|
Log-Analyse und Auswertung: 50 Euro Trojaner/VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.02.2012, 19:01 | #1 |
| 50 Euro Trojaner/Virus Guten Tag, ich habe leider ein Problem. Hab mir den Virus/Trojaner eingefangen, der mein "Betriebsystem sperrt" und dafür per Paypal 50€ abverlangt. Dies betrifft meinen Laptop, 64 Bit Windows Vista. Strg + Entf funktioniert, aber kein Task-Manager oder sonstiges aufgerufenes. Ich habe erstmal einen neuen Benutzerprofil erstellt, mit Spyware Terminator und Avira untersucht, aber nichts gefunden. Auch der Trojaner kam im neuem Profil nicht (Mehrmals getestet). Hauptbenutzerprofil per Abgesicherten-Modus funktioniert normal, ich hoffe, ich bekomme rasche Hilfe... Ich bin etwas nervös, habe selbst versuchen wollen nach Prozessnamen zu identifizieren, aber ging leider nicht. Ich hoffe wirklich, dass ich schnelle Hilfe erhalte und es nicht viel Zeit/Arbeit in Anspruch nimmt. Übrigens tut es mir leid für die chaotischen Umstände, ich bin leider nicht mit einer Externen gesegnet, sodass es sich so verunstalten gelassen hat.. Edit: Bezüglich code, bin mir unsicher ob logfiles als Anhang genügt oder eher gepostet sein sollte, deswegen: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2012 18:27:11 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 78,89% Memory free 8,16 Gb Paging File | 7,48 Gb Available in Paging File | 91,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,07 Gb Total Space | 33,70 Gb Free Space | 11,78% Space Free | Partition Type: NTFS Drive D: | 12,02 Gb Total Space | 1,93 Gb Free Space | 16,04% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (IDT, Inc.) SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation) SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV - (xsherlock) -- C:\Windows\SysWOW64\xsherlock.xem (Wellbia.com Co., Ltd.) SRV - (SearchAnonymizer) -- C:\Users\Half Steps\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESSERVICE64.EXE (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (a2free) -- C:\Program Files (x86)\Kaspersky Lab\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (npkcmsvc) -- C:\Windows\SysWOW64\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe () SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe () SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\DRIVERS\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (NETwNv64) ___ Intel(R) -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys (The OpenVPN Project) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation) DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation) DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (ncvet.dll) -- C:\Windows\Temp\ncvet.dll (Beijing Joychina Network Technologies Co., Ltd.) DRV - (npkcft64) -- C:\Windows\SysWOW64\npkcft64.sys (INCA Internet Co., Ltd.) DRV - (npkuft64) -- C:\Windows\SysWOW64\npkuft64.sys (INCA Internet Co., Ltd.) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.23 10:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.06 00:56:01 | 000,000,000 | ---D | M] [2011.03.05 09:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.02.06 00:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g7h0kqfy.default\extensions [2011.07.16 17:45:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Half Steps\AppData\Roaming\Mozilla\Firefox\Profiles\g7h0kqfy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.12 15:12:52 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Half Steps\AppData\Roaming\Mozilla\Firefox\Profiles\g7h0kqfy.default\extensions\personas@christopher.beard [2012.01.23 13:21:37 | 000,002,069 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g7h0kqfy.default\searchplugins\{56176759-9B13-461D-B5DF-14DAC037DBE9}.xml [2012.01.23 13:21:37 | 000,002,180 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g7h0kqfy.default\searchplugins\{F53EE8CD-76EC-48BF-A82E-667D654583C9}.xml [2012.01.23 13:21:36 | 000,001,862 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\g7h0kqfy.default\searchplugins\{FC03BAD6-56B5-4C36-BF1B-C914856EE593}.xml [2012.01.15 10:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G7H0KQFY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G7H0KQFY.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G7H0KQFY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.02.02 13:44:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.23 13:21:36 | 000,002,323 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.23 13:21:36 | 000,001,927 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.23 13:21:36 | 000,001,603 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2012.01.23 13:21:36 | 000,002,314 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011.02.24 22:16:19 | 000,001,267 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKCU..\Run: [{6F6E7227-5361-6536-BA2A-8F10C7EDECC5}] C:\Users\***\AppData\Roaming\Fyazisq\hovyahb.exe (Orb Networks) O4 - HKCU..\Run: [CursorFX] C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Stardock Corporation) O4 - HKCU..\Run: [panel] C:\Users\Half Steps\AppData\Roaming\panel\panel.exe (3M Touch Systems, Inc.) O4 - HKCU..\Run: [WLAN Optimizer] C:\Program Files (x86)\Wlanoptimizer\WLAN Optimizer.exe (none) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://my.buffed.de/imageuploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.23.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} hxxp://tera.hangame.com/common/activex/HanSetup1040.cab (HanSetupCtrl1010 Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B055437-BD62-44F6-B5CF-8C8343F40A63}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27:64bit: - HKLM IFEO\excel.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hpbc.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hphc.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hpsi.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hptouchsmartmusic.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hptouchsmartphoto.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hptouchsmartvideo.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\hptv.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\onenote.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" File not found O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - "C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2011\TUAutoReactivator64.EXE" File not found O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hpbc.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hphc.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hpsi.