Hallo liebe User,
habe mir eben einen gebrauchten Acer Aspire m5201 (Vista)gekauft und hab beim beim starten gleich einen Anfall bekommen , Avira bimmelte sofort los folgende Funde :
TR/Spy.Gen
TR/Spy.Banker
EXP/Pidief.ean
Habe leider keine Vista CD dazu bekommen , würde aber wenn ihr meint das es unumgänglich ist:
OTL:OTL Logfile:
Code:
OTL logfile created on: 02.09.2012 19:17:40 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sarah\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 50,79% Memory free
7,23 Gb Paging File | 5,59 Gb Available in Paging File | 77,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273,57 Gb Total Space | 175,98 Gb Free Space | 64,33% Space Free | Partition Type: NTFS
Drive D: | 410,41 Gb Total Space | 402,64 Gb Free Space | 98,11% Space Free | Partition Type: NTFS
Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 68,36 Gb Total Space | 68,27 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive L: | 7,97 Gb Total Space | 7,90 Gb Free Space | 99,16% Space Free | Partition Type: NTFS
Computer Name: TOMMY3 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.02 19:06:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2012.09.02 18:33:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.02 18:32:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.02 18:32:54 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.02 18:32:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.02 18:32:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.05.15 22:25:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.19 07:50:02 | 000,789,392 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.04.19 07:50:01 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.07.22 14:24:53 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.08.11 10:20:28 | 000,335,872 | ---- | M] (North Star com.) -- C:\Programme\Northstar\SmartLauncher\SmartLauncher.exe
PRC - [2008.05.20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.05.20 12:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.18 02:08:45 | 002,094,352 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2007.07.18 01:30:12 | 000,414,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
PRC - [2007.07.18 01:30:03 | 001,687,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2007.07.18 01:29:52 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
PRC - [2007.07.18 01:29:34 | 000,479,504 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
PRC - [2007.07.18 01:29:24 | 000,278,288 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2000.02.17 16:11:20 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WFXSNT40.EXE
========== Modules (No Company Name) ==========
MOD - [2012.09.02 18:58:51 | 000,007,424 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe.dll
MOD - [2012.09.02 18:17:57 | 000,150,672 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\12001.064\components\AcroFF064.dll
MOD - [2012.05.15 22:25:21 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.07 19:48:38 | 000,235,624 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2008.04.28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
========== Services (SafeList) ==========
SRV - [2012.09.02 18:33:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.02 18:32:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.02 18:32:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.15 22:25:21 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.19 07:50:01 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.01.07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008.05.20 18:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000.03.07 16:38:48 | 000,128,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Windows\System32\WFXSVC.EXE -- (wfxsvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.09.02 18:50:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.02 18:33:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.02 18:33:35 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.02 18:33:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.02 18:33:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.31 19:48:23 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.12 01:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.03.15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009.12.02 15:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008.07.09 02:47:24 | 003,880,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.04.28 11:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2007.12.19 08:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.05.11 11:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.03.02 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=1&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33}
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33}&q={searchTerms}&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0209&m=aspire_m5201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=1&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=119998&babsrc=SP_ss&mntrId=6a92db81000000000000002268063d2e
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GPEA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7BFC6942-7AAB-4224-9482-B81F6C7EDAF8}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{8AA58FF9-DED1-45B7-B69A-F937BC63AA26}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=1&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33}&q={searchTerms}&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=bd887c01-269b-43bf-aad6-5fc906d30146&apn_ptnrs=%5EABT&apn_sauid=4697A0DD-EF21-4C86-A6C5-82BE311C6810&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.27 20:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.27 20:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.15 22:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 18:49:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Sarah\AppData\Roaming\12014 [2012.06.12 15:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Sarah\AppData\Roaming\12001.064 [2012.09.02 18:17:33 | 000,000,000 | ---D | M]
