| |
| |||||||
Log-Analyse und Auswertung: Bin ich infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.06.2012, 13:28
| #1 |
| |  Bin ich infiziert? Hallo Zusammen, ich lese immer mal wieder hier im Forum, hatte bisher aber noch keine Grund selbst etwas zu posten. Jetzt ist es soweit: Gestern Abend meldete sich Antivir (EXP/2012-0507.BM) - nach einem Scan und dem Verschieben einer Datei in die Quarantäne sowie nach dem Löschen meines Browsercaches und aller Cookies fand es jedoch nichts mehr. Da ich auf meinem Rechner jedoch auch Onlinebanking betreibe möchte ich auf Nummer sicher gehen, dass mein Rechner sauber ist. Daher möchte ich euch bitten, euch einmal kurz meine Logs anzusehen und nachzuschauen, ob womöglich doch noch was Verdächtiges läuft. OTL.txt: Code:
ATTFilter OTL logfile created on: 13.06.2012 14:05:27 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Fabian\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,37% Memory free 8,22 Gb Paging File | 5,85 Gb Available in Paging File | 71,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 274,95 Gb Total Space | 38,21 Gb Free Space | 13,90% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 8,93 Gb Free Space | 18,28% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 16,60 Gb Free Space | 33,99% Space Free | Partition Type: NTFS Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 14:02:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Downloads\OTL.exe PRC - [2012.06.13 14:02:33 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Downloads\Defogger.exe PRC - [2012.05.21 23:19:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe PRC - [2012.05.08 17:57:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:57:51 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:57:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.07.26 09:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 14:02:33 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Downloads\Defogger.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.05.01 08:51:14 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc) SRV - [2012.06.11 10:17:00 | 000,161,112 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe -- (BgRaSvc) SRV - [2012.06.11 10:15:11 | 000,269,656 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BsMain.dll -- (BsMain) SRV - [2012.06.11 10:11:59 | 000,409,944 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe -- (BsUpdate) SRV - [2012.05.08 17:57:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:57:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.28 11:14:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.02 20:54:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) [Auto | Running] -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe -- (PCSUITEINSPECTORSVC) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.05.04 04:33:54 | 009,241,088 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\SAMSUNG\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare) SRV - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 14:43:24 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\FIXIT0~1\MXTask.exe -- (Fix-It Essentials Task Manager) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.07.26 09:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2008.07.26 09:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer) SRV - [2005.08.10 14:26:14 | 001,527,900 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 17:57:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 17:57:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.17 12:14:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.12.17 12:14:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.12.17 12:13:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.17 19:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011.07.27 20:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.05.06 12:28:18 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.05.06 12:28:16 | 000,159,136 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.05.06 12:28:16 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.05.06 12:28:16 | 000,016,800 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.05.01 08:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys -- (TIEHDUSB) DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.06.24 21:52:37 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.30 23:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.04.30 22:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2009.04.30 22:55:48 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.08.16 20:56:09 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2008.08.16 20:56:09 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2007.08.20 11:05:02 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:64bit: - [2007.08.08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool) DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD) DRV - [2010.05.01 08:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.08.18 22:31:29 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) DRV - [2009.04.12 14:23:12 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\oc u. ähnliches\Rivatuner\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64) DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 80 8D 94 E8 DB CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=&src=crm&q={searchTerms}&locale= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 16:43:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard Backup\files32\backup\thunderbirdbkplugin [2012.06.11 09:55:47 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: YouTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\CRX_INSTALL\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Google Mail = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.12.17 12:52:58 | 000,439,180 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15106 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000026 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C0E4BA-CED3-45F6-8D9A-27AE468C5E5B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6DFE45-A6DD-45ED-BE9A-FF2D87CFC2E0}: DhcpNameServer = 7.254.254.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell - "" = AutoRun O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell - "" = AutoRun O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell\AutoRun\command - "" = H:\pushinst.exe O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchBFII.exe O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell - "" = AutoRun O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell - "" = AutoRun O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 10:12:18 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\BullGuard [2012.06.11 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2012.06.11 10:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Festplattentools [2012.06.11 09:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012.06.11 09:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard [2012.06.11 09:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard [2012.06.11 09:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd [2012.06.09 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Bewerbung Mannheim [2012.06.08 10:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes [2012.06.07 22:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave [2012.06.07 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Audible [2012.06.06 18:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2012.06.01 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2012.06.01 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2012.05.21 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.05.21 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.05.21 23:19:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.05.21 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.06 15:22:13 | 000,002,087 | ---- | M] () -- C:\Users\Fabian\Desktop\Google Chrome.lnk [2012.12.06 15:01:43 | 000,001,356 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat [2012.06.13 14:03:52 | 000,000,000 | ---- | M] () -- C:\Users\Fabian\defogger_reenable [2012.06.13 13:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.13 13:19:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000UA.job [2012.06.13 13:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.13 13:14:17 | 001,594,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 13:14:17 | 000,683,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 13:14:17 | 000,642,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 13:14:17 | 000,150,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 13:14:17 | 000,123,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 13:08:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.13 13:08:14 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:08:14 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 13:08:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.12 23:28:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2012.06.12 23:28:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.12 18:19:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000Core.job [2012.06.11 11:53:10 | 000,199,168 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.11 09:55:55 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk [2012.06.08 10:50:21 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2012.05.21 23:19:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.05.20 20:29:43 | 000,058,042 | ---- | M] () -- C:\Users\Fabian\Documents\thomaskrone.odt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 14:03:52 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\defogger_reenable [2012.06.11 09:55:55 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk [2012.06.08 10:50:21 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2012.05.20 20:21:13 | 000,058,042 | ---- | C] () -- C:\Users\Fabian\Documents\thomaskrone.odt [2011.12.08 23:22:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.24 12:07:12 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.21 12:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.23 22:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.04.16 17:38:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.16 