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hptouchsmartmusic.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hptouchsmartphoto.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hptouchsmartvideo.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\hptv.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O27 - HKLM IFEO\winword.exe: Debugger - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUAutoReactivator64.EXE (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.05 10:26:06 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{28b3205f-7eff-11df-8a1d-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{28b3205f-7eff-11df-8a1d-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{28b32071-7eff-11df-8a1d-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{28b32071-7eff-11df-8a1d-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{29b1cb9d-b4fc-11df-ba34-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{29b1cb9d-b4fc-11df-ba34-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{60527fe6-f3b9-11de-85e3-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{60527fe6-f3b9-11de-85e3-00238bdc70e3}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{60527ff4-f3b9-11de-85e3-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{60527ff4-f3b9-11de-85e3-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{67b74df6-b508-11df-bb19-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{67b74df6-b508-11df-bb19-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{67b74e02-b508-11df-bb19-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{67b74e02-b508-11df-bb19-00238bdc70e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{67b74e0c-b508-11df-bb19-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{67b74e0c-b508-11df-bb19-00238bdc70e3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{791435e8-f6ad-11de-8972-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{791435e8-f6ad-11de-8972-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b9c04cd3-0597-11df-8069-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{b9c04cd3-0597-11df-8069-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b9c04cdd-0597-11df-8069-00238bdc70e3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{cbd27867-b4f4-11df-aa45-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{cbd27867-b4f4-11df-aa45-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e7d57cb9-b4ee-11df-9088-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{e7d57cb9-b4ee-11df-9088-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e7d57cd3-b4ee-11df-9088-00238bdc70e3}\Shell - "" = AutoRun O33 - MountPoints2\{e7d57cd3-b4ee-11df-9088-00238bdc70e3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: AppSecDll - (C:\Users\Half Steps\AppData\Local\Windows Server\hsvwab.dll) - File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.10 15:18:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\panel [2012.02.09 11:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2012.02.07 15:10:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ozav [2012.02.07 15:10:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fyazisq [2012.02.06 14:53:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\BigHugeEngine [2012.02.06 13:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingdom of Amalur [2012.02.06 01:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight [2012.02.06 01:03:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRight [2012.02.06 00:55:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FlashGet [2012.02.06 00:55:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\BITS [2012.02.06 00:55:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FlashGetBHO [2012.02.06 00:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network [2012.02.06 00:50:56 | 000,000,000 | ---D | C] -- C:\Downloads [2012.02.06 00:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager [2012.02.05 08:20:48 | 000,000,000 | ---D | C] -- C:\Users\Half Steps\Documents\C9 [2012.02.05 08:20:32 | 000,673,296 | ---- | C] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem [2012.02.05 08:06:57 | 000,230,920 | ---- | C] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2012.02.05 04:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEBZEN [2012.02.02 16:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA [2012.02.02 16:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA [2012.02.02 16:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA [2012.02.01 18:48:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DefendersQuest [2012.02.01 18:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur [2012.02.01 18:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2012.01.31 22:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefendersQuest [2012.01.31 22:00:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fortune Summoners [2012.01.31 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fortune Summoners - Secret of the Elemental Stone [2012.01.26 10:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect [2012.01.25 20:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2012.01.23 13:21:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2012.01.23 13:21:17 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2012.01.23 13:21:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS [2012.01.23 10:35:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings [2012.01.18 01:30:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\BigHugeEngine [2012.01.16 11:06:34 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.16 11:06:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.14 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DMO [2012.01.13 22:58:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax [2012.01.13 17:32:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Akamai [2012.01.12 02:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.01.12 00:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Unleashed [2012.01.12 00:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Night [2011.08.13 17:08:50 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll [2010.07.18 15:56:24 | 000,344,064 | ---- | C] (MySQL AB) -- C:\Program Files (x86)\MySql.Data.dll [3 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] [11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.10 18:22:43 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.02.10 18:22:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.10 18:19:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 