFF046D39D8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{AC236626-7C43-47EB-8197-9A5CCB3FD915}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{AF969B63-3B7E-4EF2-A0D4-6868BBC722C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B02A0B67-2899-4967-A148-747E4E137FC7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B0A989A2-5CAC-45D3-8CF1-510C1F2B2C07}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B18F349B-C54E-467B-80F6-0CBDF00CD802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2452230-BBD1-4D6B-AFE7-CBF76D4A6177}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B52779F1-FDE8-40B9-96EB-C49C115116D8}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B5281240-9659-4618-B6B3-83B99CFA85D9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B5EB5984-38E8-48C6-9D45-D7CDA5E7097A}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B70FB715-7454-4976-A6DB-A21670A7EB62}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{B8B493F3-9B39-48A4-880D-59ECC6C4C17E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BAD15783-95C1-4B2B-8764-1801CC7B4B0E}" = protocol=6 | dir=in | app=e:\programme\ftp-uploader\ftpuploader.exe |
"{BB3E4CED-AEDA-4E44-8992-B5EBB6991F6C}" = protocol=6 | dir=in | app=c:\users\rahman\appdata\local\apps\2.0\lhk6kwkd.lmd\tj2zkc41.pyc\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{BC0CD23A-C648-42F0-8613-341A07A1766F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BDE22C40-3B22-49D9-B5EC-883A0F42829D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BE0352A2-98D3-4171-BFEA-0A178638E3FD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BE23282A-4954-48B8-8AB1-FBD4B9E37218}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{BEEF2B29-1DF6-4C9B-8582-CEAB244B8046}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BF08F666-3C76-4FC4-A7BB-BB23D1C60371}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{BFB16578-C547-4C92-B448-49B74CB79EA2}" = dir=in | app=c:\program files (x86)\skype\ |
"{C11C8D10-947F-44A9-BD32-E8A60DF5E571}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C36149A3-3156-435F-B9D9-F8C16005EC34}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C5B45567-21A2-4ED6-BAB3-B60B9FB93EBC}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C692DA99-797C-4FA7-B1BA-14EAF72E1522}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7986D31-3245-4146-A592-6ABD2257C8EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C97B0867-64B3-4B3A-92FE-346299CBFF00}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C9835078-5D89-471A-8F5B-6600B6B3E62C}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{C9E163CF-963F-493C-9F74-1C29464FBA1B}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{CC76C097-481E-46B1-803C-57E54F8B1F7E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D032E111-2800-49B2-9301-4E702A0EE89B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D0B74D52-C28D-4A40-95D5-9F6E95083D95}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D0FFD8E7-ECA8-43DE-9E0E-032E543E641D}" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe |
"{D260B7D0-C699-46F4-9508-D369A2B6A4CB}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D306E576-68BA-4B9B-971C-6062A0AA3108}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D35EC545-130C-4676-97B8-640D98EC4E0F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D7BA24F7-BF5B-4051-86AA-E42DA2773DA3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{D94010A1-7A79-4909-A27C-A713789D5BFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{DADDC3A8-2A10-4B69-8B46-96B52B7E0EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DB3B3027-EAFC-422A-9362-65F3A7DB360E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{DB5AE90B-CF9C-4735-BA8C-826337DCD009}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC781E3F-E472-4179-BFB5-62CB68AB0BA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DCF1D948-441A-42B1-81EE-AC15539152BB}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{DD2FEA10-C038-488D-A50B-ED0935E0D17A}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{DD6D4BA2-C109-4271-B61C-524E94C87D11}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{DF45DA4F-0359-476B-B1AD-06E64F719841}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E1A4422A-216C-4706-8861-0781EDEAE728}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{E200E6AC-D738-4B41-96E4-592B6EF28F6B}" = protocol=6 | dir=in | app=e:\program files (x86)\bittorrent\bittorrent.exe |
"{E4BECFA1-20FE-4612-AA53-5327E75A534F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E4EDD8FB-6244-4C8E-9DD4-E9F548E437CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{E543624A-E860-4D91-8D17-4600FC8533CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E67BFBEA-D1B4-42C5-B9F9-718701838B54}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E6BDA648-8DE0-4146-AE3C-2DBF159AEFDD}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E8E26653-5071-40A2-9C7A-14387D0C7FCE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{E9309CC8-FC7A-4860-9D7A-8C87DCE14208}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{E960765E-3483-40BD-9E1D-A8FA7F864199}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{EAA99B16-7E8A-43D1-A115-1A341EEE3A2C}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{EB28902F-8977-4C5D-BFA9-1EF70406DD7E}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{ECFFA522-16D9-4B72-AF27-1ACD81801852}" = protocol=6 | dir=in | app=c:\program files\displaylink core software\displaylinkmanager.exe |
"{EDB5DC77-94CD-4586-9D0F-C3EA6FF6A5CC}" = protocol=17 | dir=in | app=c:\program files\displaylink core software\displaylinkmanager.exe |
"{EFBE882C-D736-4292-8AEC-7135F7441A76}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F03D2A46-F186-4525-82BA-659193B97AB6}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F18DA97A-7E9D-47ED-9799-6BFA8953418D}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F92E838E-4933-4CF2-A1DA-16C82CB948F4}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{F95F54D9-825A-4025-A333-CDEFF7CF21AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FA959F18-E6EA-44CD-B60C-E961F80BDA8F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{FC451163-7925-40F3-99C5-FD5EFCAEEDC2}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{FE4414BE-8A45-4F61-B1A4-C97FC0D465AC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FE7A685A-ECAE-49EA-AFCC-05B8633F9BDC}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"{FFA3969F-BCD1-4E6D-B21D-DE5403CC0FD1}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe |
"TCP Query User{0D24EFBE-377B-48EF-84BA-436FC61AFD6D}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe |
"TCP Query User{145554F9-1318-49DA-B23A-7C3196958642}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"TCP Query User{24EC778B-C421-42A4-B982-70AFAFB2156D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{29D43BA8-C4C4-4FCE-BF75-41C295B3955B}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe |
"TCP Query User{396D71DF-0EB0-42A0-9E37-5536104983E1}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe |
"TCP Query User{46913AE2-8AD3-43E6-AAB5-9680E479A44E}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{46E6E5AE-B578-46C0-8972-F17387E4D329}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{5C5400AC-B796-49C2-B0CC-169D1773108E}C:\windows\syswow64\doc2pdf_service.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"TCP Query User{60D813C2-E252-4B43-BE76-3BA70C7CA909}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{64B26007-26E3-4C1D-A59F-8F1715D3E02B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6E026E55-0CE4-4D83-B394-BE603AE739A6}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"TCP Query User{6E270442-E9A5-4FA3-8937-526D95FFF638}C:\tools\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\tools\eclipse\eclipse.exe |
"TCP Query User{775521D9-F24C-4661-9B9F-3B3B41D2B8B7}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=6 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"TCP Query User{787032D3-B377-41E2-BF55-3C4CC677FAC5}G:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=g:\wd discovery software\wd discovery.exe |
"TCP Query User{82045D52-8BFB-429F-A5B6-670BFE4B58FD}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe |
"TCP Query User{85CD862F-7553-4EB7-B84F-8F25CDCD5C44}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe |
"TCP Query User{88C2C1BB-BFE0-45DE-9221-843964FBDD0A}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"TCP Query User{8AF55983-8D64-40E6-9BEA-2E06689C091D}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe |
"TCP Query User{8E6AFA0D-C977-4AE9-A193-92A83FF2947A}E:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{8E7196B5-1146-4DF9-84AA-580200541002}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe |
"TCP Query User{94DA3D38-16A5-4DA5-9D9C-7FC1CD11C2E5}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{976005B3-084D-4883-8C69-DD6544A51879}E:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{9E06C501-D98E-4FE8-8396-D96E1C35ABBA}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{9E585DBD-9D31-4F39-BB14-02151822BAA0}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=6 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"TCP Query User{9F5C8A23-9248-4B05-9295-0DE835EE2635}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{AAB0DC68-FDF5-47EE-8F02-BD805AFD6988}C:\tools\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"TCP Query User{ABA34A84-AF9C-446D-979A-25E4522B157F}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{ACD75B99-008B-4FA0-B3ED-E1141F27FAA4}E:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=e:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{B1029FC1-127D-454E-888D-004B761C11D9}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe" = protocol=6 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe |
"TCP Query User{B4FAD8DE-93C1-44EB-AC99-1A2DBB895BC5}C:\users\rahman\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\rahman\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B9AA430C-D49C-4ED2-A0C0-E922B5175723}C:\tools\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"TCP Query User{C8660145-0788-47D0-BDD9-48DA0289AA8E}C:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe |
"TCP Query User{CE3F9C3A-E8B9-4E4A-9A67-F5D36164B686}C:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D08EE191-B152-4071-BB0C-6B3B4DEBAA46}E:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{D396FEDE-27BE-42E4-94B4-4D8BF08054E3}E:\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\repair.exe |
"TCP Query User{D70B0D54-FEFC-4EA1-86E6-E9F49BB082FA}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{E13D09AE-7D4D-4629-B6A4-63EDD11CDEA7}C:\windows\syswow64\doc2pdf_service.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"TCP Query User{EA03F60B-81B3-4F9E-9D20-A68EF2F60023}C:\program files (x86)\java\jdk1.6.0_20\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\java.exe |
"TCP Query User{F8A59106-6731-422D-B6A0-5AF402E59B07}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"UDP Query User{059AC2C2-F3D9-4639-B3E6-088283F93426}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{237F82E5-C140-4775-95AD-4B81A9EBE775}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{2A2B5EE6-98A8-4F86-AA8B-48ED41726E07}C:\tools\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"UDP Query User{38C68CB6-7D43-46C1-A9A2-06C82FEDCCFF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4BABAB24-92D7-4C01-851B-0347CC84AE15}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"UDP Query User{56FD95AA-DB3F-467E-A008-BB50D7AF5723}E:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{585CEDA4-FE04-4FBE-B07E-A22475C99965}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"UDP Query User{6A5FC119-456B-4562-A478-50F15394B39D}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\inputpanel.exe |
"UDP Query User{6F6CA0E3-D7FC-4F5D-860C-6B3DB656AE27}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\animatedtiles.exe |
"UDP Query User{705AA028-2446-426B-86E4-24F3A9EA520B}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{71ABBD0F-CFD9-4D03-B1E7-C336F9F41B13}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\fttt.exe |
"UDP Query User{758A8B1E-0D28-449D-A6FB-F0A0490AB8FE}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{774FC265-D624-4BEA-B263-44DDD9BB3BC2}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\analogclock.exe |
"UDP Query User{774FC8E8-9931-49C3-B6C3-504603C3D3E3}C:\users\rahman\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\rahman\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{8460E644-7D1B-47D0-AFD1-83D7EFE4A5EB}C:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rahman\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{85336369-3959-4920-8782-022A5968FB29}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=17 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"UDP Query User{8D81D673-6DBF-477E-B952-5E8143A57E5E}C:\tools\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\tools\totalcmd\totalcmd.exe |
"UDP Query User{8E0D6B3B-183A-4DE8-B60A-BDAFFEB66B07}E:\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\repair.exe |
"UDP Query User{92742F24-EB43-45C2-9EEF-DE2833B04E1D}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"UDP Query User{965F9B41-C61F-4B97-A01C-99759990472A}E:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=e:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{9FDFCD91-7AC0-4C5C-9F7D-59F863696177}C:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\javaw.exe |
"UDP Query User{A32DFFFD-D6D0-46E1-804D-5FC0F28DC5B6}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{A38B33BA-8FB2-4B2A-9A8B-AD4604279730}C:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe" = protocol=17 | dir=in | app=c:\tools\touchosc-editor-1.5.3-win32\touchosceditor.exe |
"UDP Query User{B4362D99-3AE5-451A-AD9B-4844C536F711}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\qts60aoexample.exe |
"UDP Query User{BF4C40D7-F390-4E71-97A0-3D70C3CEB226}C:\windows\syswow64\doc2pdf_service.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"UDP Query User{BFF935BB-4EBA-4FE7-9A93-BB9DA59F6105}C:\windows\syswow64\doc2pdf_service.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\doc2pdf_service.exe |
"UDP Query User{C508BBD2-022C-43D9-80E5-B6968DB2AA08}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{C52F0F04-51A6-41F7-926D-D0C15A860CF7}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{CF645C23-9225-47A3-A368-B2A89154D185}E:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D12499C7-584B-47A3-BD02-8F71D405BE34}C:\tools\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\tools\eclipse\eclipse.exe |
"UDP Query User{D3E09174-1C79-4FDD-A4CB-0CEEE723AC9D}C:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\jre\bin\java.exe |
"UDP Query User{D7A439E3-6710-406A-9F53-8D8CD611123C}G:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=g:\wd discovery software\wd discovery.exe |
"UDP Query User{DD078CC2-03F2-42AD-B5D4-A8DFA6921A47}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E28674E2-965B-45BE-AF08-E60B9BD9E0F6}C:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe" = protocol=17 | dir=in | app=c:\s60\devices\s60_5th_edition_sdk_v1.0\epoc32\release\winscw\udeb\basiclayouts.exe |
"UDP Query User{E6930D47-7FED-42B3-9D7A-2C199F5F2849}C:\program files (x86)\servetome\contents\windows\servetome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\servetome\contents\windows\servetome.exe |
"UDP Query User{ECEC0DB7-89CD-4369-A7AF-0ACB8C225CB4}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe |
"UDP Query User{ED778649-B659-477F-88FF-9F0CAEFBA494}E:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"UDP Query User{FC58D2F1-C384-415F-9EA0-C6BAE83FF65F}C:\program files (x86)\java\jdk1.6.0_20\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_20\bin\java.exe |
"UDP Query User{FEE59B30-C447-4590-B49F-4F0162FC0CC2}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour-Druckdienste
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{621B8613-153C-46CC-BA86-BDBCA6C96C7B}" = DisplayLink iPad Software
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE6790D2-29EA-4642-A2AD-B6852F82F66E}" = DisplayLink Graphics
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D92C2B8D-F372-4920-BDB3-AA0BDD613BC2}" = PhotoSync
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ICP install2_is1" = ICP 9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB_AUDIO_DEusb-audio.deRLDJIF2" = Digital Jockey - IE2
"Vim 7.3" = Vim 7.3 (self-installing)
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.05.02.02
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{091FACEE-A240-42D4-AD71-26E8DFB38F43}" = GO Contact Sync Mod
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBE6C15-21D4-4F88-AB52-72446A6C6429}" = RssBandit
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{60D6618B-153F-4353-8185-908E676E5888}" = ASUS FancyStart
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{968A6AD3-E1BB-290E-D92B-AA9AB2702080}" = Rinse
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD937297-84C3-41A5-B5DF-1FAEEE669D68}" = rtpMIDI
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1Password_is1" = 1Password 1.0.9.291
"7-Zip" = 7-Zip 9.20
"Ableton Live_is1" = Ableton Live v6.0.7
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All Free DVD Ripper_is1" = All Free DVD Ripper 5.2.6
"ASIO4ALL" = ASIO4ALL
"ASUS_ScreenSaver_GSeries" = ASUS_ScreenSaver_GSeries
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"BitTorrent" = BitTorrent
"conduitEngine" = Conduit Engine
"DealBulldog Toolbar" = DealBulldog Toolbar
"Doro_is1" = Doro 1.54
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Freeware Faktura" = Freeware Faktura 2012.01.25
"ftp-uploader" = ftp-uploader
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"GPL Ghostscript 9.05" = GPL Ghostscript
"HandBrake" = HandBrake 0.9.5
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 3.2.1.0)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MenuCommander_is1" = LaunchBar Commander 1.129.01
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.42
"MobMap_is1" = MobMap 3.53
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nvu_is1" = Nvu 1.0
"OpenSSL Light (32-bit)_is1" = OpenSSL 1.0.0g Light (32-bit)
"pd_is1" = Pd-0.42.5-extended
"Picasa 3" = Picasa 3
"rinsebyreal" = Rinse
"ServeToMe_is1" = ServeToMe 3.6.4.4
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"SplashShopper iPhone Desktop" = SplashShopper iPhone Desktop 3.0.2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 7" = TeamViewer 7
"Telekom Internet Manager" = Telekom Internet Manager
"Temp File Cleaner" = Temp File Cleaner
"TextMaker Viewer" = TextMaker Viewer
"Totalcmd" = Total Commander (Remove or Repair)
"touchAble Server & Scripts 1.2.0-r1" = touchAble Server & Scripts
"Trillian" = Trillian
"VMware_Player" = VMware Player
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinHotKey_is1" = WinHotKey 0.70
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Softonic Toolbar Updater
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