17:38:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.07 21:37:40 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat [2011.02.07 20:27:38 | 001,573,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.29 21:26:53 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.11.19 16:41:22 | 000,000,565 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini [2010.09.27 22:52:01 | 000,150,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.06.14 16:10:03 | 000,000,600 | ---- | C] () -- C:\Users\Fabian\AppData\Local\PUTTY.RND ========== LOP Check ========== [2011.07.06 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft [2009.05.08 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AceBIT [2009.06.15 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Avanquest [2012.06.11 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard [2008.11.26 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Canneverbe_Limited [2008.11.11 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Cornelsen [2010.12.09 23:23:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CrypTool [2011.12.29 23:30:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox [2012.05.27 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft [2011.04.16 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.23 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FileZilla [2012.06.06 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2011.11.17 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ImgBurn [2010.06.14 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView [2010.06.17 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\JAlbum [2009.01.14 13:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech [2010.07.27 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient [2009.07.19 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MAGIX [2008.09.08 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2008.08.15 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Die Schlacht um Mittelerde -Dateien [2008.12.25 02:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag [2009.03.30 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Notepad++ [2011.10.10 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OfficeRecovery [2010.12.29 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenArena [2009.06.04 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org [2010.05.31 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Suite [2012.05.10 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\RipIt4Me [2011.11.29 00:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Samsung [2009.01.05 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u [2009.07.19 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steinberg [2011.01.25 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TeamViewer [2011.05.18 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds [2011.07.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tunngle [2012.04.14 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ubisoft [2011.11.28 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unified Remote [2012.02.22 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unity [2010.11.29 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\W [2012.06.08 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\wargaming.net [2012.06.12 23:28:44 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.13 20:18:57 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94EF8A00-19B1-42B2-BF10-FE258F391200}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 752 bytes -> C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.06.2012 14:05:27 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Fabian\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 54,37% Memory free
8,22 Gb Paging File | 5,85 Gb Available in Paging File | 71,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,95 Gb Total Space | 38,21 Gb Free Space | 13,90% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,93 Gb Free Space | 18,28% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,60 Gb Free Space | 33,99% Space Free | Partition Type: NTFS
Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.scr[@ = scrfile] -- Reg Error: Value error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
.scr [@ = scrfile] -- Reg Error: Value error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Value error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Value error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B2 39 E6 04 DB FE C8 01 [binary data]
"VistaSp2" = 75 47 43 BA C9 ED C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04100698-9114-49EA-92AD-DE29C3161DB5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{10ADAA98-3557-4884-BFAB-CDEC9A14620E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{15C2B4D2-309A-42D7-BD48-C32DB6FD22E3}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher |
"{1F242E23-C91E-44A7-A32B-6BC67DD94B9C}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher |
"{20ED10D9-815D-4C75-8455-C568CA6B3092}" = lport=9000 | protocol=6 | dir=in | name=receiver |
"{23037353-4C1B-4071-80B9-5A1280CF6B8D}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{292FF059-A746-40F4-80AC-04B03BC10602}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher |
"{3308C5CE-B5D0-4756-82A5-AD2E88AD3692}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{35220968-49CE-4A2B-9674-35665691CFFB}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{37C970A0-C782-4C69-AC73-B86F213C47F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3857C6F6-EC2B-4677-A687-230853176615}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{398E561A-6F80-4268-BEC4-596A1DB6E0A3}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher |
"{3CB282DA-F7B5-478F-B4D4-F9D7AD567781}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher |
"{45021840-9D5F-41FB-95A2-000BD6A3DD72}" = lport=8303 | protocol=17 | dir=in | name=teeworlds |
"{458656F4-9866-4920-910A-6372BF71D35B}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{47DF3933-A8C0-4BB7-9DF9-F37D0D1E6FEA}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{49372A40-41E4-4D3F-968A-F6CD90C531A8}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{4D702D9A-D7AE-4128-B60F-E6AB43C20EF7}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{4E2FAA19-F213-443F-A92C-0E701091894B}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{616C1F18-C9F4-4BC3-81D7-E7D3242AF60E}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher |
"{65EEC43E-42A1-4B72-8B62-D4077AC60829}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{6773D17E-8F4B-4B48-B01E-E5CE6C224037}" = lport=25565 | protocol=6 | dir=in | name=minecraft |
"{6CC1DB3F-F5F2-4154-A36B-4EABF64575B5}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher |
"{7176D888-D85E-43E0-A2B0-6B1E2C0688BF}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{76494C8C-1FF3-4A8F-837D-1D89F49C0686}" = lport=9000 | protocol=17 | dir=in | name=receiver |
"{7972A541-A73B-4D80-8486-F5FED23BF541}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{7A100DB1-45B9-4BEE-87AD-8C3D65800DAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B428045-B684-4CA3-A1BB-E770577FD7C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81DB40DD-91C7-48D4-866D-69626A686B37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82BAF8FB-20C9-44EF-865D-41D451F8DB53}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher |
"{89A835D1-9B7C-4688-8C07-FA2A1DE77874}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DC35AE9-53DD-4FDE-99C8-AD70C5AA8958}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{93F9E2F1-2657-4662-939D-70A9688759DD}" = lport=25565 | protocol=17 | dir=in | name=minecraft |
"{976475FB-AE87-4761-B982-C110E40518FB}" = lport=8303 | protocol=6 | dir=in | name=teeworlds |
"{9AD45407-7D53-42D3-90C1-856660D595EB}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{9C8F8432-8C91-4A6C-8753-AD3F0CF6FAC6}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{9E87B6D1-BB3C-48C6-B863-13F1C0549425}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{A7603C99-3BCF-4948-B2B7-E8706BD433C8}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{AF58DF2D-A1AC-4D5D-84E3-DE94BE4CC2CF}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{AF70FEA6-78D6-4C4F-B649-3BB12250974F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF909A86-7403-4BCE-A316-2741CA46D7A9}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher |
"{B59AEB95-FF58-46C6-ABA0-128C79A79AA2}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{B6DCD223-B76C-4112-A9CC-1779D2351FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6FFDCCD-E2A6-4861-9CEE-4FCD8AF603D5}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{BBA76768-1957-437A-9385-80E614982BF4}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{BEB66C21-7FF0-4D77-BA72-097D52BA9E76}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher |
"{C2B530A0-22C3-47BD-A7EC-EA27401ADD98}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{C2B5708F-9FBF-49E1-BAFB-4B2399E33007}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{C4333209-AAF7-468D-BF82-23FC1B5E9661}" = lport=21 | protocol=17 | dir=in | name=receiver |
"{C6063BBD-A744-42A7-9FB0-0C2F1C7D0C8A}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{C708188A-7F92-4413-9E0D-2ADE8DCE179F}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher |
"{D0784062-DA42-48DE-A8E2-D3C9E072F96A}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher |
"{D1F503B6-EB15-49D6-8334-D01060E1BF92}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher |
"{D3A097D1-E061-4DCB-BB89-5DC57731DB22}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{D5D97A36-1206-4D67-A095-97437812B128}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{D80571D9-ABFB-4762-8076-F70AD81B6BA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2837AD2-1BDA-4C05-8553-13864BED679A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{E4C0A4B5-0606-46DA-BBC3-AC720DDA6C97}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher |
"{E562F31D-E7F1-4AE3-8E0A-83235587B06E}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{E8445FD7-D348-4619-BAA9-7CA3E7CAA7B3}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher |
"{E8C2AAAF-418B-47DE-985E-DE975BD17205}" = lport=21 | protocol=6 | dir=in | name=receiver |