18:19:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 18:17:23 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.02.10 09:54:24 | 001,930,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.10 09:54:24 | 000,815,900 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.10 09:54:24 | 000,751,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.10 09:54:24 | 000,200,808 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.10 09:54:24 | 000,162,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.09 08:24:33 | 000,000,093 | ---- | M] () -- C:\Users\***\AppData\Local\svcxdcl32.dat [2012.02.06 14:35:24 | 000,000,919 | ---- | M] () -- C:\Users\***\Desktop\Reckoning.lnk [2012.02.06 00:56:05 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI [2012.02.05 08:20:32 | 000,673,296 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\Windows\SysWow64\xsherlock.xem [2012.02.04 07:49:13 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.04 07:49:13 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.03 14:43:23 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft-Tastatur.lnk [2012.02.02 16:01:07 | 000,001,642 | ---- | M] () -- C:\Users\***\Desktop\TERA.lnk [2012.02.02 07:03:19 | 004,905,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.31 22:06:17 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\DefendersQuest.lnk [2012.01.31 22:00:19 | 000,001,079 | ---- | M] () -- C:\Users\***\Desktop\Fortune Summoners - Secret of the Elemental Stone.lnk [2012.01.30 13:52:28 | 000,000,020 | ---- | M] () -- C:\Users\***\Documents\aionmemo_c5ed6dea.dat [2012.01.26 12:28:57 | 000,001,009 | ---- | M] () -- C:\Users\***\Desktop\MassEffect.lnk [2012.01.20 13:11:04 | 000,078,848 | ---- | M] () -- C:\Users\***\Documents\Womit soll ich anfangen.wps [2012.01.20 13:11:04 | 000,002,772 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2012.01.14 19:04:35 | 000,000,780 | ---- | M] () -- C:\Users\***\Desktop\GDMO.lnk [3 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ] [11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.10 18:17:22 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.02.08 20:40:12 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\svcxdcl32.dat [2012.02.06 14:35:24 | 000,000,919 | ---- | C] () -- C:\Users\***\Desktop\Reckoning.lnk [2012.02.06 00:56:05 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2012.02.02 16:01:10 | 000,001,642 | ---- | C] () -- C:\Users\***\Desktop\TERA.lnk [2012.02.01 18:07:09 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft-Tastatur.lnk [2012.01.31 22:06:17 | 000,000,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DefendersQuest.lnk [2012.01.31 22:06:17 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\DefendersQuest.lnk [2012.01.31 22:00:19 | 000,001,079 | ---- | C] () -- C:\Users\***\Desktop\Fortune Summoners - Secret of the Elemental Stone.lnk [2012.01.26 12:28:57 | 000,001,009 | ---- | C] () -- C:\Users\***\Desktop\MassEffect.lnk [2012.01.23 13:21:18 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.14 19:04:35 | 000,000,780 | ---- | C] () -- C:\Users\***\Desktop\GDMO.lnk [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.13 15:38:15 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.02 08:03:13 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.03.28 16:11:54 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011.03.05 09:15:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.27 20:05:57 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.02.14 16:12:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011.02.14 16:11:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.02.14 16:09:52 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010.09.09 19:51:00 | 000,000,244 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.07.03 11:40:08 | 000,165,376 | ---- | C] () -- C:\Program Files (x86)\WebUpdate.dll [2010.04.02 13:07:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.17 17:45:06 | 000,002,772 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.01.01 22:00:59 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.11.08 00:37:16 | 000,000,857 | ---- | C] () -- C:\Windows\client.config.ini [2009.09.23 13:38:55 | 001,910,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.09.23 10:00:12 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.09.23 10:00:08 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.09.23 10:00:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.09.08 10:04:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.07.04 14:25:02 | 000,000,085 | ---- | C] () -- C:\Users\***\AppData\Roaming\AVSDVDPlayer.m3u [2009.07.04 14:13:34 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.04 14:13:34 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.07.03 13:00:25 | 000,065,536 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.30 03:53:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.01.22 06:05:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.01.21 23:36:44 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2008.12.31 12:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.12.17 16:43:46 | 000,589,824 | ---- | C] () -- C:\Windows\SysWow64\INICRYPTOSDK.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.02.2012 18:27:11 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 78,89% Memory free 8,16 Gb Paging File | 7,48 Gb Available in Paging File | 91,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,07 Gb Total Space | 33,70 Gb Free Space | 11,78% Space Free | Partition Type: NTFS Drive D: | 12,02 Gb Total Space | 1,93 Gb Free Space | 16,04% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UpdatesDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 10 50 38 13 62 CC CB 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2479986703-2308944228-624398205-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03336273-94CB-449B-A857-73C019FC2B58}" = lport=2869 | protocol=6 | dir=in | app=system | "{11162B26-AAFF-4216-9A59-2FF5A68C4FEF}" = lport=49191 | protocol=6 | dir=in | name=akamai netsession interface | "{9C6779ED-70FF-415E-9342-942E5DC6EEE1}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{B5757829-465D-4DC5-BF3B-59C032A078AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{026C64BA-93B4-4CBD-9462-A80155BECC13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{06208BCB-5B9E-4ACC-8311-BFCF73B75161}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{08805B90-0B52-4EFF-A67D-D6BEFE0359DC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{09FAF9D8-9248-4726-9611-FF430B1F239B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0C3A3B53-7ABA-4583-851A-C22B54BF3915}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{0D9341DE-EB42-489B-9AC0-0C6ED445D92C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0DB22FB2-4097-4C48-AD84-B022F8F5DBB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0DD5EE63-20D7-4948-98AA-C48C8603969E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1097FB49-FF1B-434C-88EF-8FCDBA4A24E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{150D0A4C-AC55-4092-B56A-46E468542943}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{1544F074-29CA-4E8D-B679-B43AC247EF09}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{158DF0C6-49F0-4ABA-BF10-1878D300902B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{16D90027-7A04-482B-9125-8C14BBAFE6EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{174996BC-0EC5-42EF-AB56-664CA95176B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{17FBB044-6D6D-43A8-8A8B-C8DEC94CEB65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{18395467-3ABE-4420-8EF7-11BED6D78046}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1A9DFED2-4050-4344-B01D-70A0966C7C5A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1B046D9C-BCEF-416E-A45F-65A530D373A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1C0819DC-B700-4830-9C51-66F552ABE29D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1F82E5FB-1DB4-4119-993F-34383B10DEA9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{1FF3428B-3187-426F-8E6E-A58624D90F76}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{21CD3EB0-818D-4279-A53D-801800734822}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{231DE5FD-D4EA-4CAF-8D13-94B2F05D11DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{232DAA12-369B-4F8E-ABB8-991CC1584E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{2372773F-7299-4EB3-BBF4-363F880D3125}" = dir=in | app=c:\users\half steps\appdata\roaming\fyazisq\hovyahb.exe | "{23AAFFCA-B290-4BC6-8374-F8B0DF96E32E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{242BC21E-ADCD-42C5-B116-7762CBC64D6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{28CD84CF-D345-494D-9964-FCB1B265753D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{2C04A759-03E4-4E54-BDFE-3D08A2E86186}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2DD7A64C-8DEB-4A88-B9DA-418F2EDBC8CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{31076D69-3C8A-49B1-8CC7-A4E02873DF34}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{31DF766E-7275-4EAB-8A82-7FC25506E1B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3292B31A-1A54-4A24-B405-4DE374C6418E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{32C0B387-8553-428D-9EC7-5EF8F0F93208}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{33A762A8-D3CB-4D7A-8372-04FAED3E49EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{369A6621-C606-4BBE-8284-BD82F8586438}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{37ADB54C-C856-4D72-99FD-E322EC09DB61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{37B77F98-EBBB-41E9-AEF2-E0A39063FA16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3A2E20F6-6BCF-4A4A-9080-72854E46473E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3C407388-3048-4611-906D-362087F54285}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{3C88D691-4B56-46DE-8559-4ED80A0098F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3CBC2AF8-1D8F-48AE-BBA6-17DC84340689}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3DD67ECB-1D10-4F6F-A466-6562CFAB971D}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{40E5EC95-0B42-4132-9F11-6C8C154A87A0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{435637C3-907A-48BF-95BD-0F304F935C03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4533B717-751C-4DFF-9887-45D2DB29613A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | "{45DDDF68-86CF-41A3-9EFB-2E7B4C9030B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{46345F22-0B39-475D-8525-40B126D60690}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{473E6970-2D83-42FA-A56D-E84F3A08E02D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4855D5F0-DF1A-4320-A682-3932E06C0C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | "{490CC18E-884E-44F7-88BB-14BF5A9A7BA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4A7564BB-E00F-41C8-B9B7-F43B742D293E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{4B4679D2-519D-45FA-9A7F-16EED2B66D04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4F68B4AE-A058-4BB1-B55E-E1E6EF9A1DD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4FCD65B1-3F4B-4D2F-9818-8C33422CD328}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{507A855E-F7B9-4138-95EB-E3F1D3FB0602}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{50AEAFD1-BE54-473E-8C4B-08AF7021D68C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | "{520BCEB3-571D-4EFD-BBE1-2A1BB24495F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{52E5A924-E662-4279-914D-66CEA0AA0F68}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{534202C1-B499-4622-832B-C4C1B59B2923}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{542C3986-4AA2-49A4-AEBC-3B8BDDC7DE76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5623BC17-23A7-4351-813A-C9452D4A821E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{58816C71-6DE3-490D-AE33-10CD4DB15DCB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5A3171D7-A610-4DCD-9A2C-45C59A0D4749}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5A8B5DD6-2F9C-4CD6-B347-7931EC088395}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5C64EF94-80BC-4AB2-934B-600E64391B93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5E2CF957-B445-4C72-97A7-3D30414F941A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6243AE68-879C-4F5B-94F0-A5B7FC90780B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{64D206E0-41C6-49E2-836C-C2F3917E5252}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6690D799-97F8-41B4-9A00-42B66E66FDE0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6A049258-4F4F-4456-82E3-EB625AC741A1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{6B9CAFAE-011C-48BF-97B8-0D28FED379B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6CE393A8-DA87-4269-B3B6-460ED0681DFA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{6D14C551-88F4-46BB-BE17-7A47E32767B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6D4DEF11-D3C0-41B0-9E07-38D37CE81A2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{70AD3BAB-5CF1-459E-AFE8-B40967EA1D75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