markusg 27.04.2012 13:20
hi
vorbereitung:
lade lspfix:
LSPfix - Freeware - DE - Download.CHIP.eu
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\aptwbvy8v.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\SysWOW64\d3dyxom5s.dll ()

 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.


führe lspfix aus
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

michi69 27.04.2012 15:21
Hallo,

erstmal danke für die prompte Hilfe.

Das upload des ZipFiles hat geklappt.

Das packen der Ordners MovedFiles hat nicht ganz geklappt
Eine Datei

C:\_OTL\MovedFiles\04272012_160433\C_Windows\SysNative\aptwbvy8v.dll

konnte nicht geöffnet werden und wurde dem zip file nicht hinzugefügt.
Ich habe die Datei mit Antivit in den QUarantänebereich verschoben.

Hier die Meldung von Antivir

Name: TR/Mediyes.EB.1
Entdeckt am: 24/04/2012
Art: Trojan
In freier Wildbahn: Nein
Gemeldete Infektionen: Niedrig
Verbreitungspotenzial: Niedrig
Schadenspotenzial: Niedrig
Dateigröße: 289280 Bytes
MD5 Prüfsumme: 130ca53bb6f270a54cab5db7545b8c50
VDF Version: 7.11.28.140 - Dienstag, 24. April 2012
IVDF Version: 7.11.28.140 - Dienstag, 24. April 2012

Und hier der Text der Datei die nach dem Neustart des Rechners geöffnet wurde
Code:
All processes killed
========== OTL ==========
Error: Unable to stop service LanmanWorkstation!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully.
C:\Windows\SysNative\aptwbvy8v.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000011\ deleted successfully.
File C:\Windows\SysWOW64\d3dyxom5s.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: admin
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Public
 
User: Rahman
->Flash cache emptied: 14305 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: admin
 
User: All Users
 
User: AppData
 
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Rahman
->Temp folder emptied: 31631084 bytes
->Temporary Internet Files folder emptied: 218636070 bytes
->Java cache emptied: 351427 bytes
->FireFox cache emptied: 722774230 bytes
->Google Chrome cache emptied: 281886657 bytes
->Apple Safari cache emptied: 874496 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1986121 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1266902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102427 bytes
RecycleBin emptied: 6247748626 bytes
 
Total Files Cleaned = 7,160.00 mb
 
 
OTL by OldTimer - Version 3.2.42.1 log created on 04272012_160433

Files\Folders moved on Reboot...
C:\Users\Rahman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3536.log moved successfully.

Registry entries deleted on Reboot...

markusg 27.04.2012 16:35
ok thx
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

michi69 28.04.2012 00:34
So, habe Combofix ausgeführt und hier das Ergebnis:

[CODE]