"{E9F949B6-44BD-4FA4-93A0-1A17478B1B4C}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{EB9CA200-0A5F-4788-8185-2CB9FCBBC61E}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher |
"{ED6B5899-912E-42EC-899A-7CBFACF5D54C}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{EFA9C583-80A2-472B-A574-3A402C05FBBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F657A651-C15C-4BE5-AFE7-22FB249BFF51}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{F886672B-EA4D-48F5-AAAE-37C343FFEF09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA363C42-0177-4AC7-B93A-C822E9C5E95C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{FC9A2C56-9BE0-49EB-AF65-88C3560522C5}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FE771E8D-B62B-4240-A033-2C4C6B7A45F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E7964-0E5F-40E7-B10C-6F91644F768E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{005BBE6D-FD57-4C07-A324-92267C410DC7}" = protocol=6 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\air\lolclient.exe |
"{010396E0-D40F-4528-89AB-2362CF1C4C30}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{010D6B88-64E0-4CC1-B15C-E8E635BDA04C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0876FF0C-3149-499A-A280-8B9C15CD1AEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AC48CDE-2613-4FD2-9255-A0100607DCD6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{0BCC37EB-6525-4E6F-B832-13A47032ADD5}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"{0C2E82E4-5D6F-4520-8CC0-0DEA64FC83BE}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe |
"{0DB14B72-38BE-4D98-9E45-2F4E9EB53835}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E2EBA81-AF84-4277-9B8B-E5E068FCE48D}" = protocol=6 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"{108DDEBE-E7E2-4256-8718-AAC1A1A152F9}" = protocol=17 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe |
"{10CEFBAE-7873-4461-9B77-0A672A78AE08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12AB5F36-70E6-4A51-B862-8382D34F14EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{14265932-D0E2-409F-BA6A-0D402C288C80}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{15DA1762-A254-494C-9936-F416D0E743FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16C2AB3B-93AF-4BA4-808B-E71E99F4C8D6}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{174E18E1-E63C-42B8-BF17-4EBDAF243A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe |
"{18A19F96-861B-491F-BE9B-E897D224942A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{18B7F494-76B8-4147-B0DC-1B441DBF4837}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{19A125DD-461B-4E5F-A4A9-1042B7510214}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{19FA1592-18C2-472F-97B2-0CAF6F96630C}" = protocol=6 | dir=in | app=c:\spiele\thq\cohlauncher.exe |
"{1A1345D8-5AA3-4FA8-A48C-786C9B91DC47}" = protocol=6 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\launchgtaiv.exe |
"{1A3D158B-7130-4932-9AFF-73D2CE98F601}" = protocol=17 | dir=in | app=c:\program files (x86)\ad-aware\ad-aware.exe |
"{1B8CA73E-ED8C-4021-85C6-C586A5A2BD40}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{1E95147B-7A08-4468-A84E-BE1D539090D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1F3EC5A3-F548-4032-9033-5454B46365E4}" = protocol=17 | dir=in | app=c:\spiele\guild wars 2\gw2.exe |
"{267010AA-330E-4826-A1B2-653C3B483AC4}" = protocol=6 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe |
"{2B25DFE2-D232-4DB2-BE47-4BC08662B83D}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"{2C9582B4-8136-4A08-9590-5749F0C912AA}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{2E094C49-F516-436A-B404-4DCE653C1B95}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{33AAC75A-F3A4-42EA-9A89-682FA9AC2FDA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3410CB29-DC25-4B4E-BD31-60B78A281FA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{3921325B-3568-4A92-800A-E3927E8DA101}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{39403AF5-3650-4F7D-9212-EC54D4637BF8}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{3A088F61-EF39-40D4-8E30-5301A2128CE7}" = protocol=17 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe |
"{3A1A9C3B-DE19-4801-A25A-DE6D6D9E87A7}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"{3D592DF9-8862-4991-8194-0C32CA2B0922}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{3D957D5F-046C-4096-B803-21B248E340D2}" = protocol=17 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\game\league of legends.exe |
"{423F5E56-0447-4310-862B-EC5C7B0B1999}" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"{45CE5F4C-4819-4142-8A62-688BC9EEDD26}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"{4A1D52A2-F5FA-4949-A413-A7912A1473D1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{5004ACC5-B161-4824-A132-E2D09C0F3572}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{54EA1C48-78DA-490B-A5F9-2AB5C735796E}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe |
"{58002418-9A4E-4641-B73C-8DD498EF5CBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59D2C68E-ACB1-49DF-B5A3-0B63AA988073}" = protocol=6 | dir=out | app=system |
"{5BBDCAEE-7359-4056-9920-3851FCBBF4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC26BD7-92E2-4EAD-B1CC-CB4C59550EE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC3A78C-3E3D-4425-85AC-83186F121040}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5CB0444F-CAFC-4FA9-AEE9-B4991C34D322}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat |
"{5CF7657B-41C6-4AC1-806C-A7FF26EEEB8B}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe |
"{5EEA0839-D093-4720-816C-10DAFB404AC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FE3C1C6-91A7-4004-8646-194B871D0B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63A276E1-469C-437A-AB9C-2C0B2AB9C729}" = protocol=17 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe |
"{672138B0-D98F-42E6-8968-08551B16E2CE}" = protocol=17 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\launchgtaiv.exe |
"{6832A22C-6E2F-4606-9714-AAB023FCEB1C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6BE7C66C-E81F-4B3D-BFEA-772A089751B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6C2576F5-ED2C-4C4A-8731-EBFD649B83CF}" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"{6CEA68E4-94B8-4CE4-A6F2-A12D2AF2C748}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{6DE6B1A0-2172-406E-913A-CFFC87D5C576}" = protocol=6 | dir=in | app=c:\users\fabian\downloads\sweetimsetup.exe |
"{725F6923-9C0E-4430-9370-088974E81E58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{74E1FCAA-3C96-4672-AE4F-3C1E90E2D056}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe |
"{7532A1DD-5359-4862-AD36-B0B11908820E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7568A801-541A-4F79-9188-4EF84D074C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{7AD12077-DC1C-440E-90DA-CD1AA821AE78}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7EA37C6F-F086-41D2-8F8E-812BF6A1BD19}" = protocol=17 | dir=in | app=c:\spiele\thq\cohlauncher.exe |
"{8499D287-7456-400C-AB2A-C97D8BB4D0C7}" = protocol=6 | dir=in | app=c:\spiele\gta iv\rockstar games social club\rgsclauncher.exe |
"{85F48457-A447-44BE-A8C8-5E78172DBF6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8878283B-1718-4E02-8EE0-970F1A7A5EDC}" = protocol=6 | dir=in | app=c:\spiele\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{8B53A871-B2EC-4061-8723-52BBD7AE4791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CDFB926-C3B0-46EB-B2DD-49A56F38D1EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D718B6E-4E8C-4B48-A49A-88703DDEDC2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DEE1533-0AA9-43A2-A88C-DD75160A5F37}" = protocol=17 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe |
"{8FEB4581-5C48-44C3-9CF4-B7C715AFD5BA}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe |
"{907C412F-5299-4572-B3A3-5DAC7AA9179D}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{9956B587-79FE-4792-91DE-8D57422C55EE}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat |
"{9C3062C7-0353-44CF-ADBD-F3AE626AB97A}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3x.exe |
"{9C390541-6C9B-4A1D-B310-3C619C214824}" = protocol=6 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe |
"{9DA1FB8D-6F5A-48FD-916E-8E7426009FB2}" = protocol=6 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe |
"{9DA4AFDB-9C11-4B1B-BA55-B491F783B94A}" = protocol=6 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\game\league of legends.exe |
"{A0F4312B-04CA-4B18-A2B3-B9560F004B77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1348B64-08C5-4311-89FB-37C9C8269725}" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe |
"{A49DBAE0-91F1-4170-B08B-2DDBE34BC567}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{A4B6BBD3-BD00-490D-8813-3619322DBA92}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{AA1286C7-7AF3-485A-BA72-F5160D0607F7}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{AA63D0B6-E9D1-46D8-BD2E-FD913CDC534B}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{B3779BB1-B665-4945-BEFF-28216C2BFD7C}" = protocol=6 | dir=in | app=c:\spiele\gamespy\aphex.exe |
"{B6EDECC1-2D56-4395-BBD3-02DE3BD9DC47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BA1960B7-B800-4439-A14B-DA2E9410CA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C05256D7-1F50-46C8-B693-A34835EF7A88}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C1704507-1C84-4592-9646-21301BDF2EBE}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3x.exe |
"{C2BBD44A-79ED-433A-AC9D-30C992A0AE88}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C686EC1D-D2D1-46AC-BB20-0DD0704789CE}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe |
"{D114D4E7-D4EE-4BC5-9418-E98362A39380}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{D16B5AFD-72AB-4F23-81A9-8479BECAA39B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5A94B83-D720-4E21-B195-CE2CDFBD8383}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{D8F80788-B0F0-44A7-81D7-54AA2B0CAAD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DB06D9D7-B983-4F96-A57E-C5B0F59D962B}" = protocol=6 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe |
"{DBDBBB85-5B8F-44B9-9DFB-7F6F27F48DE6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DF63DAE9-612A-45A1-8573-A9568CCCD1EA}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"{E2117690-7B26-4382-97BE-42E2FBCCEF72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E226033F-83BE-4D44-8824-8B268E25AF05}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{E2D2D90E-1AAA-4882-86F0-FB8CAB5370AF}" = protocol=17 | dir=in | app=c:\spiele\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{E5D4889E-7251-425F-9E86-4C254424AF3A}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe |
"{E64B945A-B9CB-4CD7-B974-BBA931B0F4AE}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"{E734D64F-F7AD-4F85-AA54-FC0131DC73C3}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{E781B806-2A48-4F65-9723-2FB6C8CC85FB}" = protocol=6 | dir=in | app=c:\program files (x86)\ad-aware\ad-aware.exe |
"{EC3365A6-9E58-4A28-920E-03A1F9F59667}" = protocol=17 | dir=in | app=c:\spiele\gta iv\rockstar games social club\rgsclauncher.exe |
"{EC740130-0432-4842-8983-7AEE9209FF61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ECDAF734-6FDD-4535-B7D1-6650580BEE30}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"{ECEF3A29-C22B-47F2-A3B6-893D5B99A29A}" = protocol=17 | dir=in | app=c:\spiele\league of legends\ace client\league of legends\air\lolclient.exe |
"{EE08211E-6648-4337-A2B8-0756BA4A0489}" = protocol=17 | dir=in | app=c:\users\fabian\downloads\sweetimsetup.exe |
"{F090FDD4-A877-45B6-A3CE-40E29AB5D0CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2EB7DBC-B71F-4E72-ADB9-34507F93F3D7}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{F445A224-B194-491F-9A5D-780933473A0D}" = protocol=17 | dir=in | app=c:\spiele\gamespy\aphex.exe |
"{F4D77455-3D32-4E76-8808-8E1641689B9C}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"{F57F334E-C984-4944-9583-88E99B4AF487}" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe |
"{F6F07F1C-5635-4D1C-B7BD-5E0EB00E7ED2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FA99B6CB-2989-4846-8489-6F5DA904BA84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FBFEE196-3EE8-469A-AB70-FDAAC3670DA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FDCC61F3-BFFE-4779-8DE2-AF10D483C826}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{FE67A9FC-CB7C-4DB9-93EB-EEE26AEBAA56}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{FEE6904B-338E-44DA-9C34-98032DA47926}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"TCP Query User{05D3F2DE-5F1D-4CB9-A19D-85B9B063DB55}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"TCP Query User{0DBDC3FB-7E02-4C11-84B3-B1865F63B64B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{1148BFCA-E7C4-4C2D-80FC-D4D3E9149557}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{11C0A4E7-FBD1-459B-8301-F27CA5A489B7}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{18171FCD-516D-461F-A612-E1E6E5AC78A9}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe |
"TCP Query User{1A81F1A5-AE91-47D4-AA31-11745AE201F5}C:\spiele\thq\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\thq\reliccoh.exe |
"TCP Query User{20862A1F-A243-4EC1-B12D-0F9456DE6EC6}C:\spiele\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\spiele\world of tanks\worldoftanks.exe |
"TCP Query User{23D90860-8D42-49CC-9B51-4146930CE1C8}C:\spiele\ageofempires2 englisch\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\ageofempires2 englisch\age2_x1.exe |
"TCP Query User{271F4535-19FB-4991-8DE5-14F339ED9F6C}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"TCP Query User{28DA6B9F-CA68-4CF5-949E-20A35ACB1DBF}C:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{2B6DE577-E742-4B3C-9BD3-FE747DA7DA92}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"TCP Query User{2D8DF738-BF46-492B-BF4E-8A7D0CDFF34E}C:\spiele\thq\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\thq\reliccoh.exe |
"TCP Query User{36B77B25-EC32-4659-B87E-B5204AFF0556}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe |
"TCP Query User{36D7147A-F94A-4BA3-8F73-816177D46EFE}C:\spiele\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft\war3.exe |
"TCP Query User{37236AFD-3456-4734-B461-8A4889A51EF5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{372B573A-747C-41C8-B776-B9A9CDF4191C}C:\spiele\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\spiele\flatout\flatout.exe |
"TCP Query User{3EB228CB-4D34-47FF-AD6E-1B5C8D5D9F12}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe |
"TCP Query User{40952BE1-9798-4415-AB57-03A542EF5DEB}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"TCP Query User{431B175F-58DF-4CEA-8B7D-9D576E89E12B}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe |
"TCP Query User{49180112-0E03-4E67-ADDE-E8331D5231E7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{49A2BF60-6016-49C1-9CE9-C5831C2AA99A}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe |
"TCP Query User{4B255099-CAEB-4296-884D-2E64757B69BD}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"TCP Query User{4BE6ED03-BCFC-4C02-849C-9095179EFC95}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{4F2DA0A2-C2D5-4535-B0B9-6EB3899CAFAC}C:\spiele\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\spiele\age of conan\conanpatcher.exe |
"TCP Query User{4FAE8C97-0146-4B70-81AA-C9A651E86BE2}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe |
"TCP Query User{512F1569-9A39-4F96-B788-6C100D9188C0}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{532D113D-8C8E-42C1-B14E-6B3879169683}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{54A71D9C-626F-4FB7-8467-E23640240709}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"TCP Query User{58737ED1-CBBE-4809-B7CD-D1CC1DA52DB2}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"TCP Query User{5FCE15EC-CFAD-4C28-A184-8DEF3A48FB2F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{62213768-B03E-4FBB-A903-44FEF2FFF06C}C:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield vietnam\bfvietnam.exe |
"TCP Query User{6329D3FE-AFF6-45F3-88C0-A6419DEC8273}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{65C973A8-6D3C-4464-B03F-6EB7CDDF103A}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"TCP Query User{6A276740-B662-4EA5-AF5F-E6BE9EBE8C1D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{6B6D83E9-1762-43D1-8334-B5007279E0A3}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe |
"TCP Query User{6E425667-11D2-4C0D-9A73-1BB6B9F9A7DC}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe |
"TCP Query User{725C5F7C-2570-4B03-87D1-0A6C37780EAB}C:\spiele\warcraft iii - the frozen throne crack\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne crack\war3.exe |
"TCP Query User{76C7B38D-3512-4546-B5CC-9A1E0AD1F75B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{78726115-B37B-43E7-9DAC-5F6CFC25AA2A}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"TCP Query User{7B5ED082-8ECC-4184-BA84-7F32007D27EC}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe |
"TCP Query User{7DC516DB-9806-4747-8935-968F62FB71A8}C:\spiele\aoeiii\age3y.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"TCP Query User{80AF8CEC-7384-4B25-A4CA-1A51DEDFF7FC}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"TCP Query User{87AFF39B-1905-473B-8ECB-8BB666199083}C:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe |
"TCP Query User{995D4841-A142-45A5-AF16-80176FD5B7A0}C:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe |
"TCP Query User{9F84EC17-5330-4924-96FA-8E350745FF0E}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"TCP Query User{A4141EE7-2986-463B-9EAD-D95F82C9ED44}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe |
"TCP Query User{AA63419B-E311-428D-83CB-B8CE22D7CC11}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"TCP Query User{AE315E35-461D-420C-BE4B-4B683B09C6CD}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe |
"TCP Query User{AE73F02A-AC55-4AA0-9779-EEA88F51E89D}C:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe |
"TCP Query User{B012DBF3-2007-4806-9CF7-A7E1F61F5EDE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{B0332979-C8DE-45B0-8847-F285B38E6CE3}C:\spiele\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\spiele\fifa 09\fifa09.exe |
"TCP Query User{B60665F1-401C-459F-AB55-515E65DFCC07}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"TCP Query User{B906A000-AB2C-4851-AD9A-08989FEA41A3}C:\spiele\age of empires ii de\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii de\age2_x1.exe |
"TCP Query User{C2DCF871-F6E6-496A-AA1B-8C429E065D37}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C36F5AB7-7EA3-40E1-8750-B37CE90EF17E}C:\spiele\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft\war3.exe |
"TCP Query User{C6CE7081-9183-40F4-9145-CCC711827F6F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{D8E3B152-5C60-4AC0-8B04-CE6660C33E56}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"TCP Query User{E59E0DD2-A631-4F44-94D7-D0CED82B094C}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"TCP Query User{E5A47F50-6CFF-49C3-A78F-123318A8A9C9}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"TCP Query User{E63F8070-D263-490E-BB8B-1B27772408EA}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{E99AE711-ED6D-4048-8384-2FB88A8BA6EC}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{EFCEF204-AB00-4D75-B9EA-A2892D698447}C:\spiele\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe |
"TCP Query User{F13838C2-96EA-4B86-B373-34142FD46373}C:\spiele\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\spiele\world of tanks\wotlauncher.exe |
"TCP Query User{FF7AC07D-3FEC-4D39-B2A7-A83490A35120}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"UDP Query User{038A7618-501C-4FFE-87F3-81C124424708}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{072D9219-F34C-4684-A137-26D1737A825F}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe |
"UDP Query User{083586AA-E3F8-4834-B5CE-D008F4F87F9A}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe |
"UDP Query User{0A946031-9B0C-4A56-A47C-F36F369E0359}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"UDP Query User{17C06CCA-0601-42BF-B849-54BCEE06CD73}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"UDP Query User{1F4C36A5-B429-44FE-80F3-C5A7AB7D36CD}C:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\temp\665da82604684076b967a875389e7746\relicdownloader.exe |
"UDP Query User{294552DE-F50E-4F3A-85A3-F96EFED55D1D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{29D0A615-F336-4ED0-B38F-340B2F459637}C:\spiele\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 4\iw3mp.exe |