[2011.10.07 18:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2012.08.09 14:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\up44yqlj.default\extensions
[2012.03.02 12:23:44 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\up44yqlj.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011.10.07 18:39:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\up44yqlj.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.03.02 12:23:42 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\up44yqlj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.03.02 12:21:03 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\up44yqlj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.03.02 12:23:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\up44yqlj.default\extensions\ffxtlbr@babylon.com
[2012.09.02 18:49:53 | 000,002,306 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\searchplugins\askcomsearch.xml
[2011.10.07 18:39:12 | 000,002,520 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\searchplugins\SearchResults.xml
[2012.03.02 12:24:12 | 000,004,089 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\searchplugins\sweetim.xml
[2012.09.02 18:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.02 18:49:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.02 18:17:33 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\SARAH\APPDATA\ROAMING\12001.064
[2012.06.12 15:55:30 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\SARAH\APPDATA\ROAMING\12014
[2012.05.15 22:25:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.02 12:23:20 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.07 18:39:12 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Sarah\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\Windows\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Userinit] C:\Users\Sarah\AppData\Roaming\appConf32.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk = File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} hxxp://192.168.178.5/WinWebPush.cab (WebWatch Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} hxxp://192.168.2.2/xplugLite.cab (Gif89 Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1793942C-CCEB-4311-8DDB-31685DA3E7D9}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A8ABAEA-B7E5-42C3-8914-38EB9D8A8BD5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{586ACEC2-E0E6-4BD4-A269-B562E662510C}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58AC3557-6229-4219-8BDA-3A57FF4089FE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CAF4827-2491-4EFE-B123-B8872DA8E2AE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9355EA99-EF04-4531-9466-4920F5532793}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D975D2BE-2B53-4387-8476-936D181BABE5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Programme\Symantec\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c9ec2abc-12a4-11e0-8e32-002268063d2e}\Shell\AutoRun\command - "" = K:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.02 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.02 18:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.09.02 18:48:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Avira
[2012.09.02 18:46:21 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.02 18:46:21 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2012.09.02 18:46:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.02 18:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.02 18:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.02 18:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.02 18:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.02 18:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.09.02 18:42:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.02 18:42:15 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.02 18:42:15 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.02 18:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.02 18:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.02 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\12001.064
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sarah\AppData\Roaming\*.tmp files -> C:\Users\Sarah\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.02 19:11:57 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2012.09.02 18:58:51 | 000,007,424 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe.dll
[2012.09.02 18:58:50 | 000,198,200 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\AcroIEHelpe.dll
[2012.09.02 18:50:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.02 18:46:19 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.02 18:43:42 | 000,000,017 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\blckdom.res
[2012.09.02 18:43:15 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.02 18:40:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 18:40:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 18:40:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.02 18:33:35 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.02 18:33:35 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.02 18:33:34 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.02 18:33:33 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.02 18:17:46 | 000,198,200 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\AcroIEHelpe205.dll