Combofix Logfile:
Code:
ComboFix 12-04-27.02 - Rahman 28.04.2012  0:47.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4085.2648 [GMT 2:00]
ausgeführt von:: c:\users\Rahman\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\CustomTabPage.dll
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbhelper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\programdata\FullRemove.exe
c:\users\Rahman\AppData\Local\TempDIR
c:\users\Rahman\AppData\Roaming\.#
c:\users\Rahman\AppData\Roaming\Mozilla\Firefox\Profiles\bzar4i1z.rachi\weave\toFetch
c:\windows\IsUn0407.exe
c:\windows\jestertb.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\SysWow64\dlumd10.dll
c:\windows\SysWow64\dlumd11.dll
c:\windows\SysWow64\dlumd9.dll
E:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-27 bis 2012-04-27  ))))))))))))))))))))))))))))))
.
.
2012-04-27 14:10 . 2012-04-27 14:10        --------        d-----w-        c:\users\Rahman\AppData\Roaming\EurekaLog
2012-04-27 14:04 . 2012-04-27 14:15        --------        d-----w-        C:\_OTL
2012-04-25 23:49 . 2012-04-25 23:49        --------        d-----w-        c:\users\Rahman\AppData\Local\FeedDemon
2012-04-25 23:49 . 2012-04-25 23:49        --------        d-----w-        c:\program files (x86)\FeedDemon
2012-04-25 09:25 . 2012-04-25 09:26        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 09:25 . 2012-04-25 09:25        157352        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 09:25 . 2012-04-25 09:25        129976        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 15:22 . 2012-03-06 06:53        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-24 15:22 . 2012-03-06 05:59        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-04-24 15:22 . 2012-03-06 05:59        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-04-24 15:17 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-24 15:17 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-24 15:17 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-04-24 15:17 . 2012-03-01 06:38        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-24 15:17 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-04-24 15:17 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-04-24 15:17 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-04-13 02:35 . 2012-04-20 01:36        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-13 02:10 . 2012-04-13 02:10        388096        ----a-r-        c:\users\Rahman\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-13 01:57 . 2012-04-13 01:57        --------        d-----w-        c:\program files (x86)\Ask.com
2012-04-13 01:56 . 2012-04-13 01:57        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-30 14:24 . 2012-03-30 14:24        --------        d-----w-        c:\program files\iPod
2012-03-30 14:24 . 2012-03-30 14:24        --------        d-----w-        c:\program files\iTunes
2012-03-30 14:24 . 2012-03-30 14:24        --------        d-----w-        c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 23:26 . 2010-03-27 14:04        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-04-20 01:36 . 2011-05-30 00:32        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-18 01:03 . 2010-04-20 20:55        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2011-09-22 19:38        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12        4435968        ----a-w-        c:\windows\SysWow64\GPhotos.scr
2012-02-17 06:38 . 2012-03-14 05:25        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:25        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:25        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:25        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01        52736        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-02-12 14:55 . 2012-02-12 14:55        0        ----a-w-        c:\windows\system32\dlumd9.dll
2012-02-12 14:55 . 2012-02-12 14:55        0        ----a-w-        c:\windows\system32\dlumd11.dll
2012-02-12 14:55 . 2012-02-12 14:55        0        ----a-w-        c:\windows\system32\dlumd10.dll
2012-02-10 06:36 . 2012-03-14 05:25        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:25        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 05:25        3145728        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51        3911776        ----a-w-        c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 13:51        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MtdAcqu"="c:\program files (x86)\Creative\MediaSource5\MtdAcqu.exe" [2008-10-30 278528]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files (x86)\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"GoogleContactSync"="e:\program files (x86)\WebGear\GO Contact Sync\GOContactSync.exe" [2012-01-18 862208]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"WinHotKey"="e:\program files (x86)\WinHotKey\WinHotKey.exe" [2004-11-11 480768]
"LaunchBarCommander"="e:\program files (x86)\LaunchBarCommander\LaunchBarCommander.exe" [2011-11-21 4483072]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-02 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"Jomantha"="c:\tools\n52te\razerhid.exe" [2007-12-12 163840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]
"DataCardMonitor"="c:\program files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-12-17 253952]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2012-03-31 2204424]
"EasyMessage"="e:\program files (x86)\Easy Message\em2.exe" [2004-06-27 538624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Rahman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rahman\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-15 1207312]
Miranda IM.lnk - e:\program files (x86)\Miranda IM\miranda32.exe [2012-1-23 820309]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 253088]
R3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\DRIVERS\bomebus.sys [x]
R3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-18 79360]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.24075.0.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GETPADD64;GETPADD64;c:\program files (x86)\ASUS\WinFlash\GETPADD64.SYS [2007-09-04 13880]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:\windows\system32\drivers\ipmidi.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RL_DJIFIE2_MIDI;Digital Jockey - IE2 WDM MIDI Device;c:\windows\system32\drivers\rldjif2m.sys [x]
R3 RL_DJIFIE2_USB;usb-audio.de driver for Reloop Digital Jockey - IE2;c:\windows\system32\Drivers\rldjif2u.sys [x]
R3 RL_DJIFIE2_WDM;Digital Jockey - IE2 WDM Audio;c:\windows\system32\drivers\rldjif2a.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe [2012-03-31 768776]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848]
S2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~2\GFI\GFIBAC~1\GFIHInst.exe [2010-07-30 858480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:36]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 03:40]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-11 03:40]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001Core.job
- c:\users\Rahman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 03:08]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097918765-73550788-2010583491-1001UA.job
- c:\users\Rahman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 03:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        97792        ----a-w-        c:\users\Rahman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"combofix"="c:\combofix\CF10694.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{AC877D46-89A1-4D1E-91E1-BDB49287334D}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Rahman\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: In RSS Bandit abonnieren - c:\users\Rahman\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8}
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8CAD134E-017D-469B-91D3-CFE3E4D3594D}: NameServer = 10.111.81.129 10.129.32.1
TCP: Interfaces\{BC6A3074-1BDD-415A-A80F-91AB11E2A17D}: NameServer = 10.111.81.129 10.129.32.1
FF - ProfilePath - c:\users\Rahman\AppData\Roaming\Mozilla\Firefox\Profiles\bzar4i1z.rachi\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
Toolbar-Locked - (no file)
Notify-LBTWlgn - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3097918765-73550788-2010583491-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96657FD0-477C-D1F4-1A9A-B0BA7C3D579C}*]
@Allowed: (Read) (RestrictedCode)
"oaicmhbkmbnepodnjaaonclfihgbhl"=hex:64,61,69,61,6d,66,63,64,00,fc
"oaeddlllejndjhbmjpnffdilnoohnd"=hex:6b,61,6c,61,69,66,6c,62,66,6b,6f,61,6f,6d,
  68,6c,6e,64,6c,6a,62,6f,00,00
"naoajkielloemabklbbgjihiaibd"=hex:6b,61,6c,61,69,66,6c,62,66,6b,6f,61,6f,6d,
  68,6c,6e,64,6c,6a,62,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~2\GFI\GFIBAC~1\GFIHSC~1.EXE
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-28  01:27:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-27 23:27
.
Vor Suchlauf: 19 Verzeichnis(se), 18.644.316.160 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 18.004.942.848 Bytes frei
.
- - End Of File - - CB8E68791B9A697628C817D047DAF936
--- --- ---

markusg 30.04.2012 15:42
hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

michi69 01.05.2012 13:17
Maleware ist durchgelaufen und hat keinen Fehler gefunden.

Hier das Log:

Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rahman :: SPUTNIK [Administrator]

01.05.2012 10:56:50
mbam-log-2012-05-01 (10-56-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 928638
Laufzeit: 2 Stunde(n), 59 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 01.05.2012 16:33
hi,
gabs noch avira funde?

lade den CCleaner standard:
CCleaner Download - CCleaner 3.18.1707
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

michi69 02.05.2012 02:11
Hi,

also Antivir hat seit meiner ersten Aktion die ihr mir hier im Forum aufgetragen habt keine Meldung mehr gebracht.