"UDP Query User{2A0D87FD-6272-42F2-8D40-931B2617F149}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"UDP Query User{359A341E-8737-4F99-93D6-B1389071A459}C:\spiele\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\spiele\fifa 09\fifa09.exe |
"UDP Query User{381BEA96-AFB3-43D9-9580-90774B284F5B}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe |
"UDP Query User{387E2434-E030-4106-BEE5-334F18EE6765}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe |
"UDP Query User{3A50A205-137B-48ED-A124-670DC61CE6AE}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe |
"UDP Query User{405C4069-8AB5-4992-B1C8-6D00F6FA5CF9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4695F972-569C-4F6E-82B7-FEC6404AC371}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4F696627-DF62-482C-84CB-221E53FECA97}C:\spiele\aoeiii\age3y.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"UDP Query User{501C22E0-0827-4925-9045-D80EBE331B52}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{535D9115-CE6A-410D-856C-E1B75269DC07}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"UDP Query User{553C6625-015A-4ECA-B3DA-F08ECA2D7552}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"UDP Query User{5994D242-A7BE-45CF-9D13-653A865FA62A}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{5E7089A0-EE8D-4257-A682-1212AA89A97C}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"UDP Query User{5E7BB8E1-CE99-4672-9AEC-E628AF2E26E8}C:\spiele\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{68FD82A4-FE6D-4A8C-BD04-9F0932237E4D}C:\spiele\age of empires ii de\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii de\age2_x1.exe |
"UDP Query User{6B747647-13BD-4B84-B351-10143FC85A36}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{6BD3A584-4E3C-499B-84F5-5510EF296205}C:\spiele\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield vietnam\bfvietnam.exe |
"UDP Query User{6D415A2F-7538-4A54-95F1-F2EC73AE5CB7}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"UDP Query User{6E5C1C70-0C82-4D2B-93F1-107C99F0AE0D}C:\spiele\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\spiele\world of tanks\worldoftanks.exe |
"UDP Query User{757AD208-4534-4EE9-AEAF-78A93A2A838B}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"UDP Query User{78A01A45-E10D-4132-B6CC-C68609575D45}C:\spiele\warcraft iii - the frozen throne crack\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne crack\war3.exe |
"UDP Query User{7B710251-D681-4079-B192-33DE0D220D23}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"UDP Query User{7CD37E2D-F477-4148-AEBA-BD034F3D252C}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe |
"UDP Query User{7CFDDFA1-7979-4BEB-B599-718665E6DA68}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{82639A9C-3DBB-4182-9AE9-D46097859EA7}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe |
"UDP Query User{8552F42B-4BEB-4299-80E6-12A33DCC84D2}C:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\fabfaeb\team fortress 2\hl2.exe |
"UDP Query User{869C5412-AC1E-42B9-B4C3-CBF8F338753A}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{970DBDBA-9E24-4FD5-B621-E81267CC18B4}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"UDP Query User{97ADBECD-305C-4605-8BA4-2FBA1DAA4ABB}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{9B19707B-F8F4-4E02-8A76-77CF28179797}C:\spiele\ageofempires2 englisch\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\ageofempires2 englisch\age2_x1.exe |
"UDP Query User{A1F6F56A-AE66-4EFA-8E12-37F81D5BD9FA}C:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\lan\call of duty 4\iw3mp.exe |
"UDP Query User{A8A2B691-A2CE-43D1-8945-FF1302537123}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B0AFA62A-9E79-44F0-ADA9-5C699EDF3810}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{B8522E5F-48C5-4225-ABD5-C9BECC6A05EA}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe |
"UDP Query User{BCBFA34B-696C-4BCA-AFB8-61EF6ECE71E2}C:\spiele\thq\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\thq\reliccoh.exe |
"UDP Query User{BF1965A3-203C-49BD-B478-FF87EB3CBB83}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"UDP Query User{BF3682F6-4FE2-4966-A05A-5F351745E65F}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe |
"UDP Query User{C4F1A108-3821-45B9-9897-FA487945E04F}C:\spiele\der herr der ringe - die eroberung\conquest.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe - die eroberung\conquest.exe |
"UDP Query User{C6DC7B0B-F496-4EA0-A317-A1B0FF60B42D}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{C79553A7-59F4-4070-ADA4-F21EDE3B0CA0}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"UDP Query User{C9005B0A-BC02-475D-902B-E25FD3A7B8E0}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"UDP Query User{C99EC000-AEC3-4355-8E03-FDEF11E1DDD0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{CAB4A68D-2ADE-4748-8569-FF621F3B643D}C:\spiele\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\spiele\age of conan\conanpatcher.exe |
"UDP Query User{D3E5BBBB-28F0-41E9-BF97-8A3B78F2DD13}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"UDP Query User{D733319F-E356-4795-8D05-B12A66C42701}C:\spiele\thq\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\thq\reliccoh.exe |
"UDP Query User{D84CE450-38A6-4859-96E1-EB29BDB78FEB}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"UDP Query User{D9E1F4F1-5CD8-476C-A5E6-F6F2B4352934}C:\program files\icq6,5\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6,5\icq6.5\icq.exe |
"UDP Query User{DC6C9D59-E2BA-4EFE-882F-B9BD7F1CE7E5}C:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\spiele\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{DE879294-C75F-41E6-803D-39503EE01E74}C:\spiele\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft\war3.exe |
"UDP Query User{DFBFD42D-0752-40AB-BB24-78FB78EBC089}C:\spiele\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft\war3.exe |
"UDP Query User{E8D3E7F7-D890-40EB-B924-8D36A6D0E47D}C:\spiele\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\spiele\world of tanks\wotlauncher.exe |
"UDP Query User{E8E03C03-140B-4527-B1F4-D3B9C844B121}C:\spiele\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\spiele\flatout\flatout.exe |
"UDP Query User{EA200AF7-639D-4F46-85C5-E4980DF3323A}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{EB8872A3-63CA-45F6-845E-4D9402C92E6C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{ED08691D-51BA-4340-BD02-F9E9875A8C4D}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"UDP Query User{FCE7BA74-8274-47B1-955F-DA1FF07BBD7B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{197985EE-73F2-B182-6AEB-21926621ED5D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BullGuard" = BullGuard Backup
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ffdshow64_is1" = ffdshow x64 v1.1.3721 [2011-01-07]
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03420F19-6E4C-4114-805E-8B465019FBB3}" = Jalbum
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4676D76B-1BA9-4E4D-9615-72FEA5F6B007}" = Unified Remote
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Essentials 9
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9046809-36B2-4A99-AD7F-C0C16AD773EC}" = TImeSpan Creator
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6130A03-30EE-D4AD-63C8-E90F422C76C5}" = HydraVision
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.04.8012
"ACE LoL Client" = League of Legends - ACE Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.2.1
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Blitzkrieg" = Blitzkrieg Mod
"BurnAware Free_is1" = BurnAware Free 2.3.8
"Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.10
"Canopus DV Codec" = Canopus DV Codec
"Company of Heroes" = Company of Heroes
"CrypTool" = CrypTool 1.4.30
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2a
"DivX Setup" = DivX-Setup
"doubleTwist" = doubleTwist
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.3.5
"Firebird SQL Server D" = Firebird SQL Server (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 5.0.2.1125
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.11.508
"Free Midi Converter_is1" = Free Midi Converter version 1.0.0.0
"Free Video Dub_is1" = Free Video Dub version 2.0.8.508
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"GoldWave v5.06" = GoldWave v5.06
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"League of Legends_is1" = League of Legends
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Fotos auf CD & DVD 5.0 D" = MAGIX Fotos auf CD & DVD 5.0 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Mastering Edition" = Steinberg Mastering Edition v1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.46a
"Notepad++" = Notepad++
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24
"Steam App 113400" = APB Reloaded
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steinberg Voice Designer v1.03" = Steinberg Voice Designer v1.03
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"Warp VST V1.0" = Warp VST V1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2012 04:29:57 | Computer Name = Fabians-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.06.2012 04:29:57 | Computer Name = Fabians-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 06.12.2012 09:09:45 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.12.2012 09:09:49 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.12.2012 09:09:51 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.12.2012 09:09:54 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.12.2012 09:10:04 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.12.2012 09:10:07 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.12.2012 09:10:10 | Computer Name = Fabians-PC | Source = Application Hang | ID = 1002
Description = Programm speedfan.exe, Version 4.37.0.236 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 14b0 Anfangszeit: 01cdd3b2f60b7579 Zeitpunkt der
Beendigung: 8
Error - 06.12.2012 09:10:11 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 06.12.2012 13:29:29 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 06.12.2012 13:30:25 | Computer Name = Fabians-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -15292918
Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal
-54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone
korrekt sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123)
funktionsfähig ist.
