|
Plagegeister aller Art und deren Bekämpfung: Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.05.2012, 14:50 | #1 |
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. Hallo, Vor einigen Wochen hatte ich eine Infizierung des Bundestrojaners, welche ich mit dem Malwarebytes Anti Malware bekämpft habe. Nach einer Überprüfung wurden einige Dateien gefunden, die ich gelöscht habe und im Anschluss das System wieder "einigermaßen" gefunzt hat. Allerdings vermute ich, das nicht alle Dateien verschwunden sind. Der Rechner ist nach der Infizierung recht langsam geworden, der Start dauert ewig, die Symbole ploppen erst nach einiger Zeit auf, das System rattert wie bekloppt und kurz nach dem Start verändert sich die Helligkeit meines PC's ( Nvidea Treiber weg ) ins Dunklere. Ab und zu verschwindet auch mal mein Lautstärke-Symbol. Ich habe mich in dem Forum umgesehen und schon einiges Lesen können, habe nun Malwarebytes nochmal gestartet und es läuft nun gerade im vollständigen Modus erneut durch. Bisher wurden 3 infizierte Dateien gefunden. Vermutet ihr, dass noch was drauf ist ? Wenn nicht, warum dauert dann der Start so ewig, die Symbole tauchen lange nicht auf, der Rechner rattert, der Bildschirm wird dunkler ( laut eines Fachmannes ist mein Nvidea Treiber verschwunden ) und das Lautstärke-Symbol taucht nicht auf ? Besten Dank für potenzielle Hilfe Geändert von Valorhor (16.05.2012 um 15:11 Uhr) |
16.05.2012, 15:36 | #2 |
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. Hi,
__________________Bitte das Log von MAM posten und: OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
16.05.2012, 19:45 | #3 | |
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. Habs durchlaufen lassen, dies ist die Meldung unten. Eben entfernt, und nun Rechner neustarten Danach lasse ich das andere Programm von dir durchlaufen.
__________________Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.05.2012 21:10:05 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Christian G\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,61% Memory free 8,90 Gb Paging File | 7,77 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): c:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 93,97 Gb Free Space | 20,18% Space Free | Partition Type: NTFS Drive D: | 1,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HAPPYHIPPO | User Name: Christian G | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian G\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Fraps\fraps.exe (Beepa P/L) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Program DJ\Wow Video&Audio\WVAMain.exe () PRC - C:\Programme\Program DJ\Dualview Server\dualviewsvc.exe () PRC - C:\Programme\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Program DJ\Smart Watchdog\SWDsvc.exe () PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Program DJ\Wow Video&Audio\WVAMain.exe () MOD - C:\Windows\System32\RTCOM\RTCOMDLL.dll () MOD - C:\Windows\System32\EMSC.DLL () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (DualView Server) -- C:\Program Files\Program DJ\Dualview Server\dualviewsvc.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Smart Watchdog) -- C:\Program Files\Program DJ\Smart Watchdog\SWDsvc.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (DualViewFilter) -- C:\Windows\System32\drivers\DualviewFilter.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (EMSC) -- C:\Windows\System32\drivers\EMSC.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{A6FB7660-C9E7-459B-A898-87DFA9C70DB3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=b4b390a4-be72-477c-b086-086a2a733137&apn_sauid=4BF6D869-5B2E-4156-A82B-DD6503F7DCD3& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian G\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 12:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.21 13:52:28 | 000,000,000 | ---D | M] [2010.07.27 13:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian G\AppData\Roaming\mozilla\Extensions [2010.07.27 13:34:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian G\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.12 09:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian G\AppData\Roaming\mozilla\Firefox\Profiles\b9k5246s.default\extensions [2010.04.28 05:04:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian G\AppData\Roaming\mozilla\Firefox\Profiles\b9k5246s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.02 10:25:29 | 000,002,402 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\askcom.xml [2010.02.01 19:53:09 | 000,002,280 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\google-und-download-suche.xml [2012.05.10 17:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-1.xml [2011.04.30 13:31:40 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-10.xml [2011.06.30 15:02:36 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-11.xml [2011.08.20 08:40:30 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-12.xml [2011.09.18 08:28:27 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-13.xml [2011.09.28 07:59:15 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-14.xml [2011.10.02 10:24:39 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-15.xml [2010.09.09 06:53:34 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-2.xml [2010.09.09 15:31:48 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-3.xml [2010.10.21 06:47:35 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-4.xml [2010.10.28 20:28:47 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-5.xml [2010.12.11 11:29:24 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-6.xml [2011.03.06 01:56:41 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-7.xml [2011.03.07 17:41:09 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-8.xml [2011.03.24 01:35:57 | 000,000,950 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin-9.xml [2010.07.24 11:15:13 | 000,001,056 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\icqplugin.xml [2011.12.08 12:45:11 | 000,003,915 | ---- | M] () -- C:\Users\Christian G\AppData\Roaming\Mozilla\Firefox\Profiles\b9k5246s.default\searchplugins\sweetim.xml [2012.04.19 10:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.12 09:40:10 | 000,523,864 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.01.12 11:18:32 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.01.25 18:31:54 | 000,018,684 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2011.12.08 13:09:23 | 000,004,543 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9K5246S.DEFAULT\EXTENSIONS\SUPPORT@FREE-HIDEIP.COM.XPI [2012.04.27 12:58:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.16 10:39:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2012.02.14 21:18:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 21:18:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.14 21:18:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 21:18:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 21:18:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 21:18:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WLSS] C:\Programme\Program DJ\Wireless Switch\wlss.exe (Compal Electronics, Inc.) O4 - HKLM..\Run: [Wow Video&Audio] C:\Programme\Program DJ\Wow Video&Audio\WVAMain.