Hier die Liste meine Programme

Code:
1Password 1.0.9.291        AgileBits        03.04.2012        26,1MB        notwendig
7-Zip 9.20                15.11.2011                notwendig
Ableton Live v6.0.7        AiR, Inc.        07.10.2011        notwendig       
Acrobat.com        Adobe Systems Incorporated        17.11.2009        1,61MB        1.6.65 notwendig
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        17.11.2009                unbekannt
Adobe AIR        Adobe Systems Incorporated        02.10.2011                2.7.1.19610 notwendig
Adobe Download Manager        NOS Microsystems Ltd.        25.10.2010                1.6.2.91 notwendig
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        11.01.2011                10.0.12.36 notwendig
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        19.04.2012        6,00MB        11.2.202.233 notwendig
All Free DVD Ripper 5.2.6        AllFreeVideoSoft Co., Ltd.        15.02.2011        26,6MB        notwendig
Apple Application Support        Apple Inc.        11.03.2012        61,0MB        2.1.7 notwendig
Apple Mobile Device Support        Apple Inc.        11.03.2012        24,9MB        5.1.1.4 notwendig
Apple Software Update        Apple Inc.        12.11.2011        2,38MB        2.1.3.127 notwendig
ASIO4ALL        Michael Tippach        15.09.2011                2.10 notwendig
ASUS AI Recovery        ASUS        17.11.2009        2,89MB        1.0.6 notwendig
ASUS FancyStart        ASUSTeK Computer Inc.        17.11.2009        10,5MB        1.0.5 notwendig
ASUS LifeFrame3        ASUS        17.11.2009        27,7MB        3.0.20 notwendig
ASUS Live Update        ASUS        17.11.2009                2.5.9 notwendig
ASUS Power4Gear Hybrid        ASUS        17.11.2009        10,8MB        1.1.22 notwendig
ASUS SmartLogon        ASUS        17.11.2009        10,9MB        1.0.0007 notwendig
ASUS Splendid Video Enhancement Technology        ASUS        17.11.2009        24,4MB        1.02.0028 notwendig
ASUS Virtual Camera        asus        17.11.2009        3,15MB        1.0.17 notwendig
ASUS_ScreenSaver_GSeries                17.11.2009                unbekannt
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver        Atheros Communications Inc.        17.11.2009                1.0.0.7 notwendig
ATK Generic Function Service        ATK        17.11.2009                1.00.0008 unbekannt
ATK Hotkey        ASUS        17.11.2009        5,70MB        1.0.0050 notwendig
ATKOSD2        ASUS        17.11.2009        8,08MB        7.0.0005 unbekannt
Audacity 1.3.12 (Unicode)        Audacity Team        03.12.2010        32,6MB        notwendig
Avira AntiVir Personal - Free Antivirus        Avira GmbH        12.02.2012        61,8MB        10.2.0.707notwendig
AviSynth 2.5                25.02.2010                notwendig
BeatportDownloader        Beatport LLC        01.12.2010                1.003 notwendig
BitTorrent        BitTorrent Inc.        21.01.2012                7.6.0 notwendig
Bonjour        Apple Inc.        12.11.2011        2,00MB        3.0.0.10 notwendig
Bonjour-Druckdienste        Apple Inc.        12.11.2011        3,21MB        2.0.2.0 notwendig
CCleaner        Piriform        01.05.2012                3.18 notwendig
ControlDeck        ASUS        17.11.2009        1,82MB        1.0.4 notwendig
Creative MediaSource 5        Creative Technology Limited        17.11.2009                5.00 unbekannt
CyberLink LabelPrint        CyberLink Corp.        17.11.2009        88,6MB        2.5.1720 notwendig
CyberLink Power2Go        CyberLink Corp.        17.11.2009        108,1MB        6.1.2713 notwendig
Debugging Tools for Windows (x64)        Microsoft Corporation        12.01.2011        39,8MB        6.12.2.633 unbekannt
DHTML Editing Component        Microsoft Corporation        19.12.2011        0,54MB        6.02.0001 notwendig
Digital Jockey - IE2                20.11.2010                notwendig
DisplayLink Core Software        DisplayLink Corp.        11.02.2012        20,9MB        5.6.31854.0 notwendig
DisplayLink Graphics        DisplayLink Corp.        19.01.2010        1,93MB        5.2.21675.0 notwendig
DisplayLink iPad Software        DisplayLink Corp.        11.02.2012        1,30MB        5.6.33227.0 notwendig
Doro 1.54        CompSoft        22.03.2010                notwendig
Driver Sweeper 2.1.0        Phyxion.net        25.08.2010                unbekannt
Dropbox        Dropbox, Inc.        28.02.2012                1.2.52 notwendig
DVD Shrink 3.2        DVD Shrink        17.02.2011                notwendig
Express Gate        DeviceVM, Inc.        17.11.2009        383MB        1.2.13.23 unbekannt
Fast Boot        ASUS        17.11.2009        1,45MB        1.0.4 unbekannt
FeedDemon        NewsGator Technologies, Inc.        25.04.2012        11,9MB        4.0.0.22 notwendig
Foxit Reader        Foxit Corporation        07.12.2010        11,1MB        4.3.0.1110 notwendig
Freeware Faktura 2012.01.25        IT-Service Christian Hau        10.02.2012                2012.01.25 notwendig
ftp-uploader        Firma Gregor Schommer Systemberatung, Raderthaler Str. 31, D-50968 Köln        22.01.2012                3.3.0.0 notwendig
GFI Backup 2009 - Home Edition        GFI Software Ltd.        05.12.2010                3.0 notwendig
GIMP 2.6.11        The GIMP Team        25.10.2011        107,7MB        2.6.11 notwendig
GO Contact Sync Mod        WebGear, Create Software, Stru.be, saller.NET        14.01.2012        2,76MB        3.5.7 notwendig
Google Chrome        Google Inc.        15.01.2010                18.0.1025.162 notwendig
GPL Ghostscript        Artifex Software Inc.        14.02.2012                9.05 notwendig
GPL Ghostscript        Artifex Software Inc.        25.10.2011                9.04 notwendig
HP Customer Participation Program 13.0        HP        21.02.2012                13.0 notwendig
HP Imaging Device Functions 13.0        HP        21.02.2012                13.0 notwendig