[2012.09.02 18:17:46 | 000,007,424 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe205.dll
[2012.09.02 18:15:30 | 000,065,536 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\up44yqlj.default.dat
[2012.08.09 13:23:08 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.09 13:23:08 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.09 13:23:08 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.09 13:23:08 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sarah\AppData\Roaming\*.tmp files -> C:\Users\Sarah\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.02 19:11:57 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2012.09.02 18:58:51 | 000,007,424 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe.dll
[2012.09.02 18:58:50 | 000,198,200 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\AcroIEHelpe.dll
[2012.09.02 18:46:19 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.02 18:43:15 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.02 18:17:46 | 000,198,200 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\AcroIEHelpe205.dll
[2012.09.02 18:17:46 | 000,007,424 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe205.dll
[2012.09.02 18:12:11 | 000,065,536 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\up44yqlj.default.dat
[2012.07.12 12:17:36 | 000,006,400 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\BAcroIEHelpe166.dll
[2012.06.11 19:05:17 | 000,000,017 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\blckdom.res
[2012.03.02 12:42:43 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2012.03.02 12:41:50 | 000,202,641 | ---- | C] () -- C:\Windows\hpwins19.dat
[2012.03.02 12:23:34 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.31 19:48:38 | 000,200,704 | ---- | C] () -- C:\Windows\System32\UpdateDriver.exe
[2011.12.31 19:48:38 | 000,005,224 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 11:22:59 | 000,002,032 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2011.04.26 22:34:42 | 000,001,000 | RHS- | C] () -- C:\Users\Sarah\ntuser.pol
[2011.01.27 20:26:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 13:15:40 | 000,039,424 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.15 00:33:38 | 000,116,676 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.11.06 19:40:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010.11.06 19:40:06 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.09.15 16:16:03 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.09.15 16:13:52 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2009.10.04 20:41:38 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.12.09 17:23:13 | 000,050,640 | RHS- | C] () -- C:\Users\Sarah\AppData\Roaming\appconf32.exe
========== LOP Check ==========
[2011.10.12 11:14:15 | 000,000,000 | -HSD | M] -- C:\Users\Sarah\AppData\Roaming\.#
[2012.06.09 12:04:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\12001.001
[2012.07.12 12:18:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\12001.038
[2012.09.02 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\12001.064
[2012.06.12 15:55:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\12014
[2008.03.16 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Acer GameZone Console
[2011.12.01 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Acreon
[2012.03.02 12:23:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
[2012.03.02 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Complitly
[2011.09.21 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft
[2011.09.21 16:41:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.28 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ
[2012.06.09 12:04:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\kock
[2011.12.04 17:38:06 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Lingoes
[2011.11.12 14:25:30 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Samsung
[2010.12.30 12:24:17 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TeamViewer
[2012.05.22 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TS3Client
[2011.01.27 14:10:35 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TuneUp Software
[2012.06.09 14:39:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\UAs
[2012.06.09 12:04:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\xmldm
[2012.09.02 18:38:13 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 02.09.2012 19:17:40 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sarah\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 50,79% Memory free
7,23 Gb Paging File | 5,59 Gb Available in Paging File | 77,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 273,57 Gb Total Space | 175,98 Gb Free Space | 64,33% Space Free | Partition Type: NTFS
Drive D: | 410,41 Gb Total Space | 402,64 Gb Free Space | 98,11% Space Free | Partition Type: NTFS
Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 68,36 Gb Total Space | 68,27 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive L: | 7,97 Gb Total Space | 7,90 Gb Free Space | 99,16% Space Free | Partition Type: NTFS
Computer Name: TOMMY3 | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00559BF3-AD0E-40AE-BEFD-EB3EF41C5EA6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{07CCD5D2-9B08-45A5-94BB-6D5EB8992506}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0C58C6FE-AC00-418F-BE27-F4FD9E5D0FEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1381BF46-1C52-4012-B55C-EE73733C82E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{241A37DB-3D90-4176-B76F-27885984CFDE}" = rport=139 | protocol=6 | dir=out | app=system |