Error - 06.12.2012 13:30:34 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.12.2012 13:30:36 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.12.2012 13:34:21 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 06.12.2012 13:34:21 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.12.2012 13:38:32 | Computer Name = Fabians-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um -15292918
Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal
-54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone
korrekt sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123)
funktionsfähig ist.
Error - 13.06.2012 07:07:57 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 13.06.2012 07:08:39 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2012 07:08:43 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Ich hoffe ihr werdet nicht fündig und bedanke mich schon jetzt einmal! lG Fabian |
|
14.06.2012, 07:50
| #2 | ||
| /// Helfer-Team    | Bin ich infiziert? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. nur prüfen! MBR mit aswMBR von Avast prüfen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin). XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern. Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread. 3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
4. Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. ► Wenn komplette Scanergebnis von Antivir vorliegt bzw gespeichert hast, bitte auch posten! Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
14.06.2012, 08:02
| #3 |
| | Bin ich infiziert? Hallo Kira!
__________________Danke schon jetzt für deine Hilfe, aber ich habe noch eine Frage: Malwarebytes konnte ich gestern (nach mehrfachem Versuch) nicht updaten - daher nutze ich nun SuperAntiSpyware - ist dir ein Log davon auch recht? AntiVir habe ich gestern gegen Avast! getauscht - selbe Frage: Geht der Log hiervon auch? Reiche dann alles so schnell als möglich nach. lG Fabian |
|
14.06.2012, 08:44
| #4 | ||
| /// Helfer-Team | Bin ich infiziert?Zitat:
Zitat:
wenn Avast keine Funde gemeldet, dann ist nix...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.06.2012, 14:37
| #5 |
| | Bin ich infiziert? Okay, dann hier mal der Bericht: Der SUPERAntiSpyware Scan Log: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/14/2012 at 02:37 PM
Application Version : 5.1.1002
Core Rules Database Version : 8733
Trace Rules Database Version: 6545
Scan type : Complete Scan
Total Scan Time : 01:16:32
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 873
Memory threats detected : 0
Registry items scanned : 70312
Registry threats detected : 0
File items scanned : 101715
File threats detected : 5
Trojan.Agent/Gen-Downloader
C:\PROGRAM FILES (X86)\CRYPTOOL\UNINSTALL.EXE
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CRYPTOOL\DEINSTALLIEREN.LNK
Adware.Tracking Cookie
accounts.google.com [ C:\USERS\FABIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\FABIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\FABIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
install Log von CCleaner: Code:
ATTFilter 3DMark06 Futuremark 17.01.2009 1.279MB 1.1.0
7-Zip 4.57 (x64 edition) Igor Pavlov 14.08.2008 3,71MB 4.57.00.0
Adobe AIR Adobe Systems Inc. 06.11.2010 28,4MB 2.5.0.16600
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 27.04.2012 11.2.202.233
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 22.10.2011 31,5MB 11.0.1.152
Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 11.04.2012 121,0MB 10.1.3
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 28.12.2010 11.5.9.615
Age of Empires III Microsoft Game Studios 30.01.2009 2.961MB 1.00.0000
Age of Empires III - The Asian Dynasties Microsoft Game Studios 19.06.2009 3.768MB 1.00.0000
Age of Empires III - The WarChiefs Microsoft Game Studios 30.01.2009 2.961MB 1.00.0000
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 15.12.2011 26,2MB 3.0.855.0
ANNO 2070 Ubisoft 13.04.2012 5.619MB 1.0.0.0
APB Reloaded 09.12.2011 5.341MB
Apple Application Support Apple Inc. 30.10.2009 32,2MB 1.0.1
Apple Mobile Device Support Apple Inc. 30.10.2009 40,8MB 2.6.0.32
Apple Software Update Apple Inc. 24.12.2008 2,16MB 2.1.1.116
Audacity 1.2.6 18.07.2009 8,43MB
Audiograbber 1.83 SE Audiograbber Deutschland 1.83 SE
Aufstieg des Hexenkönigs™ 14.08.2008 2.930MB
Auto Gordian Knot 2.55 len0x 18.11.2010 36,3MB 2.55
Avanquest update Avanquest Software 14.06.2009 2,48MB 1.12
avast! Free Antivirus AVAST Software 12.06.2012 237MB 7.0.1426.0
AviSynth 2.5 18.11.2010 24,3MB
Battlefield Vietnam(TM) 17.08.2009 1.677MB
Blitzkrieg Mod HQ-CoH.com 27.06.2010 2.0.0.3
Bonjour Apple Inc. 31.10.2009 0,60MB 1.0.106
BullGuard Backup BullGuard Ltd. 10.06.2012 33,9MB 10
BurnAware Free 2.3.8 Burnaware Technologies 01.08.2009 12,7MB
Calc 3D Pro Deutsch 2.1.10 16.12.2011 10,6MB 2.1.10
Call of Duty(R) 4 - Modern Warfare(TM) Activision 28.08.2008 6.610MB 1.7
Canopus DV Codec 10.01.2011 4,00KB
CCleaner Piriform 22.05.2012 9,68MB 3.19
Company of Heroes THQ Inc. 28.09.2011 7.932MB 2.602.0
CrypTool 1.4.30 08.12.2010 95,5MB 1.4.30
CrystalDiskInfo 4.6.2a Crystal Dew World 05.06.2012 3,38MB 4.6.2a
Der Herr der Ringe Online v03.04.04.8012 Turbine, Inc. 21.01.2012 9.568MB 03.04.04.8012
Die Schlacht um Mittelerde™ II 14.08.2008 8.173MB
DivX-Setup DivX, LLC 16.12.2011 3,43MB 2.6.1.3
doubleTwist doubleTwist Corporation 03.05.2012 56,3MB 3.2.1.14961
Driver Sweeper Version 3.2.0 Phyxion.net 15.12.2011 13,1MB 3.2.0
Dropbox Dropbox, Inc. 22.09.2011 26,3MB 1.1.45
DVD Decrypter (Remove Only) 20.12.2008 0,91MB
DVD Shrink 3.2 DVD Shrink 22.03.2009 0,97MB
DVRManager 14.11.2010 3,91MB
EE-ZDE 28.12.2010 5,29MB
Empire Earth 28.12.2010 398MB
Fallout 3 Bethesda Softworks 27.06.2009 5.863MB 1.00.0000
ffdshow [rev 2527] [2008-12-19] 07.12.2011 15,6MB 1.0
ffdshow x64 v1.1.3721 [2011-01-07] 10.01.2011 11,5MB 1.1.3721.0
FIFA 09 Electronic Arts 28.12.2009 5.635MB 1.0.1.1
FileZilla Client 3.3.5 20.11.2010 12,0MB 3.3.5
Firebird SQL Server (D) 16.11.2008 5,49MB 1.5.2.4732
Fix-It Essentials 9 Avanquest North America, Inc. 15.06.2009 65,6MB 9.0.3.9
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 15.04.2011 2,58MB
Free Audio Converter version 5.0.2.1125 DVDVideoSoft Ltd. 25.11.2011 7,70MB
Free AVI Video Converter version 5.0.11.508 DVDVideoSoft Ltd. 26.05.2012 14,5MB 5.0.11.508