HP Photosmart All-In-One Driver Software 13.0 Rel. 2        HP        21.02.2012                13.0 notwendig
HP Smart Web Printing 4.51        HP        21.02.2012                4.51 notwendig
HP Solution Center 13.0        HP        21.02.2012                13.0 notwendig
HP Update        Hewlett-Packard        23.02.2012        3,98MB        5.003.001.001 notwendig
iCloud        Apple Inc.        11.03.2012        33,2MB        1.1.0.40 notwendig
ICP 9.0                24.10.2011        0,91MB        unbekannt
ImageConverter Plus 8.0        fCoder Group, Inc.        24.10.2011        75,2MB        8.0.105 (build: 110201) notwendig
IrfanView (remove only)        Irfan Skiljan        20.09.2011        1,50MB        4.30 notwendig
iSkysoft Video Converter Ultimate(Build 3.2.1.0)        iSkysoft Software        23.12.2011        111,5MB        notwendig
iTunes        Apple Inc.        29.03.2012        156,9MB        10.6.1.7 notwendig
Java(TM) 6 Update 22        Oracle        15.11.2011        97,1MB        6.0.220 notwendig
Java(TM) 6 Update 31        Oracle        17.04.2012        95,1MB        6.0.310 notwendig
Java(TM) SE Development Kit 6 Update 20        Sun Microsystems, Inc.        19.04.2010        140,8MB        1.6.0.200 notwendig
Juniper Networks Host Checker        Juniper Networks        15.01.2010                6.3.0.14357 notwendig
Juniper Networks Setup Client        Juniper Networks        15.01.2010        0,78MB        1.3.2.12875 notwendig
Juniper Networks Setup Client Activex Control        Juniper Networks        15.01.2010                1.3.1.6 notwendig
LaunchBar Commander 1.129.01                08.02.2012        6,55MB        notwendig
Logitech SetPoint        Logitech        14.01.2010        17,00KB        4.80 notwendig
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        29.04.2012        18,0MB        1.61.0.1400 notwendig
Media Player Classic - Home Cinema v1.4.2499.0        MPC-HC Team        28.12.2010        30,9MB        1.4.2499.0 unbekannt
Medieval CUE Splitter        Medieval Software        14.12.2010        1,66MB        1.2.0 unbekannt
Memeo Instant Backup        Memeo Inc.        29.01.2011                4.60.0.7876 notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        08.07.2010        38,8MB        4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        12.01.2011        2,94MB        4.0.30319 notwendig
Microsoft .NET Framework 4 Extended        Microsoft Corporation        12.01.2011        52,0MB        4.0.30319 notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        12.01.2011        10,7MB        4.0.30319 notwendig
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        05.01.2012        83,5MB        4.0.30319 notwendig
Microsoft Help Viewer 1.1        Microsoft Corporation        22.01.2012        3,97MB        1.1.40219 notwendig
Microsoft Office Enterprise 2007        Microsoft Corporation        06.12.2011                12.0.6612.1000 notwendig
Microsoft Office File Validation Add-In        Microsoft Corporation        09.10.2011        7,95MB        14.0.5130.5003 notwendig
Microsoft Office Live Add-in 1.5        Microsoft Corporation        02.06.2010        0,50MB        2.0.4024.1 notwendig
Microsoft Office Outlook Connector        Microsoft Corporation        21.03.2011        3,36MB        14.0.5118.5000 notwendig
Microsoft Silverlight        Microsoft Corporation        17.02.2012        220MB        4.1.10111.0 notwendig
Microsoft Speech Recognition Engine 4.0 (English)                13.05.2010                notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        14.01.2010        1,72MB        3.1.0000 notwendig
Microsoft SQL Server 2008 (64-bit)        Microsoft Corporation        05.01.2012                notwendig
Microsoft SQL Server 2008 Browser        Microsoft Corporation        05.01.2012        8,00MB        10.1.2531.0 notwendig
Microsoft SQL Server 2008 Native Client        Microsoft Corporation        05.01.2012        7,08MB        10.1.2531.0 notwendig
Microsoft SQL Server VSS Writer        Microsoft Corporation        05.01.2012        3,59MB        10.1.2531.0 notwendig
Microsoft Visual C# 2010 Express - DEU        Microsoft Corporation        22.01.2012                10.0.40219 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        15.01.2010        0,25MB        8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        15.01.2010        0,25MB        8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        26.07.2011        0,29MB        8.0.61001 notwendig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        14.01.2010        0,69MB        8.0.61000 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        22.01.2010        0,21MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        18.02.2010        0,20MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        21.01.2010        0,77MB        9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        14.11.2011        0,23MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        26.07.2011        0,77MB        9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        17.02.2010        4,96MB        9.0.21022 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        14.11.2011        0,22MB        9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        26.07.2011        0,59MB        9.0.30729.6161 notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        07.09.2011        13,7MB        10.0.30319 notwendig
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219        Microsoft Corporation        22.01.2012        33,5MB        10.0.40219 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        07.09.2011        11,0MB        10.0.30319 notwendig
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219        Microsoft Corporation        22.01.2012        26,3MB        10.0.40219 notwendig