"{295801ED-2C92-4AE6-AD29-B8250E2F01B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33F4ABCD-B351-4689-963D-A5858C46328B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{446396D0-537C-40B4-B830-2C8702A698A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{467E8C94-CF4F-4271-8B90-1FA9CEE09503}" = lport=137 | protocol=17 | dir=in | app=system |
"{4C931AEB-9328-4084-B902-4FC526F47F50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FAEDC4E-6928-4157-B092-7633409723C7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{529940E9-E21D-4E82-95AA-F55BD9B73055}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70E1147C-55ED-43DB-B0FC-A76228077323}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{787634B0-0372-44F1-AA34-895015E6E062}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A35CDC7-51F5-4353-A561-0E486EC6E35F}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FCF246A-4B6F-47B2-9FEA-17DB573DA7C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{808754B1-23C8-4C52-A5F8-7D9A43C839F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{960D14E4-B27B-4A8A-AC72-33E03308AD3C}" = rport=137 | protocol=17 | dir=out | app=system |
"{97DCCD34-5E94-4E27-ACDD-993D01276372}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A0294CB8-1FE9-4948-BFA2-E3F7CB0F784C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A0A498F6-CE69-4605-B766-941905D276AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6DE8084-6B5F-4545-9C10-AF12F5B67346}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1C5BEC8-2FF2-4346-B734-A0AB3F886510}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D81A60DE-B8D9-4F92-91D8-76AD283B529F}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC50F7D8-620C-4760-9BB2-ADE40026620C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E9871138-BB57-49D8-8969-ACECB7285F4A}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |
"{F261C4C9-7252-4CF3-A832-04F76AF79AC5}" = lport=139 | protocol=6 | dir=in | app=system |
"{F35B4488-2271-40BD-9FEF-0441EEFA498D}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01466FC1-52B5-4C67-8AFA-9E10DBBC4F0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07D5961F-5ADC-4242-957A-5F5AD6EF747F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{10ED9628-BEFA-4C0D-8588-22B03FED4C55}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{12C675BC-478E-4EC0-A622-1B862B3947E2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{161A62AE-656D-4C30-AAE6-767BF9D6AEC3}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{1B4E92B8-5A45-489A-B0B7-AD6467AC158D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1D8D2245-498E-4B29-95FE-558989055B37}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{1DC2BE4C-4AAD-4233-BE87-9C92657EF2C8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{1ECF83AC-8D9B-4A5E-9E5B-B0229965D530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{227EEF92-C88C-45A3-A317-B36CBA246B7B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{260A49F3-C36D-4437-B777-38B6EC20C79F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27BF558C-FCF8-4AB2-82C0-053C6CCC4BED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{29388DF7-2C41-4294-A7BE-A90E4AA5070E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E130476-2CD4-4035-AB0F-23FFCF484C2A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2FFD931B-81E2-479F-B4BC-C498D3662449}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{3579A913-D694-4050-94E9-5EC37329F590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35DD552F-C925-4196-8A6D-EBB09417ADFD}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{3854DD7A-BEC4-4474-A284-BF3378CD409F}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{39ABB7BB-A124-4F18-9711-928A6C870297}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BB1639D-724F-4B8B-98C2-EEE192803093}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{3C99447F-03FA-4214-AA2D-261DC0E43999}" = protocol=6 | dir=out | app=system |
"{3D9BD45F-9600-4035-BDA3-BC53C2E37CEA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3E083ED7-D4B2-45F0-B759-6361B5CF28CB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{4851DDF6-DB0F-458C-99D8-C8CF70159797}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{4B02014C-C7C6-48EE-928D-DC1319DAE257}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{4FA0C9AF-CFC1-4D4A-85B6-2601E1226285}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5047E163-06C4-480B-AF47-92278CA828DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{540A6516-D7F1-4AD8-96CD-DC0023AFE564}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{58501200-E0B9-4B0F-B555-9A88B5C41A58}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{5F42058E-292F-4C03-BEE6-2D94058E2479}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{5F8272CA-CF79-47F2-AA11-1757E9203F17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6178AD27-9BAF-4828-A76F-DF0BE7A87BBA}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{6C3B460C-3604-42FE-BCA7-120F93322B6B}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6CB09790-3C51-4BD9-BAF1-FCE989C77A8D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6E74EAA8-C058-459B-974A-13D8B67B6349}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F192CE1-8006-4282-B487-417CC7A02BE5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{6FCCD595-2510-4D7F-B030-923783EDB95A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{707F5179-2255-46C8-A857-B552BCC3F83A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{713CE8CD-E4B3-403D-87F5-77D0FF3F286A}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{72BAB06C-2FB8-4E3B-A18D-4EBB420D5C38}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{74AF9A82-7B57-4C40-BC35-4DDC47519275}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{769BF940-36E9-4C37-A8AD-B84FD27C6EB7}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