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05B9A53C-EB81-4210-88B0-CD0D780CEF45}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC9B2C5-F1E1-4852-9AF5-DE324E46C8CF}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Christian G\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian G\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6eb31f9e-a372-11df-83b6-001eec51099d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DACKSON-PC.vbs O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.14 21:37:56 | 000,000,000 | ---D | C] -- C:\Users\Christian G\AppData\Roaming\Fatshark [2012.05.12 06:28:46 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.05.12 06:28:46 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.05.12 06:28:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.05.12 06:28:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.05.12 06:28:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.05.12 06:28:37 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.05.12 06:28:37 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.05.12 06:28:37 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.05.03 23:16:36 | 000,000,000 | ---D | C] -- C:\Users\Christian G\Desktop\Texture Gothic [2012.04.27 21:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.04.27 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.04.27 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\Christian G\AppData\Local\LogMeIn Hamachi [2012.04.27 12:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.04.27 12:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.20 19:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.16 20:57:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.16 20:50:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.16 20:49:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.16 20:49:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.16 20:49:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.16 20:45:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.16 14:47:29 | 000,686,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.16 14:47:29 | 000,645,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.16 14:47:29 | 000,151,898 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.16 14:47:29 | 000,124,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.15 09:58:41 | 000,036,168 | ---- | M] () -- C:\Users\Christian G\Desktop\Zeug.rtf [2012.05.14 11:13:21 | 000,412,278 | ---- | M] () -- C:\Users\Christian G\Desktop\Rechnung.odt [2012.05.14 10:34:00 | 000,402,100 | ---- | M] () -- C:\Users\Christian G\Desktop\briefpapier.odt [2012.05.13 03:43:15 | 000,398,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.08 18:36:46 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.05.08 18:36:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.05.08 11:26:01 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.08 11:26:01 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.05.02 10:55:16 | 000,210,944 | ---- | M] () -- C:\Users\Christian G\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.20 19:45:59 | 000,001,263 | ---- | M] () -- C:\Users\Christian G\Desktop\Gothic Multiplayer.lnk [2012.04.17 16:30:01 | 000,016,930 | ---- | M] () -- C:\Program1.RPT [2012.04.17 15:07:50 | 000,008,192 | ---- | M] () -- C:\Windows\d3dx.dat [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.14 10:09:46 | 000,402,100 | ---- | C] () -- C:\Users\Christian G\Desktop\briefpapier.odt [2012.05.12 00:09:05 | 000,398,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.20 19:45:59 | 000,001,263 | ---- | C] () -- C:\Users\Christian G\Desktop\Gothic Multiplayer.lnk [2012.04.17 16:30:00 | 000,016,930 | ---- | C] () -- C:\Program1.RPT [2012.02.14 13:29:30 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E} [2012.02.14 13:29:30 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2012.02.02 03:09:41 | 000,000,618 | ---- | C] () -- C:\Windows\eReg.dat [2011.10.21 21:15:59 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.10.14 19:06:30 | 000,141,200 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.10.14 19:06:14 | 000,281,656 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.09.30 18:56:38 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT [2011.09.18 16:21:33 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.05.07 18:07:55 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2011.05.07 10:44:03 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.12.10 14:25:07 | 000,007,878 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.bk! [2010.12.10 14:24:37 | 000,007,849 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.bko [2010.12.09 23:40:03 | 000,007,855 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.bak [2010.12.09 23:35:56 | 000,007,912 | ---- | C] () -- C:\Users\Christian G\AppData\Roaming\PStrip.ini [2010.12.09 23:27:11 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.18 17:00:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.07.29 14:41:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.07.29 14:41:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.07.29 14:41:53 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.07.29 14:41:53 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.07.29 14:41:53 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.07.27 13:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.22 17:10:04 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2010.06.16 03:46:21 | 002,419,568 | ---- | C] () -- C:\Windows\System32\pbsvc_apb.exe < End of report > |
16.05.2012, 20:24 | #4 |
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. Die nächste: Text OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.05.2012 21:10:05 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Christian G\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,61% Memory free 8,90 Gb Paging File | 7,77 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): c:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 93,97 Gb Free Space | 20,18% Space Free | Partition Type: NTFS Drive D: | 1,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HAPPYHIPPO | User Name: Christian G | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{077D3024-BD8B-4BEE-A918-73CEC7FBCDE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1EF71FDC-E2D1-402E-A66F-E95CD687EB2C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{21D0A53B-1F1A-463D-B3E4-BC3B4A58625D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3580061C-1822-47D9-80D1-AEBD8B049EA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{3B2FF68A-45FF-49A2-8FEB-30DCB3E17B4B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3E1496B0-7A50-405D-882B-6ED30185D3DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6583C29D-4679-4473-BC08-245D8CB30DF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{668B96B5-2734-4FF4-90F8-C50519693BED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6F3704D1-3E9C-41DB-9902-B557801C9D86}" = rport=10243 | protocol=6 | dir=out | app=system | "{6FD3563E-3E33-4786-919E-85FE2A9B88A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{71025202-1E40-4A6A-9D4B-472310F3999D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{86C1BDB4-4C02-4B21-84FB-AA37DBEED98A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{88431A45-565A-4823-B983-89D14BA73252}" = lport=2869 | protocol=6 | dir=in | app=system | "{8D92DFF4-1E1C-453F-99CD-43182A7FEF75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{97CA1B20-4897-4243-B35D-83336C77DE7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DABDEBF-0724-4016-AC5B-396C63CC433C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EFC6A9F7-98F2-4D80-BA1D-B6309EB21A4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F3489AAF-92B9-412A-81BD-09476E5CFA5F}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006794F6-2D3E-4047-BCC6-61A37BF04758}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00AB2E3F-8C30-4414-951A-600EE03B5A18}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{00C40F17-B7BE-4B5A-96EF-183F0442C352}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{00CD0BCB-24C5-4D7F-AB32-ECBFBE8811C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00E17063-8D67-4C5C-A535-30267E4B37AB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | "{00EE1CF0-5755-4312-A489-E0EEE2DFACE9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{025ECB20-E1AA-4EA6-8E57-4273BB1E1ED3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{03067C15-44A1-4457-9FE3-CD8A765B8B75}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | "{036AFE62-B8B5-489C-A430-802F96C05FB3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | "{0445B191-DE44-4329-9162-CFE7A5932757}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{046BB959-80D3-40C2-9778-ACCD2303864A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{047913D8-9F22-4B1B-9600-683CD143D396}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{04D0839D-97A2-4CA5-8025-A2913E7BB738}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0687D4B8-1BE5-451B-AC0E-1F3F09A4CA2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0A7548C2-F3D8-40D2-BB2E-E75529758FD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0C2B6665-8DF8-4194-9EAF-805AF857265B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D477996-BF94-4E24-A35B-3DB414766C84}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe | "{0D77C8C4-BE50-4A00-AF84-8F08F9B8EE78}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0DEDB37D-B215-47A1-A431-9F29416F9BD0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{0E2022C2-357E-4469-87B9-163879A1A9D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0E2DF8BB-3512-42E3-AA8C-8339EF80BB30}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0E2E9057-57CA-4B87-8E66-511B6C088C54}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{11B15477-E0C6-4A0E-A716-DFCC6BB50A16}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{11EC7E90-352A-46DA-8894-BC1E3DA4A542}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | "{11F0F0B6-6006-47BE-AA7B-EFFDE2A077E4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{133D0944-18B2-4994-852F-EA302C06DA4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{140CC231-FFBA-4FF9-86F3-E015FE09888D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{151E2905-DE73-4024-8AF5-FF17A19A1539}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{1589EB43-B7D4-4737-AE13-65ABAED82FFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{15ECBB16-BFE7-4540-A558-02A8941E145E}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe | "{173D1F92-94B0-4F42-B8CE-533AD6279DD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{18EBD3EA-171F-4E47-822B-F40BB2D2F3C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{195BE01C-E642-4B0B-9E42-52CEC86B841D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{19F1625C-1F3A-4DF5-A8D8-F04B29CD84EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1A0CBEFD-F83A-47BB-996C-1B51D4A2117C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1A18F083-794D-481A-B682-5CA67EC0DDC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1B963133-84BC-4FA4-A266-EB5C5F51E4C7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | "{1BF8387C-F68A-4389-85D3-AF78AA804E65}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1E663C36-49FD-46A9-8DCF-697DC04F3D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1E6D8523-930C-4F26-9259-8E934D275F17}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1E85D895-056F-4AA2-9438-00A43876A706}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{204F3610-38B4-4C16-BDBB-5B92FF79DB75}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | "{21230A7A-6D0D-41E5-935B-6A217E4420DD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{24035050-E1AB-4543-8290-10804628F853}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{24CC5D02-BBE2-4D22-BC59-052ADE80F02B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{25C38929-7B7C-4504-BF0C-5FDB9C4F5AB3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | "{261242EC-9471-42D9-8195-A22B5829283C}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe | "{264C1A83-2436-48CB-8F44-42589F82780A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{26D66945-6AD1-4CB6-93B7-FB92AD96FBC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2753D907-2843-438C-92AA-C23A2F5EC9B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{27636AB4-8096-411C-9FB2-65E82451C251}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{279C2B13-7846-4DF0-AF37-3F8F73CB98A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{284683F4-D8BC-4E9D-90F6-E94CD4AA67CA}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | "{28BD2DD8-E376-4A3E-AEF7-0DE754565301}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A1DDB5D-B014-4626-8A2C-FB9053BFEFAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2AB8DB28-E9BE-491F-9470-EB326BFDF682}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{2D6EDE2B-6792-4A9B-A715-3D4B4D693D24}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2DFEB68A-AEC3-4BDC-99A1-B7AE0EA3E9A9}" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "{2E657F4D-8EB5-4375-A5B0-41133526C837}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{308905B1-90D3-4169-9D2B-54A2FB8EB89F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | "{331EEC89-E9F5-4AAB-ACC3-E015EF248B86}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{347966A7-D83B-47C8-9482-3382E9379640}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{34ACFD98-9EFB-4168-B04D-8D2ABDAD8576}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | "{34F61841-608F-47D7-AF1C-4F998A222D2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{35402BBC-4495-4E3E-8A2D-35285DDD58D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3543FBE6-006A-405C-86A5-14A3E47CC567}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3618A09A-FADB-454B-9402-976318A82E1A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | "{36480B1B-1825-498D-B4E5-4C71C369EE49}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3693206C-3727-4912-955B-F070868890F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{36C8F3C9-920C-4C0F-94A6-681AFCFF3A34}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{3702F82D-DE96-4FFA-9D0D-75ACC0C907DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{38AACCA7-5360-4CCF-8380-777AF3E84B1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{399DCAEA-B16C-4A69-B8C5-BC01C765DAC7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | "{3AEF2441-3A49-4EAF-9052-6CC89956C548}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3D493DD2-333C-4