{72B1B7F7-86EA-45F9-82D8-0A47C06C38E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{73CC6476-C84A-478E-899F-1A335555B38D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | "{7564083E-C323-41A7-98A9-03FF54FE9832}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{77753965-A49C-4B30-B16B-1333D095125A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{77F8A418-8D2A-4CBD-8CB4-518A20AEA5BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7C25CB35-E94A-4F4F-84FB-5AE0172A006B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7C9C90C0-06F2-4A24-9C4C-1A76DF074361}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{7D520BCE-5677-4AEC-92DE-F1A964BB0EA7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{7DF40E58-FC6F-4179-9ABD-E8E7C17E22BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7EB1A09B-78B5-45B7-B783-E93F309ABD29}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{7EC26B51-05C7-4B78-8D9C-C1F9A8CBC098}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{7ED368CC-5E22-431F-8D64-679B38353908}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{84C0B746-0926-473D-97DD-9870076C0BB1}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{84E64F03-7987-4D46-9633-F565A7327A19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{852B90B6-E85D-45E4-8B7C-0F32997DCF17}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{87DC8231-3D73-4032-9200-F992C928C93C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{881E9356-52F3-4EA6-ADA1-5699610136B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{89A88232-0311-4B2B-974E-DA840E68BCF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{89D127D0-9549-4507-8194-69975C5E2401}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe | "{8AA16315-E93A-40B1-BFFB-5696700A8383}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{8BB6C799-3398-46D3-B2BA-4E0B92411F03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8BF57DC2-5867-4B14-BEE7-5F06AFF31668}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{8C9E9D54-21A5-4B6D-B60F-259D4620A2B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8CC4EF86-06E6-4D2E-905E-141E1096F429}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E0F00CE-BC3C-471C-8361-D98BC4E00241}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8E19A774-9DF1-4A17-8C81-F50563B5809C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{91045464-3952-4E28-AA7C-EADEFE8F18A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{911DBC73-DB49-448C-AB1F-90485F31646B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9376B1E2-7521-4DE5-8B35-AF7D19F2632C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{93BF0385-A354-444B-947A-F495B331CF69}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{94551148-FFA0-4A6D-BFF3-3E477AE2846C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{950F684D-9631-46CA-ABA3-A220A33233E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{966CB65C-798A-4F4D-ABCD-752169416AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{967CFF06-E8F9-4C85-9F53-049B5953F5AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9C218048-EE84-41E4-8CA5-91DE99C70E76}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{9F6B5F14-4E72-401B-ACC5-137D22326703}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A08BA129-0C7E-4791-8B1B-5B07D7212D54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A21B5757-7762-4D1B-8860-904089607CF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A2C9FC7D-4900-4290-9DF7-9453A7E85153}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{A5654E35-527C-4324-8A08-521E897094E9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{A612B04C-3FAF-4F30-BCF9-A3CB473B5FB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AA0342C5-74E6-49CF-B454-3C359F30E8CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AADC3064-A887-40A4-92F4-0A6190371D2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AB7860CD-4F12-4DE5-8E4A-68F684D12D58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{ACEAC8BC-D866-47E0-BF60-13BCD4772314}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{AD2E5DF1-56BD-4B21-A22B-1A2638F66829}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AD9B12DB-08C3-4D2F-BA51-814938B17B25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AE94C193-792E-4119-A438-89F730A1113C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | "{B10F2DB3-491B-453D-A9DD-842A53BE697D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B1D81C4D-8F3C-4215-BF0D-DD9AB9C68381}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{B1D9347F-8B35-4EFF-8218-69C7A36BBC3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B9ADE3D4-A481-403A-B183-32805D8E55DC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{BCCC456C-5DAF-472E-B9C2-69FFC977F40E}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe | "{BDDC827A-B5DB-44CB-B515-5F30729E54D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BFD52C99-0241-406B-BB14-13940CEED5FA}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{C12C9E4E-D00F-4EF6-AAE9-9D19C0B2171A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | "{C4281AF5-DA2A-4DC5-847D-2B66B373E794}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C493A3F6-EC4D-48D8-8EF2-841269D9776B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C4F3A80B-FB82-4108-9E30-2E2974B0FC5F}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{C513D605-5963-4D92-8066-7E0E432075AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C5B097E9-6D32-4857-B13D-700AE4C6607E}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{C6818B91-6331-4C21-8A35-BD8699A7F8F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CCBC300E-B2A9-4823-91EA-EE6340F0C60D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CEF467A4-1433-48CA-9D2E-67CD5DB07426}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{CF217B8C-6913-4FBA-A90C-908133B5B50C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CF89A5B5-FB23-479B-BA8E-ED02AB1C87FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CFCECC8A-6C45-49CD-B0DF-2B7AA6826334}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D0F52FA7-1A57-4FFB-A847-A996932701D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{D1722F24-23B2-49DE-A555-499B6DE9B2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{D27AFD59-95C2-439F-98FC-74B4031B689B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{D2B26CBA-5AB7-4B0C-AC3F-B3BE6569CC16}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D4AE9888-E6A8-4206-9D64-5DA9B0B74B85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D58EB6B5-FB68-4105-9B2B-97BCD8748BAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D64376DC-1EB9-4789-A478-8D15580239F4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | "{D6473ECA-56CB-4786-99C0-CEC49CBB64F3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D6A5B134-4242-423C-AD12-7DA3B3580E04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D85C16E0-8AD4-472E-875C-93464792792E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{D931EC81-5260-4D9D-BED1-52396B8268C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D9FEFB30-909B-4B01-968E-B30BBD92B695}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D9FF2926-D1C3-4839-8E37-5C679D0C6F39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA60FC3A-FBF6-40F1-964D-5FBB70455F93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA89EAA0-2B93-45BE-8705-D3F810EFAD82}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{DBDFC275-3772-4BAF-BA00-D13AE525414B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DDA968BF-99B5-44DE-9313-1C256AFA595A}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | "{DDE8A43C-DAB3-435E-AFDF-DBA9B3FF0644}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DE42CF7D-F29A-4EF9-BBAC-9D197307281E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DFED68BC-519A-4960-BD04-152031A17082}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{E04816F4-0334-436F-9FA0-DBA883BB6813}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{E1971E3C-F0FA-48DF-A992-3CDD8B53F850}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E19CFA63-56FA-4457-B495-E1A9DAF87638}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E2B2CF29-EBA8-44D0-A378-E70E778D0320}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{E2FF6D0C-57EF-4158-AAEA-97DE95E5254A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E65C5CF8-8EEC-471A-A942-388FF713F728}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EC4C7628-B2EB-43B7-8B8A-FE917C81541F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{ED53F8CE-6882-45BE-A803-95C6327B8A42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EE9A3A60-2540-4970-ACC0-8E8A9158371D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F20495F8-5DF9-4911-993D-1C96939AC2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{F2450C93-E75A-4AA2-BAAB-FAD6E240598C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F66531A7-E37C-444B-89E2-EAA307D6A93D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F7625924-F059-42A5-88C7-D4A4102FBF5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F824A22D-E9FC-4207-93DA-74DC6A575C91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F8BB0EE1-EFAA-432E-9338-C87A91BE9226}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F99C1F72-5249-433E-B438-5C88962FE08A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{28044DE6-EAB1-4826-ABD8-6F8C2722DD50}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | "TCP Query User{33B1356D-34AD-4020-B40A-3E19895152AD}J:\spiele\world of warcraft2\launcher.exe" = protocol=6 | dir=in | app=j:\spiele\world of warcraft2\launcher.exe | "TCP Query User{49EDDBF4-767B-4577-83F3-8ED35EB0F0F5}C:\users\half steps\appdata\local\svcxdcl32.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\svcxdcl32.exe | "TCP Query User{4A5734AD-D43E-4A24-8369-E18522BE9A04}C:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe | "TCP Query User{4BCFFA11-282B-4A4A-B373-C0B41185FAB1}C:\program files (x86)\cabal online\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cabal online\launcher\update\estdnheadless.exe | "TCP Query User{644F184E-80BF-4B00-A3E0-BD2AAF4C588F}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "TCP Query User{679D3484-CCEC-407F-BB22-13DFB100300D}C:\program files (x86)\world of warcraft2\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft2\launcher.exe | "TCP Query User{7097192E-CE17-4EF7-AD08-29467BB24135}C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe | "TCP Query User{7C28C09E-6485-48BF-AE5E-13FDE734B487}H:\spiele\call of duty 4 - modern warfare\cod4- online.exe" = protocol=6 | dir=in | app=h:\spiele\call of duty 4 - modern warfare\cod4- online.exe | "TCP Query User{86649793-5B50-4E85-9229-7C256F68A661}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{8B915601-61F2-48F2-B6F5-11A7D85D41AB}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{97B618B0-5294-4040-939A-6E80C1ADA9BC}C:\games\lbz3d\tmp\co_real.exe" = protocol=6 | dir=in | app=c:\games\lbz3d\tmp\co_real.exe | "TCP Query User{B008FD64-0966-4358-BBB8-CC4EDF6EF8DF}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "TCP Query User{B8468F84-AA89-4A9B-9E2A-B6222C354F07}C:\program files (x86)\zuxxez\battle vs. chess\battlevschess.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zuxxez\battle vs. chess\battlevschess.exe | "TCP Query User{BFE34708-153E-4A74-8454-38D01D161E65}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "TCP Query User{C457F509-A6F2-4C82-968B-B89BACB24C06}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{C774D1C3-9B4E-4843-A241-EBA51013929D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{C8C95D9B-4568-4E82-8B1D-EF911966216F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{CA2B607E-83F3-4A51-9222-093640D740A7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{CBED7B02-10D8-4F53-BDAB-4CE3B0C2AD81}C:\program files (x86)\kingdom of amalur\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kingdom of amalur\reckoning.exe | "TCP Query User{D0DCE66C-8D3A-45EB-8F12-0E60ACD24D79}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{D5EF6D17-9875-4E3B-96C9-7E0A4F64AEA6}C:\program files (x86)\stardock games\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe | "TCP Query User{E8F6E9C4-276B-4668-9259-98EA913F996F}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{FE172245-E804-4168-BD6B-D717C9A4F73A}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe | "UDP Query User{094E2EB4-6C45-4590-9A50-09A377ABCDE0}C:\program files (x86)\kingdom of amalur\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kingdom of amalur\reckoning.exe | "UDP Query User{0CE186EE-8CF4-4F94-922D-5CA4CC0AC947}C:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe | "UDP Query User{0D43AD6C-5CAB-4AA6-9C51-1FF06E6DDF9C}H:\spiele\call of duty 4 - modern warfare\cod4- online.exe" = protocol=17 | dir=in | app=h:\spiele\call of duty 4 - modern warfare\cod4- online.exe | "UDP Query User{139B0F68-5BCF-4C4B-9749-ED02431D17B2}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{191036F9-6FDD-4ADA-BE0B-48C4150BD199}C:\program files (x86)\stardock games\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod\bin\demigod.exe | "UDP Query User{1C7CFF39-C7BC-4151-B749-39D61B771EFB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{2FEA1AFA-0EFB-4EA9-9623-66A55FF9AB07}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{3A3EFFBE-DCC3-40AD-9D9A-5A4E9B34D0E0}C:\program files (x86)\zuxxez\battle vs. chess\battlevschess.