7988ED08-13F3-4BB3-A9D3-F2452A2D93A4}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{8015D7EF-FAF2-4621-9BFD-828D14A118A3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{82825318-C690-45F4-9B26-86FC9A1F19E9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{88E26168-5AD9-44A3-A1C6-B9723FE52E4A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{8E79F5EE-F3C1-40A4-8A2C-EC650BF60404}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CA0EB2A-E0FC-4FB5-BC2A-8E92BC6FC9E0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A17EE015-FDCD-4B26-A9BA-3F461B4F0B4C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{A19EDA19-4D08-41D7-9EFE-43C4DD8499FE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{A4696829-44F6-470D-8E01-5522547FB700}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A854EFAD-20C4-4360-A699-DAAB58E6F0DC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AA25B7C5-1FC7-45A1-A45E-A9CA0EBCAA4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC7DF2E9-0CC4-4224-8CA5-92CBB0D4F1BA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe |
"{AE4BC720-D476-4B84-996C-351FF9E9CB3E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AFA3ABF2-1C08-4AFA-A284-5BAAED59F6A7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B1C7C49B-2B17-4F8C-AC2C-D69CC1DED660}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{B34D57EB-28FD-458C-AAF9-31F522BCC4F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B44B5AF1-5F81-4BED-86D2-C42CC20443D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BBC2B957-CEDA-4994-889F-FBDFCBE9B9F4}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{BE16B91B-2424-409F-9119-8D233D9BE223}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{BF3C507D-D25D-462A-9D2E-CE4FBAF7047D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C1FDFD9E-7873-4AE2-B707-3557AD88A699}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C49F0AFB-98D1-4DCC-B461-5FA92DFB40F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C554EC65-9618-435F-8CC3-6B20BAA2BBDF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C57FC413-7DDE-43FE-BA43-AA94401197AB}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{C67F125D-E18C-46CC-BE66-A494FED410E4}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C69DDA88-5E0B-4803-8D41-64E0D44DCC0B}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C93900A4-34E7-48C2-961D-9988FCF3DAFC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CFB8CA87-ED94-4C49-AC5D-F4E6C9C7C45A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{D5EE698C-A0E1-4B39-894A-DF18729AB175}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{DA34C816-DF70-4DB5-A2D1-7DBF0CC9124A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DB4D4F4D-1F16-4752-B9B3-75C64969C958}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D6A6A6-3833-427F-AE4D-1672DE4C0DB0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E9F1F531-41F0-42E5-919D-8BBA88E60492}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBBC5B73-32F6-40E4-9942-E3330B340907}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE47B5CE-8532-4988-9D38-8A661B085EC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE545702-4B27-4498-A59E-6FFBD3FC3767}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{EF1F2BF6-CF18-4907-948F-53D218589809}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{FE2EC7A9-3DD3-402A-886E-A6CA603FD26E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"TCP Query User{06D5D79E-3B13-4776-A48D-1B9DC298AD83}C:\users\sarah\downloads\diablo-iii-setup-dede(2).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-setup-dede(2).exe |
"TCP Query User{0C281426-A342-41A4-8363-FF129E345706}C:\program files\setup wizard\setup wizard.exe" = protocol=6 | dir=in | app=c:\program files\setup wizard\setup wizard.exe |
"TCP Query User{0C6AD145-6214-4606-8DAE-0B0F2B05BEB0}D:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{0C7EB6D6-7F75-406B-A7BD-75AEBF333089}D:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{22DA9F5E-8BD6-4A3E-9383-2929BB02765E}C:\program files\ipview pro\ipview pro.exe" = protocol=6 | dir=in | app=c:\program files\ipview pro\ipview pro.exe |
"TCP Query User{251E1C12-8D46-4D9B-B17D-AB766D1CD069}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{275E5D93-2A9E-43B8-81B3-C0422F368C80}E:\software\ipeditv3.exe" = protocol=6 | dir=in | app=e:\software\ipeditv3.exe |
"TCP Query User{3774A9ED-5CF7-486F-A221-E9E8AE433689}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{3B55C40B-A450-4620-997D-68C5588BBF74}D:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{42030071-38E6-4803-8C2B-D6DFEF460F50}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{496203B3-24CD-40F8-B73F-EE1682211FB9}D:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{544F8695-DEB8-4506-BCFE-A4A03D4207C9}D:\program files\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\blizzard downloader.exe |
"TCP Query User{6914C40E-DC83-43F5-B959-C633A11146D5}D:\program files\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{6BAB97A6-2B2C-4D08-97A9-A446B1005ADD}C:\program files\routercontrol\routercontrol.exe" = protocol=6 | dir=in | app=c:\program files\routercontrol\routercontrol.exe |
"TCP Query User{70297CC0-3DD0-4886-9ABF-4A6EF8FECCCE}C:\program files\ip dvr\exes\uniwdsvc.exe" = protocol=6 | dir=in | app=c:\program files\ip dvr\exes\uniwdsvc.exe |
"TCP Query User{7897379B-7164-4F4B-8393-0AEAD85EEA07}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{7C78A541-1393-4A8A-AE7E-C32A66698572}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{7E00215F-B3D5-4B23-AD54-1841BB88F3D6}C:\program files\ipview pro\ipview pro.exe" = protocol=6 | dir=in | app=c:\program files\ipview pro\ipview pro.exe |