A1F-944D-41E04A928FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E914080-B1A1-43AA-8C9E-7F11C9DD5CFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E9A4BFA-2B0A-43CA-A346-E4E809B22314}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{3E9E91FA-777C-4719-8D94-3234511EA1B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{406031D7-E817-4862-8D4E-B9B3BD3B312D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{406ABE56-23F2-4BC2-9B97-2CFBC5A36052}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | "{427D0D5E-ABA2-4928-9F0B-841F32A1EB77}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{432E79F5-B866-45A5-A012-1CB3A316518C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{43428F9A-2612-4082-BC95-60B059D80BCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{435B1246-3D2C-470C-A299-4C4ACFDD82C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{45C2C6DD-635D-40EE-B89C-5B829C3DCB9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{45F8F598-0DE0-4D31-9D7E-26B05A42C855}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47E4BB7F-A7D4-4385-B688-5B4C7AF08A6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47E9CDBA-E899-449B-BB5D-A631742E856E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{486D9086-B49E-4128-AFAB-56387AF4FDE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4995BB4A-C03E-45F2-93E9-87AF7975A6C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | "{4AFCAA4B-4D1F-4B7F-9067-1F0D6372D8AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4B2B1E63-AEBD-4B0C-8634-525CB90AA544}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4B2FD466-6718-4E74-8904-B27C144FE13B}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe | "{4DA7B4A8-012D-48AF-992A-74D291A266BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{4EDBB4B5-E211-47A8-BF4D-0C7DB1B30D9D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{50CB1663-F271-473F-B9B5-D04B8D3E4F38}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_cli.exe | "{527807EB-26F3-439F-8140-4641565CA277}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{52AD5631-F083-4742-9BFA-D9D57C248126}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{52CD550D-B6BA-4811-905D-7C1C21979EB0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53B66441-C20B-410B-A99C-C6D58862E13D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53D3AFC5-297A-44A5-8405-751F4DC5483F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{564542B8-EB3D-4518-BF20-47DF8F15B34A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{57C72641-CD90-4F28-A084-465276F9FB60}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{57F7B0CD-93BD-4B8C-BBDD-7FEA76C25307}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{58932836-7C38-4792-AEEB-B87EDB253DBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58CFE361-797F-4D77-9A68-D67AE56262DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{599C4870-ABD3-48A3-9B6F-40BCAC8FE2C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{59B276CB-893B-4A4D-BE99-4592564D4FB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5A1B2CBE-6855-4C57-88FC-BD85B98BD32D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A39F4A2-893F-49A0-BA57-2AD45E6E6061}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5A503B46-DF19-400D-9262-B6A0B8569943}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5AFB4E9F-EAC0-46F8-8C29-421260031F09}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B04EA70-6CCF-4E03-BB23-C58F40B7E40E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B46B5AF-1BA9-41D2-B24B-F4B21E015EB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C76A0D4-9835-4EBF-8702-B169BF75C412}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | "{5CF2BDBD-C463-4AA8-82FE-BBC6E8186A05}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5D867208-1E5E-426B-A904-F2D570F7D10F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | "{61093528-1E15-473B-835E-4FE329C07E3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{61EAFF87-483D-49C4-9502-71A9D5938981}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | "{62A083D3-A8EA-4CFF-A76D-BAC0388FE9FB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator dedicated server\avp_cli.exe | "{63B7322A-BB9E-4945-91CD-04CA3657A347}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{65C70070-0CB5-4FA5-B5F4-DE95BDE56081}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | "{662A8BFD-449D-415B-BA03-1321B6329D51}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{67827B29-C9A2-44CF-A498-4D6D222D05F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{678570CB-A327-4FE2-A903-9A2D4CD62E47}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{678C22CA-F822-4924-B490-C11DFA644579}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67CAA9CF-7BF2-480D-8226-2DDCF8F2F2A5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\gothic ii\system\gothic2.exe | "{696156B5-1982-4529-9CFB-DEEB26436DCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{697CD3FD-7342-49AC-8407-ED42CB39E118}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6A49F3A9-2DAB-4FBE-B9CD-8EB4A054F162}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6A666F53-7537-460C-A037-DBD97F76AA6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6AABF9BC-F3B0-4C0F-964D-2A0E1E8585AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6BA3597E-7812-46E3-915F-E02577955055}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6C4D6DFC-0D65-4970-A1F2-D097F7C81578}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | "{6CFDA308-EB5D-4648-8AAD-33E608BC38A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6EAE9F79-1F6E-40E9-8714-D717A3CCFB31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | "{6F76C1FA-E21B-460E-8CF4-98AA5F8B7A19}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{70C99101-6149-4FB5-9520-FA5F3BA8C3DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | "{71DFFE91-CF86-4767-BC1B-6C57F6593583}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{72B4DF46-AABF-4FE4-9F45-2E32351BF7D2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\gothic ii\system\gothic2.exe | "{72C1288F-E0BE-4AC6-843E-8CB23A79D98C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe | "{73E0EE2C-4010-4187-8DC6-FC729EBE363F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{775E935C-6B89-498C-AE36-DD14ECFA4DF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7780F2F8-66D9-4655-A013-187BD673EB45}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | "{778D054F-B6B4-45BF-9B72-AA4C7012EF71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{77F3E27F-0B8A-4BE8-9C79-FF8021E59CBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{784E827E-5D19-4705-BCA8-A0E018EC7483}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{78C57D16-8DF2-4478-ACC4-27E544C06EBE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{79EDBF6C-DECB-498A-AE21-981AACAF9DEB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{7B303661-DDD7-4FD5-BBE6-F95268A2C473}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{7B8D457E-CBB8-4B56-AE10-C5A68711C02C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | "{7BAC1DEC-798C-4031-9210-4607D2A3C325}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{7BB2E7CD-77FC-4363-8B61-ED5A9A1DB3E7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7BBB814D-CCE5-4AE4-9CFD-92B0FE33AA2F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{7CAEB7F6-D07E-4156-9365-ACBCD2AC69F0}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe | "{7D3259CB-5365-4246-9779-F48EB330D637}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7DB30B17-FDC6-4EC2-BA1B-24CFDB2BF23B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7DEF5651-1357-45C3-AAEE-922913117322}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7EAF9F69-2723-443D-A71A-A1D5D88D5C79}" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "{7EF45BEC-266F-400C-BBE3-D8A62A7185B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7FA6BA62-E3AA-4926-BC4B-F7960DC207DF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\game_launcher.exe | "{7FB37226-F3D1-4DB7-86A0-D8F378BFFC22}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{7FDFDEFD-F97F-4C47-B6CA-5952C5E33D19}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8074E807-D788-4EE2-B253-311F601F9D77}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{81205A78-A0C8-4960-B87B-BDC4B2013E30}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{819C6A74-F89C-4562-83B4-7BB9C1E33F3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{820FB505-8E49-485B-9AB9-B8197FAE2BA9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | "{826FD435-067C-4A6F-99B8-5BFE0A3B0598}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{829C542E-374E-4F1D-99A0-FCA930C6A601}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{83B2CEAE-3EB1-4B3F-9589-B261953007D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{841D0E44-346C-48A2-ADD8-0705CFCE0E62}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{845B3B00-B0B5-4843-B421-44965DFB1AB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8463A3C3-D71D-480F-A9E3-C5B0A20F169F}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | "{84DDDCD8-6831-4C78-8BD9-53D9182F04CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8680AA13-3C1F-4C7C-92A0-D286F6F67549}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{86A3DFA8-9F2A-401F-9E8A-F17C8BDAD5C6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | "{88B84AF7-912F-4407-965A-A4A8C503AAC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8AB04A72-2AEB-494F-B344-C932036BBDCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8B5B2DD1-8BC7-4A09-9764-6536E783910B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | "{8BACF037-C377-44E3-BE9A-4187C6A508F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8BC8CD36-F5C7-42CD-A555-C8614688972E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C67E579-C935-42ED-AA1F-46BE6A6DAD1A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | "{8CB29C98-65FF-4012-9B2C-AE9EDE62C09D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8E01E8A3-F50E-4225-8561-1B1563416F5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\synergy\hl2.exe | "{8E4991A0-F3A9-4560-85B0-9607134CCCD6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | "{8F1C3FA1-0CDB-4E75-84AC-ED21FDB0A4D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | "{9080CC96-9497-47DF-A675-F95E023A077F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe | "{91C52702-09CF-471A-82E4-0D4A25958920}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | "{91F5D390-0DF4-48B4-BE4E-2E19E819240F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | "{935B6394-1A7A-432A-B2D3-91EA95EA565C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{94B496D4-3CDE-44B9-BAD0-4D5ABF438A7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{951A3CC5-AA83-456D-BB7B-916BCF9BF585}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{954C3DDB-A794-49BC-8912-0195885C181C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | "{954DF2D4-4CE5-472C-BD40-271A78EE99BA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{95934B0E-94EE-44AE-AC0F-2C1229A157FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{95BA36DD-3D78-46DA-B518-7856D995E19B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{96BB5CF4-D6D4-4642-B112-921CB37AB51D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magicka\magicka.exe | "{96C0705D-BF08-4C65-A59A-DC4C4BCE0136}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9879A369-41DA-4F3A-94A4-354C66AB1F7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{98ED64B4-CECB-4FB7-B0D3-D1B33E7C7B84}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | "{99861912-C57D-41FE-B7AE-9FC37CC1399E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.exe | "{9A1B7D26-294A-4702-BF2A-1C97EB50C6A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9A560AFF-9029-4B6A-A43A-B3B456B32D8D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator dedicated server\avp_cli.exe | "{9A77FDD6-EF2E-4D94-8BEA-EA3FA9CF1C1B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B8C5FB0-0349-4905-BBC9-5DA1BF160C90}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe | "{9C09EFE8-93A4-4FEB-90B0-C4E719D2B294}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9C20FEC4-281D-4753-BAA9-3C3B64C3D46D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | "{9CA65D13-02EA-47A7-8889-EBFE4E3DA696}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9D9831C7-AE20-4781-8380-9ABEF4D98654}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9DF87EB3-0126-4EE9-9AA9-CD048DB0EC07}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9E637623-7BF7-416E-9CAB-734EA2918299}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\counter-strike source\hl2.exe | "{9F29756B-6D3D-4896-988E-E115321B0DD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F988D44-D6DE-4099-9CDF-7F86DAB620A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A0E08057-9F92-44A2-9D7B-598BC79508D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A13FD6FE-68D1-4340-AD8C-6DF8DA94A75E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{A1856ADE-D768-4C15-9B04-0C7B08C9A703}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A226FAAC-C3F0-4D7F-A2CC-279373F42D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A4AC5A05-5323-46A3-BC03-6D77A5D5A854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | "{A54195CD-3741-4835-AD53-EAE7F590E99C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A8E6332C-7A8A-4100-9768-9362AB61FE29}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{AA376B37-5606-4735-AE37-6000159771B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{AB390DF9-1EAF-47B5-A18F-50783F05E8AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AC4931B8-2E60-4673-9620-8362D2741DD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ACA32BD6-AA7A-42C0-83D8-E1E99936526D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands\binaries\borderlands.exe | "{ACB10C2B-BBD4-44EF-82DF-C35650152E3A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ADBEA4D2-C655-47FA-B68A-98672EDDE2F8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{AE035E1C-8766-4070-941D-C028FD809CDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE1848C6-328A-49DD-9C5D-17A227B3547A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE6A310F-9D61-4141-97D5-E663486B0D6F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{AECEF511-D055-454F-B837-63E47B587D60}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{AF457B3A-FE85-427E-9B4E-660801E90C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AFC667BC-6CDD-4B16-99B9-BC4B937FCB5A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{AFD4B6EC-7084-4BE5-A890-1DA08050B0BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B04C8748-DC70-42E7-B160-8391F2D77E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B0536C0B-EADD-494A-A5BE-2365C77B5059}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe | "{B07B4E59-A7D7-4ADF-965D-F990E424487A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B0F9B227-EA25-4B7D-A37B-899184990DA0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | "{B2006E5C-6B20-48EE-8A5C-59C15145DBF3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | "{B2576098-FAD7-4C3D-987F-03E349FC5C2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B2938EC6-891A-451A-9607-FAC9B40F78D6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{B2E1BE56-8907-4F34-AC8C-6AE7489AA038}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B34841C1-D8E7-4283-BA90-749F1A8AA643}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | "{B36F1B12-BFB0-4DC0-AEC5-68C0888678D6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{B574A815-5C9F-46E5-ADD9-6CBF1FC17995}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B862B4A9-F51B-4B91-9955-6571AB53E2CC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | "{B97EB916-2127-4B9E-BEAB-03DA6901EA85}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe | "{BA2B209F-E90F-4582-AAD2-A7C21A9421CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BB0079A1-E425-4BB0-8179-249EE16E34CC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{BB714550-9782-471B-BAA4-0C9D51D549DB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{BBB5840C-2FE4-4659-992B-184F28A7CF64}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BC542CF9-3C03-4401-A12B-7DF97F8FAB93}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | "{BD396616-6C5F-49C9-9920-9EB9E3B19444}" = protocol=6 | dir=out | app=system | "{BD871983-1027-4280-9F2F-2A874E286D7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BE4A64D6-7340-4DB6-BDC4-EA9D91F9FD6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe | "{C034B9A7-6B16-4E3D-A6A4-74660D208289}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{C04AD4B7-03D5-4EAA-88BF-F2E0CAB24411}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0A92A0D-D94A-411A-B51E-6FEF5EC89AE7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0F11606-9CCF-4FAB-9575-FC0B9DC19854}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_cli.exe | "{C1183E84-5D94-4F1F-AC62-B7713443F81B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C134DE8C-6107-46AC-A837-ADCF48292565}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{C31AB49D-AD69-4C85-AED1-E5BD4B848076}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C5135B17-15C2-49EC-9CC3-0892A9394B0B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{C5AA46B3-1A5D-4845-9F43-18630B5B7A79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{C719F299-04B3-4917-A05C-D99A1CBC862E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7A3724E-EC2D-4916-9969-489FC3E25078}" = dir=in | app=c:\program files\itunes\itunes.exe | "{C7D68507-CA95-434A-A365-8AF85CF96392}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8932AFE-3825-4BA7-BBCE-BE39EB0C2DA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8B67FE1-ADAF-47D2-8808-A84A8F0F9A6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C8F0FFA5-8C4F-4B54-97CF-3BB61E0E3145}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{C9CC386F-18B3-4752-8B6D-F9455B5510AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CA4030BA-8041-433B-9ED1-BDD8D4419D45}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CB8A66DD-1EA9-4F14-8B3B-688EE435C430}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird.exe | "{CD486999-3879-4476-9D20-245D35A0D75D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{CD72FD19-0E9D-4079-8044-F36B30EDEC96}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CDA61BFA-0298-4F68-A8FB-1D42623389B9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{CE1F48C5-AFFD-41A3-83D9-319F7B2D3819}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CE671F8B-F903-470C-A74D-39FF8034DE9D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{CF5FCE2B-A422-495D-91DF-1613D0F1A110}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{D078E285-3052-41A6-91B4-D059CBDDE48D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D0F07080-8FDC-4237-AFD5-A7AC0CA44FEE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D123E683-F6D5-486E-A4EF-6956BCC765C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D158C10B-FA2B-46D4-8A3D-ADD36FF17511}" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "{D20C6E8F-59E9-4175-B7B3-4CE4E34DF7D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D3231086-95EF-4D94-98B5-121C206715FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D39DBADD-BB64-4168-9C2D-16A0E3C3E857}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{D3AD8F17-C4DF-4CC3-A2B5-C7E8B6C3B856}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{D48AA0DF-43BA-496E-98AC-A203EBAC8482}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D53AE6A4-D18A-4880-88B1-8F159A142772}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{D5584153-8613-45DD-A160-E88990483AB2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{D6DA3F43-8E4B-482E-872E-61D6DB2EF031}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | "{D74D67FA-8B64-41CE-BD5C-4BACD1F0D8C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D76D9E02-BA72-4093-B3B9-7A9999C8F015}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D79B204C-3165-4985-B1FD-903008AB4185}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D82695BB-4FD2-4BE5-913A-ACEF53C1B759}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DB03DE81-2211-44D3-A0F1-AE89E98F2AD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DB90AE85-9C1B-4807-A981-0DDC6FC88951}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DBC66D19-ABED-4ACB-AD82-3CA075BD0072}" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "{DC23A439-314B-4388-8E78-4CA7AE746F32}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | "{DCA3A953-7C4B-45DF-B6C7-F7A426AC9579}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCDACBED-8223-430C-9B8A-89BF87F3B0B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DCEF33AD-4A98-42B3-8328-269CEF135004}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DECDBF7F-2279-4578-9246-BA3C0C95802A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | "{DED046AD-3316-42D1-B2F4-8A661C92AAE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E162954E-8A80-42B3-BBBC-D2E7FCF71F95}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe | "{E163F738-333D-41C8-9256-5049E90485F2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | "{E2A9EA98-8A8E-4C10-ABF9-F10480966C64}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E3661393-76B8-47EE-8582-8D6C34D90D0D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{E396FA2A-B0C8-41B5-B2CD-16A5ADD174C6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{E408021D-76E3-4BAC-A5A5-C04605B4DA22}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E4C5C9D1-124D-49D7-9385-2F1F37BF5D83}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5640F5D-0CD6-472B-B3F8-462D204D9688}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{E652FA33-AC8A-42C1-8BF6-C89B7920772A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | "{E780869B-90EF-40AE-8426-8BE2F4EB0D31}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{E893FB4C-582D-4E58-86A9-F8E622D13502}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E89D801A-BA5A-45CD-B054-69AA1D596AE7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{E91D03EF-359E-4EBF-AAAF-018C75E4D08E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9B68EFD-96F2-42E1-9481-08E00941EDEC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{ECBC1C9B-0DE6-460D-8D90-0D53C3ABEE13}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECC8C43F-8C81-495D-86A2-856B1EED7012}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED08EC86-2549-43B9-A14F-CC6606D7BDA0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{F0BE7E6B-97AD-46C5-8B73-F1C90A2EC7F6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | "{F167FC80-033E-44F8-B97A-12EB95CE2413}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\synergy\hl2.exe | "{F1E76671-1BED-40EC-B6D1-6C5F4D24B235}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F21C2341-5D37-45A0-83B1-8665C124D533}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F36C8316-EA2C-412E-A9A9-7447F1CA4F44}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{F420DC9C-236B-454C-9311-628164E538A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F52632C7-AA3C-4271-B1A0-D7DB18CCC5E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F54F6DF7-967C-480F-B558-AE49E37EFFEE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\run_game.exe | "{F5652082-24AF-497C-9EC8-B5665EF6256A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\srcds.exe | "{F612C9CB-F06C-4957-B915-02764058795A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F61FE438-80CD-4F53-9E93-5E36D76CD25C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F661EA46-F995-4B04-8747-067BF68159B9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe | "{F7D05081-CF0B-45F7-9017-A1AAF7B0F341}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8908293-1D32-4ADA-85A3-95370D65757B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FAC1C891-2463-4ABA-94A4-3A4631EC896E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FAF32A31-878B-46A1-988F-DB978A6C3C87}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FD898FC9-D8E2-428F-8CF5-228210C510BB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{FD96885F-6DA4-4140-8940-16803C123C9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{FE1E961B-22F0-4831-A4B4-2835F5394622}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\conviction_game.exe | "{FE4C4106-E7A1-4C89-87DC-3DD31C1C152C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | "{FF62CAF2-72E7-41D4-8777-C0F7982C798B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FF8821BB-0DCA-4EF3-B765-132FFA84E488}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FFCC274E-CF08-40EE-96A2-CAC20A96B5CC}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | "TCP Query User{0900CFAA-E5D2-4DEB-94E8-089ED4CAF5DF}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | "TCP Query User{10F8A127-F843-4E72-8015-E696026F8F6A}C:\program files\steam\steamapps\common\cloudberry test\krater.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\krater.exe | "TCP Query User{26D89B95-A4EB-4644-B4D2-A1DCDD923FB4}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=6 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | "TCP Query User{2DC69A21-81BE-42FF-AB37-C85A9DA46C96}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "TCP Query User{3546F842-DEC0-4451-B9D3-0F9E1C84A301}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{3D4E7F54-B8D2-41F9-8E69-03269993BE15}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{42971931-FD7C-45DC-983D-AD793DAD0A6B}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | "TCP Query User{442363FF-ECBA-4B7C-A5E8-2A4B56D870BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{4FCFA684-7A81-4DD7-97C1-9F3CE1FDA73F}C:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | "TCP Query User{645C462E-02AB-4605-9497-9E370E8440EE}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | "TCP Query User{6722E8CE-688A-4F46-9DC6-650F9C16785B}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "TCP Query User{67B0866B-EB50-40C9-8CE8-E4336103A370}C:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe | "TCP Query User{7BCB4A2B-46B1-4B00-81D9-D268CA68A6D9}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=6 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | "TCP Query User{7D300B32-6C90-4D27-B0C2-33C9C164880C}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{91410A94-CB57-4EF2-94DC-4EA7630DE2A1}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "TCP Query User{AE9B0C4C-20E6-48FE-A0E4-C7E2A9B0B0DB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{AEA0350B-633A-4D33-83ED-EDD47482E2FE}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "TCP Query User{CE9331E5-75D9-43D5-AF5B-D25B7B1C3946}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{FE38FF58-EC44-4D9D-AA5E-6D62EC7B2EE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{0343CCC0-8D03-43DE-A976-F443FDB3DD8B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{0BBA0CCA-0C2E-4C8A-91CE-929F73FA7FE6}C:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\krushnak123\half-life 2 deathmatch\hl2.exe | "UDP Query User{1379E20B-1434-42CC-8DC8-50779A25AC55}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "UDP Query User{43B90841-113B-403B-900C-1FA687629D0E}C:\program files\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe | "UDP Query User{48DC29D7-D424-41D2-9A5F-DB72E3C7C587}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=17 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | "UDP Query User{54BFFEFA-ADA0-4A4C-B6C8-B9C0E7ED7788}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{6A6511F7-9CA1-43EF-8FF4-1A45A383BA85}C:\program files\3do\heroes 3 complete\heroes3.icd" = protocol=17 | dir=in | app=c:\program files\3do\heroes 3 complete\heroes3.icd | "UDP Query User{815C0E01-05C3-41B4-BA35-6CB10B875A31}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{9E01E75A-744B-4EA5-B4D0-E6D0CEB707C9}C:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | "UDP Query User{A39195AE-E546-4D6B-BCDF-81215843746E}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{A470A680-78B9-4E23-9E74-272615ED62CA}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "UDP Query User{A8FCB8B0-2FFD-4391-A1C4-4B84346F24F5}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | "UDP Query User{A9B8B1AC-5FB9-4640-A788-2181348AD66D}C:\program files\steam\steamapps\common\cloudberry test\krater.