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU        Microsoft Corporation        22.01.2012        21,7MB        10.0.40219 notwendig
Microsoft Visual Studio 2010 Service Pack 1        Microsoft Corporation        22.01.2012        76,0MB        10.0.40219 notwendig
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)        Microsoft Corporation        22.01.2012                10.0.31119 notwendig
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU        Microsoft Corporation        22.01.2012                10.0.31007 notwendig
Microsoft Windows SDK for Windows 7 (7.1)        Microsoft Corporation        12.01.2011                7.1.7600.0.30514 notwendig
MIDI Yoke        JOConnell        07.10.2011        25,00KB        1.75.53 notwendig
MIDI-OX        MIDIOX Computing        07.10.2011        1,99MB        7.02.372 notwendig
MiKTeX 2.9        MiKTeX.org        22.05.2011                2.9 notwendig
Miranda IM 0.9.42                02.02.2012                notwendig
Move Networks Media Player for Internet Explorer                15.01.2010                unbekannt
Mozilla Firefox 12.0 (x86 de)        Mozilla        24.04.2012        37,8MB        12.0 notwendig
Mozilla Maintenance Service        Mozilla        24.04.2012        0,21MB        12.0 notwendig
Mozilla Thunderbird 11.0.1 (x86 de)        Mozilla        29.03.2012        37,5MB        11.0.1notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        25.02.2010        1,28MB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.02.2010        1,33MB        4.20.9876.0 unbekannt
n52te Editor        Razer USA Ltd.        14.01.2010                5.01 notwendig
Native Instruments Controller Editor                21.11.2010                notwendig
Native Instruments Controller Editor        Native Instruments        01.12.2010                notwendig
Native Instruments Service Center                21.11.2010                notwendig
Native Instruments Service Center        Native Instruments        01.12.2010        notwendig       
Native Instruments Traktor                30.11.2010                notwendig
Native Instruments Traktor        Native Instruments        01.12.2010                notwendig
NVIDIA Display Control Panel        NVIDIA Corporation        25.10.2010        135,0MB        6.14.12.5896 notwendig
NVIDIA Drivers        NVIDIA Corporation        25.10.2010        63,0MB        1.10.62.40 notwendig
Nvu 1.0        Thorsten Fritz        20.09.2011                1.0 notwendig
OCR Software by I.R.I.S. 13.0        HP        21.02.2012                13.0 notwendig
OpenSSL 1.0.0g Light (32-bit)        OpenSSL Win32 Installer Team        02.02.2012        4,39MB        notwendig
Phase 5 HTML-Editor        Systemberatung Schommer        03.08.2011        3,72MB        5.6.2.3 notwendig
PhotoSync        touchbyte GmbH        07.09.2011        3,59MB        1.4.0 notwendig
Picasa 3        Google, Inc.        22.12.2010                3.8 notwendig
QuickTime        Apple Inc.        21.11.2011        73,3MB        7.71.80.42 notwendig
RICOH R5U230 Media Driver ver.2.05.02.02        RICOH        17.11.2009                2.05.02.02 unbekannt
rtpMIDI        Tobias Erichsen        30.08.2011        2,49MB        1.0.6.219 notwendig
Safari        Apple Inc.        29.03.2012        104,3MB        5.34.55.3 notwendig
Seagate Dashboard        Memeo Inc.        04.09.2011                1.1.0.1421 notwendig
ServeToMe 3.6.4.4                11.09.2011        18,0MB        notwendig
Shop for HP Supplies        HP        21.02.2012                13.0 unbekannt
Skype web features        Skype Technologies S.A.        15.01.2010        4,95MB        1.0.3971 notwendig
Skype™ 4.1        Skype Technologies S.A.        14.01.2010        31,1MB        4.1.179 notwendig
Sound Blaster Audigy HD        Creative Technology Limited        17.11.2009                1.0 notwendig
Spybot - Search & Destroy        Safer Networking Limited        10.10.2010                1.6.2 notwendig
Synaptics Pointing Device Driver        Synaptics Incorporated        17.11.2009                14.0.1.1 unbekannt
TeamSpeak 2 RC2        Dominating Bytes Design        14.01.2010                2.0.32.60 notwendig
TeamSpeak 3 Client        TeamSpeak Systems GmbH        21.01.2010                notwendig
TeamViewer 7        TeamViewer        15.01.2012                7.0.12313 notwendig
Telekom Internet Manager        Huawei Technologies Co.,Ltd        16.12.2011                11.301.05.04.748 notwendig
Temp File Cleaner                22.01.2012                unbekannt
TextMaker Viewer        SoftMaker Software GmbH        05.02.2012        notwendig       
Total Commander (Remove or Repair)        Ghisler Software GmbH        14.01.2010                7.50a notwendig
touchAble Server & Scripts        AppBC        16.09.2011        9,19MB        1.2.0-r1 notwendig
Trillian        Cerulean Studios, LLC        07.01.2012                notwendig
Turbo Lister 2        eBay Inc.        19.12.2011        68,0MB        2.00.0000 notwendig
Unterstützungsdateien für Microsoft SQL Server 2008-Setup        Microsoft Corporation        05.01.2012        33,7MB        10.1.2731.0 notwendig
Vim 7.3 (self-installing)                14.10.2010                notwendig
Virtual Audio Cable 4.10                14.09.2011                notwendig
VMware Player        VMware, Inc        15.11.2011        391MB        4.0.0.18997 notwendig
WIDCOMM Bluetooth Software        Broadcom Corporation        17.11.2009        144,3MB        6.2.0.9600 notwendig
Windows Live Essentials        Microsoft Corporation        22.03.2011                15.4.3508.1109 unbekannt
Windows Live Sync        Microsoft Corporation        25.10.2010        2,79MB        14.0.8117.416 unbekannt
WinHotKey 0.70        Brian Mathis        16.01.2012                notwendig
Wireless Console 3        ASUS        17.11.2009        2,43MB        3.0.10 notwendig