"TCP Query User{877D5A43-B2D1-4C57-BCDB-95A364D53B20}D:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{87AACD05-881B-44E4-8461-E82910E4A524}D:\program files\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.patch.exe |
"TCP Query User{8E1E41A6-E4E0-40DF-BC24-48309DE2EBA5}C:\users\sarah\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-setup-dede.exe |
"TCP Query User{8FE396E1-0D39-4E26-AB3E-74AB365F813E}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(5).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(5).exe |
"TCP Query User{9224A23F-718A-40CA-827A-01A4402DC19F}D:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"TCP Query User{94097D0E-BA9C-461E-9A06-282C34533725}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{941320B3-7484-486F-B347-D3CA45E4B531}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{99B08129-5A55-4D90-851E-9DFD8B42CD02}E:\software\ipeditv3.exe" = protocol=6 | dir=in | app=e:\software\ipeditv3.exe |
"TCP Query User{9B3FD26E-B4A1-49C6-BA8E-D2E36D97C124}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{9C2053BD-7FCA-4AEA-9AE1-4A34200C3D0A}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{9C4A758C-D437-4CA8-B924-3EA59EE5ADC8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9C6CE1DA-2220-4C72-89E4-6DC2A60C37AD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9FBF02B5-C6A3-41DB-BF4C-CE0659ECD66A}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(1).exe |
"TCP Query User{A1FF9B8C-C174-4EB6-8B16-B227D06596BF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{ACA82646-17B4-4547-AC9D-2C0D8DCBFECA}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(2).exe |
"TCP Query User{B64C2ACA-4456-42C2-8BCE-7D0F6B8A8427}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(4).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(4).exe |
"TCP Query User{BD691486-8678-46A0-9216-B3725F29E6FD}C:\users\sarah\downloads\diablo-iii-setup-dede(1).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-setup-dede(1).exe |
"TCP Query User{D2784836-F93E-4EB1-9F83-B7BCA481AA97}C:\program files\setup wizard\setup wizard.exe" = protocol=6 | dir=in | app=c:\program files\setup wizard\setup wizard.exe |
"TCP Query User{D30BF4DF-C1E5-42FF-902B-E70662D0B92A}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{D6B402F1-6825-4383-8510-2542A9D7139D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D6C076DC-4B38-4E0E-8A1E-6706511D8CA7}D:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{D887EB14-0BCA-4827-916A-A08832DE4BB5}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(3).exe |
"TCP Query User{D9505A62-3871-40C7-855C-139EC3956FB7}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{DE92DDBD-5956-414A-8F3B-78D8636F8C18}D:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{E8690A65-2A7B-4364-8CF0-2C6B41657FFD}D:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{EA661D0A-16F7-4F5D-8114-53B7E649B9B8}D:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{EE27140A-FBCD-4D21-8067-7F4BB3BE06D3}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{FD9EF2D1-003A-485B-90E2-A155910ABB07}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{FE1A145A-E066-41BD-BF1A-775F0847CF24}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{106D6BA2-3491-49F0-9DA4-4C2DE3670F2F}D:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{153B341F-D4F3-436F-ABF9-5FF07AF9B9DE}D:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{191F105A-379D-4AAC-A9CE-64DFC93CB078}D:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{203C8A09-1455-4F7E-8A9F-249969C94C1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{26259079-924A-41F9-A929-675D73BABB90}C:\program files\ipview pro\ipview pro.exe" = protocol=17 | dir=in | app=c:\program files\ipview pro\ipview pro.exe |
"UDP Query User{263F0F3A-1C77-4D37-85EC-A5276C834956}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{32483A6E-7646-4A86-BEF9-92C50A6B4385}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(4).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(4).exe |
"UDP Query User{33B54F41-B053-4488-B453-874DB592F401}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(2).exe |
"UDP Query User{354A87FB-57B2-4D0D-9162-CF9EF9F2BE08}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(3).exe |
"UDP Query User{3FD07946-D2B9-4BF5-AFBD-0A579C521728}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4474271E-0C42-4DD1-894E-F76F12CF7024}E:\software\ipeditv3.exe" = protocol=17 | dir=in | app=e:\software\ipeditv3.exe |
"UDP Query User{4A4A8ABA-52F6-431A-95A5-4D31A90F143B}D:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"UDP Query User{4C4887E2-46A4-4B5C-9D07-8E6EF2F8551F}D:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{4E62DB04-36CA-4732-AF4E-D734D96687E5}C:\users\sarah\downloads\diablo-iii-setup-dede(2).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-setup-dede(2).exe |
"UDP Query User{51EBD472-0305-4883-8B14-91218FC540CD}D:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"UDP Query User{66391C74-5983-4759-8740-6F1C84294E3C}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(1).exe |
"UDP Query User{66709079-3F6F-497E-86CB-09FCF436AADF}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{68E6248C-B616-4855-9988-E6152B6391C8}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{6F38A626-20C2-4D3C-9A30-64F6D124C453}C:\program files\ip dvr\exes\uniwdsvc.exe" = protocol=17 | dir=in | app=c:\program files\ip dvr\exes\uniwdsvc.exe |
"UDP Query User{74139C1E-9829-456A-A236-C329332C31D2}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{91AB4190-8830-4083-96B5-B5484FF8A6B4}E:\software\ipeditv3.exe" = protocol=17 | dir=in | app=e:\software\ipeditv3.exe |