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cloudberry test\krater.exe | "UDP Query User{ACA6E23E-7811-42D1-917B-DC0B0AF85D21}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{B487597B-4BC0-421B-9C4A-223A2D9D5CB8}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe | "UDP Query User{BD809987-5F56-49E7-8FD7-88E9DAAA1A1E}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{BE6905FD-B075-40F8-A592-7D8D0EFD7B9E}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{C6963DB2-70A5-42A7-9235-84174C45D7CF}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{E68BFA88-D9CB-4E28-9C4B-C1D10DA499A1}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional "{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8 "{23BDF7D8-C353-4BA8-8567-814F91332CEA}" = Wireless Switch "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2 "{4343080E-448E-4E2C-B27F-B91000028201}" = Dead Rising 2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{57E7D762-44B2-430D-92A7-E538C3B99CE9}" = DualviewServer "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7243A264-7401-445E-99E6-2CC334960047}" = Smart Watchdog "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73D7F26F-A650-49F3-9928-AD204673797C}" = Green Charger "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA56BFBE-E1D1-435D-A805-52A7F788D057}_is1" = CLICK & LEARN DiDi 360° 3.1 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EF2A95D9-C159-4779-A564-12E58D3CD8D7}" = Program DJ "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "109AAA0C37D6219EA776C7E771DE5C246A0A0846" = Windows Driver Package - ENE (enecir) HIDClass (01/23/2008 2.4.0.0) "34472D3C0CA521527E150A1EB74ED994CE452ECE" = Windows Driver Package - Intel (NETw5v32) net (04/27/2008 12.0.0.73) "3D Titanic Bildschirmschoner_is1" = 3D Titanic Bildschirmschoner 1.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonSolutionMenuEX" = Canon Solution Menu EX "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fraps" = Fraps (remove only) "G I - Die Welt der Verurteilten (mit neuen Texturen)" = G I - Die Welt der Verurteilten (mit neuen Texturen) "Gothic Multiplayer" = Gothic Multiplayer "Heroes of Might and Magic III Complete" = Heroes of Might and Magic III Complete "Indeo® Software" = Indeo® Software "InstallShield_{23BDF7D8-C353-4BA8-8567-814F91332CEA}" = Wireless Switch "InstallShield_{7243A264-7401-445E-99E6-2CC334960047}" = Smart Watchdog "InstallShield_{73D7F26F-A650-49F3-9928-AD204673797C}" = Green Charger "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{EF2A95D9-C159-4779-A564-12E58D3CD8D7}" = Program DJ "InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility "InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full) "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "Seven Kingdoms II" = Seven Kingdoms II "Steam App 10500" = Empire: Total War "Steam App 105600" = Terraria "Steam App 10680" = Aliens vs Predator "Steam App 204720" = Krater Public Tests "Steam App 205" = Source Dedicated Server "Steam App 20540" = Company of Heroes: Tales of Valor "Steam App 20900" = The Witcher: Enhanced Edition "Steam App 211" = Source SDK "Steam App 215" = Source SDK Base "Steam App 218" = Source SDK Base 2007 "Steam App 240" = Counter-Strike: Source "Steam App 24240" = PAYDAY: The Heist "Steam App 33220" = Tom Clancy's Splinter Cell: Conviction "Steam App 34120" = Aliens vs Predator Dedicated Server - Beta "Steam App 34330" = Total War: SHOGUN 2 "Steam App 380" = Half-Life 2: Episode One "Steam App 39510" = Gothic II: Gold Edition "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat "Steam App 420" = Half-Life 2: Episode Two "Steam App 42910" = Magicka "Steam App 4560" = Company of Heroes "Steam App 4850" = Cossacks: Back to War "Steam App 500" = Left 4 Dead "Steam App 510" = Left 4 Dead Dedicated Server "Steam App 513" = Left 4 Dead Authoring Tools "Steam App 550" = Left 4 Dead 2 "Steam App 55230" = Saints Row: The Third "Steam App 560" = Left 4 Dead 2 Dedicated Server "Steam App 563" = Left 4 Dead 2 Authoring Tools "Steam App 564" = Left 4 Dead 2 Add-on Support "Steam App 57300" = Amnesia: The Dark Descent "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 8980" = Borderlands "SynTPDeinstKey" = Synaptics Pointing Device Driver "ThielHater's Texturepatch_is1" = ThielHater's Texturepatch v1.0.1 "VLC media player" = VLC media player 2.0.0 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ClubCooee" = Club Cooee "FileZilla Client" = FileZilla Client 3.5.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.03.2012 07:21:47 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7207 Error - 21.03.2012 07:21:47 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7207 Error - 21.03.2012 07:22:18 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.03.2012 07:22:18 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 38064 Error - 21.03.2012 07:22:18 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 38064 Error - 21.03.2012 07:22:19 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.03.2012 07:22:19 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 39078 Error - 21.03.2012 07:22:19 | Computer Name = HappyHippo | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 39078 Error - 21.03.2012 07:24:50 | Computer Name = HappyHippo | Source = WinMgmt | ID = 10 Description = Error - 21.03.2012 07:41:24 | Computer Name = HappyHippo | Source = VSS | ID = 8194 Description = [ System Events ] Error - 16.05.2012 09:20:11 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2012 09:20:11 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2012 09:23:13 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7001 Description = Error - 16.05.2012 09:55:03 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7009 Description = Error - 16.05.2012 09:55:03 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2012 13:02:10 | Computer Name = HappyHippo | Source = DCOM | ID = 10016 Description = Error - 16.05.2012 14:50:14 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7009 Description = Error - 16.05.2012 14:50:14 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2012 14:50:14 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2012 14:53:00 | Computer Name = HappyHippo | Source = Service Control Manager | ID = 7001 Description = < End of report > |
17.05.2012, 11:53 | #5 |
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. Hi, sieht eigentlich gut aus... Sagt Dir der Eintrag: O33 - MountPoints2\{6eb31f9e-a372-11df-83b6-001eec51099d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DACKSON-PC.vbs was? Bitte das hier abfahren: Fix für OTL:
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: - No CLSID value found O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. :Commands [emptytemp] [Reboot]
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
17.05.2012, 12:37 | #6 | |||
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf.Zitat:
Hier der Log nach dem Neustart: Zitat:
Zitat:
Im übrigen belastet mich das Ändern der Helligkeit nach jedem Neustart ziemlich. Dies kam erst nach dem Trojaner. Ich muss nach jedem Neustart die Helligkeit manuell hier über Nvidia ändern. hxxp://s14.directupload.net/file/d/2893/aq8zi5yv_jpg.htm Ein Profi sagte mir mal, dass mein NVIDIA nicht automatisch starten würde und aus der Leiste verschwunden ist. Ich vermute, es lag am Trojaner, dass er das irgendwie ausgehebelt hat. Wie kann ich ihn wieder aktivieren ? |
17.05.2012, 14:17 | #7 |
| Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. Hi, installiere die Treiber mal neu, dann sollte sich das mit dem autostart automatische erledigt haben... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu Nach einer Infizierung des Bundestrojaners vermutlich noch rester drauf. |
anschluss, bildschirm, bundestrojaner, dateien, dateien verschwunden, forum, gelöscht, gestartet, infizierte, infizierte dateien, lange, langsam, malwarebytes, rechner, symbole, system, treiber, trojan.winlock, verschwindet, verschwunden, verändert, virus, warum, woche, wochen |