markusg 02.05.2012 15:33
deinstaliere:
Adobe Flash Player 10
Debugging Tools
Driver Sweeper
Java beide

Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
Move Networks
Mozilla Firefox : du hast doch chrome instaliert, wesendlich sicherer und sollte auch schneller sein, würd komplett auf chrome umsteigen.
Spybot weg damit, nicht mehr sonderlich sinnvoll.
Temp File
Windows Live alle die du nicht nutzt.

öffne otl cleanup, pc startet neu.
öffne ccleaner analysieren ccleaner starten, testen wie der pc läuft

michi69 03.05.2012 17:06
Hi,

zu früh gefreut.

Gerade sehe ich über 100 Meldungen von

In der Datei 'C:\Windows\SysWOW64\d3dyxom5s.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Mediyes.D.2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

im Antivir log.

Ich glaube mittlerweile macht es mehr Sinn meine Kiste mal neu aufzusetzen oder was meinst du?

Grüße
Michi

markusg 03.05.2012 18:12
jo,
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

michi69 04.05.2012 15:53
Ok,

wird alles erledigt, sollte kein Problem sein.

Noch eine kurze Nachfrage.

Ich habe in meinem Rechner 3 Partitionen

1. Festplatte
a) Partition 1: C: Windows
b) Partition 2: D: Daten
2. Festplatte
a) Partition 1: E: Mediathek

Soll ich D: und E: auch formatieren?
Ich denke mal eher JA um 100% sicher zu gehen.

Grüße
Michi

Hat sich erledigt der letzte Post, habe alle Partitionen formatiert


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19