"UDP Query User{947D1E99-89AB-49D3-B65C-696EEAD359A0}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{9672C6D0-D5E4-4677-A459-3D8A8467BCC5}C:\program files\routercontrol\routercontrol.exe" = protocol=17 | dir=in | app=c:\program files\routercontrol\routercontrol.exe |
"UDP Query User{96D3D410-82E3-4D38-9741-9B8BB5943EA5}C:\users\sarah\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{9DD5F716-3047-4A6B-8B14-3561F3F9091F}C:\program files\ipview pro\ipview pro.exe" = protocol=17 | dir=in | app=c:\program files\ipview pro\ipview pro.exe |
"UDP Query User{A8816D19-3856-4D8F-BE6E-8F2ED5BBD13B}D:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{A9D28C4B-3A0E-48D0-BC5F-276660F262CF}D:\program files\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.patch.exe |
"UDP Query User{AC5C7E44-7BE9-4E30-B7A5-353D08F0348B}D:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{AD7C1B64-2969-47FB-824E-ADB3175CFEC7}C:\program files\setup wizard\setup wizard.exe" = protocol=17 | dir=in | app=c:\program files\setup wizard\setup wizard.exe |
"UDP Query User{B25A9312-8156-41FE-BD58-3EED52194DAC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B5EEF63F-EA9E-4334-86A7-CD03C37FEC8B}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{B6396610-DC14-4F20-9C7A-2959D8F4E76E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{BE640E3B-C106-4A8B-AA6D-F6D0B31B67E8}D:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{C9259F87-5EFF-49DA-80FE-A3BC11BE69F4}D:\program files\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\blizzard downloader.exe |
"UDP Query User{D4FE339A-953D-4319-BD24-6882A2A3E1D7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D59BD556-89AF-4104-9668-D5C9FE5094BD}C:\program files\setup wizard\setup wizard.exe" = protocol=17 | dir=in | app=c:\program files\setup wizard\setup wizard.exe |
"UDP Query User{D6BA8D88-982B-4C8E-BE76-0D407515521A}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D6D998A6-2A80-4DEF-A313-A7D301063AB5}D:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{E25C1BAF-053C-4465-9AAA-19FFA237046D}D:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{E55D7B42-5CEE-4C49-A8BB-F0CD13679C96}C:\users\sarah\downloads\diablo-iii-setup-dede(1).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-setup-dede(1).exe |
"UDP Query User{ED622526-B51B-499A-B259-B35C6F4B9B65}D:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{EDDF9DED-534F-459E-8C7D-D16B2E8F7B05}C:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(5).exe" = protocol=17 | dir=in | app=c:\users\sarah\downloads\diablo-iii-8370-dede-installer-downloader(5).exe |
"UDP Query User{F0FB4616-3F66-4236-9B44-D5545B3AA706}D:\program files\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{F64E2D5D-2B3E-4942-A202-FF5F664C859C}D:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{F6FAD450-7542-4EEE-A0C8-EA265975B6D7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F9ADB2CD-C95F-4CA2-BCC1-3F0B36252A54}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{F9F3A89F-4F77-4076-A1D9-48098A8916D4}D:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2AADBC33-7B99-0A0F-FC3E-FCCF178FC842}" = Catalyst Control Center InstallProxy
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3D960387-76B3-4758-BAF7-D156B14A032F}" = Ulead PhotoImpact 8 SE
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4712CA11-351B-4433-AD58-84E8389765F3}" = IPSentry Network Monitoring Suite 5.12.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665C721C-49A3-49E9-AED0-EBEDC1327D57}" = Setup Wizard
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{948BE614-F37B-4A73-AD43-0245F23C110D}" = Logitech GamePanel Software 2.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE2DA32A-F8C7-4E8E-B41D-E5031185CE3F}" = IPView Pro
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F534394E-DBE5-4BA7-B346-BF99438B6F5E}" = AMD LIVE! Explorer
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CloneDVD2" = CloneDVD2
"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)
"DealPly" = DealPly
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"iLivid" = iLivid
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SearchCore for Browsers" = SearchCore for Browsers
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinFax" = Symantec WinFax PRO 10.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"FoxTab PDF Creator" = FoxTab PDF Creator
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.07.2011 09:46:05 | Computer Name = Tommy3 | Source = VSS | ID = 40
Description =
Error - 12.07.2011 09:46:05 | Computer Name = Tommy3 | Source = VSS | ID = 12292
Description =
Error - 12.07.2011 09:46:05 | Computer Name = Tommy3 | Source = System Restore | ID = 8193
Description =
Error - 12.07.2011 14:21:19 | Computer Name = Tommy3 | Source = WinMgmt | ID = 10
Description =
Error - 12.07.2011 14:22:59 | Computer Name = Tommy3 | Source = Perflib | ID = 1008
Description =
Error - 12.07.2011 14:22:59 | Computer Name = Tommy3 | Source = Perflib | ID = 1010
Description =
Error - 12.07.2011 14:23:00 | Computer Name = Tommy3 | Source = Perflib | ID = 1008
Description =
Error - 12.07.2011 14:23:00 | Computer Name = Tommy3 | Source = Perflib | ID = 1008
Description =
Error - 12.07.2011 14:23:01 | Computer Name = Tommy3 | Source = Perflib | ID = 1008
Description =
Error - 12.07.2011 14:23:01 | Computer Name = Tommy3 | Source = Perflib | ID = 1008
Description =
[ System Events ]
Error - 02.09.2012 12:03:48 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7000
Description =
Error - 02.09.2012 12:03:48 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7022
Description =
Error - 02.09.2012 12:03:48 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7026
Description =
Error - 02.09.2012 12:05:27 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7001