Free Midi Converter version 1.0.0.0 Piston Software 16.07.2009 1,09MB 1.0.0.0
Free Video Dub version 2.0.8.508 DVDVideoSoft Ltd. 26.05.2012 12,8MB 2.0.8.508
Free Video to Flash Converter version 4.1 DVD Video Soft Limited. 15.09.2008 12,0MB
Free YouTube Download 2.3 DVDVideoSoft Limited. 18.12.2009 2,87MB
Free YouTube to MP3 Converter version 3.11.22.508 DVDVideoSoft Ltd. 09.05.2012 3,00MB 3.11.22.508
Freemake Video Converter Version 3.0.2 Ellora Assets Corporation 23.03.2012 46,4MB 3.0.2
GoldWave v5.06 06.06.2012 4,63MB
Google Chrome Google Inc. 06.12.2011 175,6MB 19.0.1084.56
Google Earth Plug-in Google 16.11.2011 40,9MB 6.1.0.5001
Grand Theft Auto IV Rockstar Games 09.08.2009 15.342MB 1.00.0000
Guitar Pro 5.2 Arobas Music 29.09.2008 306MB
Half-Life 2 Valve 11.11.2011 701MB
Half-Life 2: Episode One Valve 11.11.2011 524MB
Half-Life 2: Episode Two Valve 11.11.2011 424MB
Hamachi 1.0.1.5 29.06.2010
HD Tune 2.55 EFD Software 10.06.2012
HijackThis 2.0.2 TrendMicro 07.10.2008 0,39MB 2.0.2
ICQ7.2 ICQ 04.07.2010 47,4MB 7.2
ImgBurn LIGHTNING UK! 25.11.2011 2,13MB 2.5.6.0
IrfanView (remove only) Irfan Skiljan 13.06.2010 11,5MB 4.27
iTunes Apple Inc. 30.10.2009 133,7MB 9.0.2.25
Jalbum Jalbum AB 17.06.2010 19,4MB 8.9.1
Java(TM) 6 Update 18 Sun Microsystems, Inc. 16.04.2010 97,1MB 6.0.180
Java(TM) 6 Update 31 Oracle 22.02.2012 95,1MB 6.0.310
Java(TM) 6 Update 7 Sun Microsystems, Inc. 14.08.2008 136,2MB 1.6.0.70
League of Legends 24.09.2010 2.519MB
League of Legends - ACE Client ACE Client Team & Riot Games 02.04.2011 2.133MB
Logitech Gaming Software 8.12 Logitech Inc. 16.12.2011 28,7MB 8.12.030
Logitech QuickCam Logitech Inc. 13.01.2009 27,7MB 11.80.1065
MAGIX Foto Manager 2006 (D) MAGIX AG 14.09.2009 40,9MB 3.0.1.78
MAGIX Fotos auf CD & DVD 5.0 (D) MAGIX AG 14.09.2009 722MB 5.0.2.0
MAGIX Music Manager (D) MAGIX AG 16.11.2008 24,2MB 1.1.1.692
MAGIX Online Druck Service Silverwire Software GmbH 14.09.2009 6,38MB
Microsoft .NET Framework 1.1 08.02.2011
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 24.03.2009 42,1MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.03.2009 32,4MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.07.2010 189,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.07.2010 46,5MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 06.02.2011 46,4MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 06.02.2011 12,0MB 4.0.30319
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 06.05.2011 31,3MB 3.5.88.0
Microsoft Games for Windows Marketplace Microsoft Corporation 07.05.2011 6,04MB 3.5.50.0
Microsoft Picture It! Foto Premium 9 Microsoft Corporation 01.01.2009 99,9MB 9.0.0.0000
Microsoft Silverlight Microsoft Corporation 18.05.2012 301MB 5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 27.06.2009 1,74MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 27.06.2009 0,61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 28.06.2009 1,45MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.12.2011 2,62MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 08.04.2012 0,69MB 8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 18.04.2010 0,21MB 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 22.04.2011 0,77MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 21.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 16.04.2010 2,52MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 09.12.2010 0,76MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,76MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 17.04.2010 0,22MB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.03.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.06.2012 0,22MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,58MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 11.09.2011 13,7MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2011 15,0MB 10.0.40219
Mp3tag v2.46a Florian Heidenreich 30.07.2010 5,03MB v2.46a
MSI Afterburner 2.2.1 MSI Co., LTD 31.05.2012 46,7MB 2.2.1
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 14.08.2008 1,27MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 14.08.2008 1,27MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0
Nero Online Upgrade 14.08.2008
Nero StartSmart OEM 14.08.2008
Notepad++ 29.03.2009 6,09MB 5.3.1
NVIDIA Drivers NVIDIA Corporation 20.07.2011 3.090MB 1.3
NVIDIA ForceWare Network Access Manager 05.10.2010
NVIDIA PhysX NVIDIA Corporation 11.12.2011 75,8MB 9.10.0129
OpenOffice.org 3.2 OpenOffice.org 17.04.2010 373MB 3.2.9483
Overlord Codemasters 18.08.2009 3.654MB 1.00.0606
Pando Media Booster Pando Networks Inc. 20.01.2012 7,05MB 2.6.0.1
PC Connectivity Solution Nokia 30.05.2010 17,6MB 8.47.7.0
PCSUITE INSPECTOR Markement GmbH 10.06.2012 24,4MB
Portal Valve 11.11.2011 287MB
PunkBuster für Battlefield Vietnam 17.08.2009 1.677MB
PunkBuster Services Even Balance, Inc. 11.12.2011 0.991
QuickTime Apple Inc. 31.10.2009 76,5MB 7.64.17.73
RealPlayer RealNetworks 20.05.2012 91,5MB 15.0.4
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.01.2012 11,6MB 6.0.1.6526
RivaTuner v2.24 Alexey Nicolaychuk 11.04.2009 28,0MB v2.24
Rockstar Games Social Club Rockstar Games 09.08.2009 1,89MB 1.00.0000
Samsung Master Samsung 24.12.2009 161,0MB 1.1.14
SAMSUNG Mobile Composite Device Software 31.05.2010 0,14MB
Samsung Mobile Modem Device Software 31.05.2010 0,14MB
SAMSUNG Mobile Modem Driver Set 31.05.2010
SAMSUNG Mobile Modem V2 Software 31.05.2010
Samsung Mobile phone USB driver Software 31.05.2010 0,14MB
SAMSUNG Mobile USB Device SAMSUNG 31.05.2010 0,13MB 1.00.0000
SAMSUNG Mobile USB Download Driver Software 31.05.2010 2,59MB
SAMSUNG Mobile USB Modem 1.0 Software 31.05.2010 0,14MB
Samsung Mobile USB Modem Device Software 31.05.2010 0,14MB
SAMSUNG Mobile USB Modem Software 31.05.2010 0,14MB
SAMSUNG SYMBIAN USB Download Driver SAMSUNG Electronics CO,.LTD 31.05.2010 2,59MB 1.1.808.7165
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 30.05.2010 29,6MB 1.3.350.0
SAMSUNG USB Mobile Device Software 31.05.2010 0,14MB
SamsungConnectivityCableDriver Samsung 31.05.2010 0,72MB 6.83.6.2.1
Skype Toolbars Skype Technologies S.A. 25.04.2010 5,25MB 1.0.4051
Skype™ 4.2 Skype Technologies S.A. 26.04.2010 31,8MB 4.2.158
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 24.11.2011 29,7MB 9.0.0