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zuxxez\battle vs. chess\battlevschess.exe | "UDP Query User{3B94029E-8C06-4A3D-82AA-DC878F167D60}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | "UDP Query User{4EEC1111-F909-4D88-AB2F-286C061ECBFF}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe | "UDP Query User{625084B6-4BEC-40B4-B11A-1FF84CDFE0D5}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "UDP Query User{713CF01E-D170-4397-8C89-A536B0092E3E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{72FAE683-27DA-4CB6-A867-B29EBA71C9CA}C:\users\half steps\appdata\local\svcxdcl32.exe" = protocol=17 | dir=in | app=c:\users\half steps\appdata\local\svcxdcl32.exe | "UDP Query User{77E15997-A026-4952-95A3-8E3DEF187971}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{984FD1E8-FF72-4A5F-A449-20E2D979A22C}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | "UDP Query User{B0672B94-E1BD-41DB-9A12-1B6C06F5BB7D}J:\spiele\world of warcraft2\launcher.exe" = protocol=17 | dir=in | app=j:\spiele\world of warcraft2\launcher.exe | "UDP Query User{C41B3BE1-08CF-4506-A7F6-07028F637C3A}C:\program files (x86)\world of warcraft2\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft2\launcher.exe | "UDP Query User{CA47095A-D9BD-4935-8044-6B6D1BB865B1}C:\games\lbz3d\tmp\co_real.exe" = protocol=17 | dir=in | app=c:\games\lbz3d\tmp\co_real.exe | "UDP Query User{D45D281D-C792-4DBD-9D54-40F22E370E99}C:\program files (x86)\cabal online\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cabal online\launcher\update\estdnheadless.exe | "UDP Query User{D67A17C0-F633-48DD-9705-D58505C35318}C:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\robot entertainment\orcs must die!\build\release\orcsmustdie.exe | "UDP Query User{DEF704F4-A10E-4BCF-B191-21BC99F7C353}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{E8FE869E-2991-4E76-BB42-5ABC4FAE6F9A}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | "UDP Query User{EABDD939-4E07-47AA-A9C6-914B98B29C4C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{EE245BBE-6C5C-453A-A8C5-2BA55457E384}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4432F6A4-33D7-41B9-88E4-6735CF334671}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client "{7E9984FD-DF5D-D0D9-E552-7872964F00CC}" = ccc-utility64 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - DEU "SearchAnonymizer" = SearchAnonymizer "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.13.71 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{173275E9-C62A-4BCB-9389-574E93336DDA}" = Microsoft Visual Web Developer 2005 Express Edition - DEU "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1 "{35FE995E-5A31-D005-0303-8D9FBBD4B67B}" = Catalyst Control Center Graphics Previews Common "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{421EC9A7-4A58-43CD-AC9B-8FACFFB9A843}" = Microsoft Visual C# 2005 Express Edition - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C8DE415-3AB4-4E46-8349-1DD0B5AB297D}" = Microsoft Visual Basic 2005 Express Edition - DEU "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{5B52E1FF-BD66-4582-97BA-55C575C19504}" = Microsoft MSDN 2005 Express Edition - DEU "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C37FA93-10B5-4F55-A672-954ECEDA221B}_is1" = Mass Effect - English 2 German Patch v.1.0 "{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension "{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2E7217-F13C-5170-BAA5-78BB69308EF0}" = Defender's Quest "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{C025595B-A217-7317-65D8-CE7D304FCD30}" = Catalyst Control Center "{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX "{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D5AFB7E8-D81F-F57F-4D43-EC95E49425FE}" = Catalyst Control Center Localization All "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F76C09F9-C367-6FB9-4965-A26211D094FC}" = CCC Help English "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "a-squared Free_is1" = a-squared Free 3.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Battle vs. Chess_is1" = Battle vs. Chess "CursorFX" = CursorFX "DefendersQuest" = Defender's Quest "DivX Setup" = DivX-Setup "DMO" = GDMO "Evil Player" = Evil Player v1.31 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.1.715 "Game Booster_is1" = Game Booster 3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IcoFX_is1" = IcoFX 1.6 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "JA Launcher" = JA Launcher "JDownloader" = JDownloader "Magic DVD Ripper_is1" = Magic DVD Ripper V5.2.1 build 10 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft MSDN 2005 Express Edition - DEU" = Microsoft MSDN 2005 Express Edition - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Basic 2005 Express Edition - DEU" = Microsoft Visual Basic 2005 Express Edition - DEU "Microsoft Visual C# 2005 Express Edition - DEU" = Microsoft Visual C# 2005 Express Edition - DEU "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Microsoft Visual Web Developer 2005 Express Edition - DEU" = Microsoft Visual Web Developer 2005 Express Edition - DEU "Mobile Partner" = Mobile Partner "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US) "npkcxp" = nProtect KeyCrypt "OpenAL" = OpenAL "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "PunkBusterSvc" = PunkBuster Services "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 6" = TeamViewer 6 "TrueCrypt" = TrueCrypt "TuneUp Utilities 2012" = TuneUp Utilities 2012 "uTorrent" = µTorrent "Vindictus EU" = Vindictus "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 0.9.9 "WildTangent hp Master Uninstall" = My HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dungeon Defenders" = Dungeon Defenders "NCsoft-AionEU" = Aion "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Geändert von Neverworld (10.02.2012 um 19:11 Uhr) |
10.02.2012, 19:13 | #2 |
/// Malware-holic | 50 Euro Trojaner/Virus hi
__________________ersetze im script *** durch nutzernamen damits passt dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [panel] C:\Users\Half Steps\AppData\Roaming\panel\panel.exe (3M Touch Systems, Inc.) :Files C:\Users\***\AppData\Roaming\Fyazisq C:\Users\Half Steps\AppData\Roaming\panel :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die + E Taste.