Description =
Error - 02.09.2012 12:25:29 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7031
Description =
Error - 02.09.2012 12:38:10 | Computer Name = Tommy3 | Source = DCOM | ID = 10010
Description =
Error - 02.09.2012 12:41:36 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7000
Description =
Error - 02.09.2012 12:41:56 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7022
Description =
Error - 02.09.2012 12:41:56 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7026
Description =
Error - 02.09.2012 12:42:15 | Computer Name = Tommy3 | Source = Service Control Manager | ID = 7001
Description =
< End of report >
--- --- ---
Defogger
Disabled
Malwarebytes:
alwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.09.02.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Sarah :: TOMMY3 [Administrator]
Schutz: Aktiviert
02.09.2012 18:50:46
mbam-log-2012-09-02 (19-48-20).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|L:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 337849
Laufzeit: 49 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Sarah\AppData\Roaming\appConf32.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 2
C:\Program Files\Setup Wizard (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image (Trojan.Agent) -> Keine Aktion durchgeführt.
Infizierte Dateien: 17
C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFPLSSX1\contacts[1].exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Sarah\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Sarah\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Config.ini (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Setup Wizard.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_Back.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_Exit.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_M_About.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_M_Exit.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_M_Link.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_M_Search.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_M_Wizard.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_Next.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_OK.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\btn_Restart.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\Install Screen1.jpg (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files\Setup Wizard\Image\SetupWizard.ico (Trojan.Agent) -> Keine Aktion durchgeführt.
(Ende)
*************************
AdwCleaner[R1].txt - [18199 octets] - [02/09/2012 20:23:23]
########## EOF - C:\AdwCleaner[R1].txt - [18260 octets] ##########
# AdwCleaner v2.000 - Datei am 09/02/2012 um 20:26:49 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Sarah - TOMMY3
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Sarah\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Complitly
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Ilivid
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\Users\Sarah\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Sarah\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Sarah\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Sarah\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Sarah\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Complitly
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\SweetIMToolbarData
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\Software\SweetIm
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19272
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=1&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=1&barid={5B62C878-AE8B-4D24-B50B-315E0F860D33} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=119998&babsrc=NT_ss&mntrId=6a92db81000000000000002268063d2e --> hxxp://www.google.com
-\\ Mozilla Firefox v12.0 (de)
Profilname : default
Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\prefs.js
C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\up44yqlj.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=119998");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "6a92db81000000000000002268063d2e");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15401");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=119998&babsrc=adbar[...]
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 2);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:23:27");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 85169036);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:23:27");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119998");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "6a92db81000000000000002268063d2e");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "6a92db81000000000000002268063d2e");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15401");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:23:27");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?AF=119998&babsrc=a[...]
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.2.0,{33e0daa6-3af3-d8b5-6752-10e949c615[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "iLivid Web Search");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP[...]
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=101&sys[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{5B62C878-AE8B-4D24-B50B-315E0F860D33}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?barid={5B62C878-AE8B-4D24-B50B-[...]
Gelöscht : user_pref("sweetim.toolbar.version", "1.4.0.0");
*************************
AdwCleaner[R1].txt - [18330 octets] - [02/09/2012 20:23:23]
AdwCleaner[S2].txt - [18472 octets] - [02/09/2012 20:26:49]
########## EOF - C:\AdwCleaner[S2].txt - [18533 octets] ##########