__________________ |
10.02.2012, 19:28 | #3 |
| 50 Euro Trojaner/Virus Upload ist erfolgt.
__________________Nun nichts mehr oder kommt noch was? (Will nicht unhöflich wirken :P) Und ich habe eher zu danken. |
10.02.2012, 19:44 | #4 |
/// Malware-holic | 50 Euro Trojaner/Virus hi, bis wir fertig sind, nur auf den von mir genannten pages arbeiten. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.02.2012, 20:44 | #5 |
| 50 Euro Trojaner/Virus Abgeschlossen. |
10.02.2012, 20:59 | #6 |
/// Malware-holic | 50 Euro Trojaner/Virus start programme zubehör editor reinkopieren: *** durch nutzernamen ersetzen. Killall:: folder:: C:\Users\***\AppData\Roaming\Ozav C:\Users\***\AppData\Roaming\Fyazisq datei speichern unter, ort, dort wo sich combofix.exe befindet, dateityp alle, name cfscript.txt ziehe cfscript auf combofix, programm startet, log posten
__________________ --> 50 Euro Trojaner/Virus |
10.02.2012, 21:27 | #7 |
| 50 Euro Trojaner/Virus Abgeschlossen. Ich dachte mir schon, dass es mit den 2 Ordnern zu tun hat. Ich dachte eher nur einen von beiden, aber gut, jetzt weiß ich dass es die 2 waren. |
10.02.2012, 21:39 | #8 |
/// Malware-holic | 50 Euro Trojaner/Virus es hat dir grad C:\Program Files (x86)\lol\League of Legends deinstaliert (nicht geplant) du müsstest das evtl. nach instalieren. sorry. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.02.2012, 00:18 | #9 |
| 50 Euro Trojaner/Virus Abgeschlossen. Und ja, dass macht ja nichts, besser das "kleine", als eine ganze formatierung. :P Geändert von Neverworld (11.02.2012 um 00:34 Uhr) |
11.02.2012, 11:15 | #10 |
/// Malware-holic | 50 Euro Trojaner/Virus C:\Users\***\AppData\Roaming\Fyazisq\hovyahb.exe sieht nach zbot trojaner aus. machst du mit dem pc onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.02.2012, 11:27 | #11 |
| 50 Euro Trojaner/Virus Eigentlich nicht. |
11.02.2012, 11:46 | #12 |
/// Malware-holic | 50 Euro Trojaner/Virus na entweder man machts oder nicht, was heißt da eigendlich :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.02.2012, 12:04 | #13 |
| 50 Euro Trojaner/Virus Na ich benutze es nicht dafür, aber wenn man mal unabsichtlich auf Seiten stoßen kann, wo man sich sowas einfangen kann, kann ich es ja nicht abstreiten. :P |
11.02.2012, 16:13 | #14 |
/// Malware-holic | 50 Euro Trojaner/Virus verstehe ich jetzt nicht, den trojaner fängt man sich ja nicht auf bank seiten ein, er stiehlt sensible daten, die zb das onlinebanking betreffen. also du machst kein onlinebanking einkäufe, sonstige zahlungsabwicklungen etc? dann weiter hiermit: lade den CCleaner standard: CCleaner Download - CCleaner 3.15.1643 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.02.2012, 16:54 | #15 |
| 50 Euro Trojaner/Virus Hab mich falsch geäußert. Mit "eigentlich nicht" wollte ich die unwahrscheinlich geringe Wahrscheinlichkeit äußern, je überhaupt solch Informationen im Internet preisgegeben zu haben. (Bin mir relativ sicher, und selbst wenn, ja, müsste man die jeweiligen Informationen schnellsten abändern etc.) Langer scan, kurzer Bericht. Alles nötig, bis auf etwa 3-4 unnötig (Unnötig will heißen, drauf könnte ich verzichten). Nichts unbekanntes, dementsprechend keine Infektion dargestellt. |
Themen zu 50 Euro Trojaner/Virus |
0x00000001, 64-bit, 7-zip, alten, alternate, avira, benutzerprofil, betriebsystem, call of duty, eingefangen, erhalte, erstellt, euro, excel.exe, feedback, free download, funktioniert, gen, guten, identifizieren, install.exe, intranet, jdownloader, laptop, microsoft office word, neue, neuem, neuen, nichts, office 2007, paypal, plug-in, prozess, robot, schnelle, schnelle hilfe, sperrt, spyware, studio, task-manager, trojaner/virus, versuche, virus/trojaner, visual studio, windows, wirklich |