Star Wars Battlefront II LucasArts 03.09.2008 4.405MB 1.0
Steam Valve 12.11.2011 24,4MB 1.0.0.0
Steinberg Mastering Edition v1.0 18.07.2009 7,84MB
Steinberg Voice Designer v1.03 18.07.2009
Steinberg VoiceMachine v1.0 18.07.2009
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 eRightSoft 23.09.2011 56,0MB v2011.build.49
SUPER © Version 2008.bld.33 (Sep 2, 2008) eRightSoft 24.12.2008 2.521MB Version 2008.bld.33 (Sep 2, 2008)
SUPERAntiSpyware SUPERAntiSpyware.com 12.06.2012 121,5MB 5.1.1002
Team Fortress 2 Valve 11.11.2011 847MB
TeamSpeak 3 Client TeamSpeak Systems GmbH 08.12.2010 37,8MB
TeamViewer 6 TeamViewer GmbH 16.12.2010 37,1MB 6.0.9947
TI Connect 1.6 Texas Instruments Incorporated 07.02.2011 28,0MB 1.6
TI NoteFolio Creator Texas Instruments Incorporated 07.02.2011 4,01MB 1.1.0.276
TImeSpan Creator Texas Instruments Incorporated 06.02.2011 4,10MB 1.1.0.269
Tom Clancy's Rainbow Six Vegas Ubisoft 23.06.2009 6.366MB 1.06.000
Tunngle beta Tunngle.net GmbH 22.05.2011 8,32MB
Ubisoft Game Launcher UBISOFT 13.04.2012 36,1MB 1.0.0.0
Unified Remote Unified Remote 02.04.2012 1,95MB 2.3.0.0
Uninstall 1.0.0.1 15.04.2011 16,4MB
Unity Web Player Unity Technologies ApS 21.02.2012 0,20MB
Video mp3 Extractor GeoVid 22.11.2008 2,38MB
Virtual DJ - Atomix Productions 09.09.2009 19,1MB
VirtualCloneDrive Elaborate Bytes 06.04.2012 2,37MB
VirtualCom driver ait 30.05.2010 0,92MB 1.0.0
VLC media player 1.1.5 VideoLAN 14.11.2010 49,1MB 1.1.5
VobSub v2.23 (Remove Only) 18.11.2010 0,38MB
Warcraft III Blizzard Entertainment 02.07.2009 1.274MB
Warp VST V1.0 18.07.2009
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) Texas Instruments Inc. 06.02.2011 06/11/2009 1.0.0.0
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) Texas Instruments Inc. 06.02.2011 09/02/2009 1.0.0.1
Windows Live Essentials Microsoft Corporation 27.06.2009 139,4MB 14.0.8064.0206
Windows Live ID Sign-in Assistant Microsoft Corporation 16.11.2010 8,12MB 6.500.3165.0
Windows Live Sync Microsoft Corporation 27.06.2009 2,80MB 14.0.8064.206
Windows Live-Uploadtool Microsoft Corporation 28.06.2009 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 14.08.2008 0,29MB 1.0.0.8
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 30.05.2010 13,7MB 08/22/2008 7.0.0.0
World of Warplanes Wargaming.net 07.06.2012 8.637MB
Xfire (remove only) 14.08.2008 14,0MB
XviD MPEG4 Video Codec (remove only) 18.11.2010 44,00KB
XviD v1.3.0 CVS Celtic Druid 10.01.2011 0,66MB
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-14 15:10:43
-----------------------------
15:10:43.324 OS Version: Windows x64 6.0.6002 Service Pack 2
15:10:43.324 Number of processors: 2 586 0xF0B
15:10:43.324 ComputerName: FABIANS-PC UserName: Fabian
15:10:44.644 Initialize success
15:10:44.691 AVAST engine defs: 12061400
15:10:56.025 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
15:10:56.031 Disk 0 Vendor: ST340062 3.AA Size: 381554MB BusType: 3
15:10:56.053 Disk 0 MBR read successfully
15:10:56.055 Disk 0 MBR scan
15:10:56.057 Disk 0 Windows VISTA default MBR code
15:10:56.071 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 281552 MB offset 2048
15:10:56.095 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 50000 MB offset 576620544
15:10:56.115 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50000 MB offset 679020544
15:10:56.180 Disk 0 scanning C:\Windows\system32\drivers
15:11:05.561 Service scanning
15:11:12.110 Service GMSIPCI G:\INSTALL\GMSIPCI.SYS **LOCKED** 21
15:11:25.988 Modules scanning
15:11:25.992 Disk 0 trace - called modules:
15:11:26.345 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
15:11:26.348 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004daa790]
15:11:26.350 3 CLASSPNP.SYS[fffffa600124dc33] -> nt!IofCallDriver -> [0xfffffa8004b9de40]
15:11:26.354 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\00000065[0xfffffa8004bee060]
15:11:27.664 AVAST engine scan C:\Windows
15:11:43.467 AVAST engine scan C:\Windows\system32
15:14:41.219 AVAST engine scan C:\Windows\system32\drivers
15:14:53.555 AVAST engine scan C:\Users\Fabian
15:36:24.098 AVAST engine scan C:\ProgramData
15:39:54.090 Scan finished successfully
15:40:54.153 Disk 0 MBR has been saved successfully to "C:\Users\Fabian\Desktop\MBR.dat"
15:40:54.156 The log file has been saved successfully to "C:\Users\Fabian\Desktop\aswMBR.txt"
Nochmals danke für deine Hilfe! lG Fabian Geändert von FabFaeb (14.06.2012 um 14:48 Uhr) |
|
14.06.2012, 14:42
| #6 | |
| /// Helfer-Team | Bin ich infiziert?Zitat:
__________________ --> Bin ich infiziert? |
|
14.06.2012, 14:47
| #7 |
| | Bin ich infiziert? Habe den aswMBR-Log in den vorigen Beitrag editiert. |
|
14.06.2012, 15:04
| #8 | ||
| /// Helfer-Team | Bin ich infiziert? 1. Zitat:
► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=&src=crm&q={searchTerms}&locale=
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchBFII.exe
O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell - "" = AutoRun
O33 - MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
[2012.06.13 13:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.13 13:19:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000UA.job
[2012.06.13 13:08:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.12 18:19:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000Core.job
@Alternate Data Stream - 752 bytes -> C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DE6B1A0-2172-406E-913A-CFFC87D5C576}" =-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " für 64 Bit: Java(TM) 7 Update 4 - von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 4. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 5. reinige dein System mit CCleaner:
6. ALTE VERSION!!!: Code:
ATTFilter Logfile of HijackThis 2.0.2
also lösche/deinstalliere HijackThis "2.0.2." und lade Dir erneut von hier TrendMicro™ HijackThis™/Version 2.0.4 herunter, poste das neue Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! 7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 8. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 9. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.06.2012, 18:58
| #9 |
| | Bin ich infiziert? So, habe all deine Schritte befolgt. 1.) Spybot habe ich ja gestern durch SUPERAntiSpyware ersetzt. 2.) Der OTL Fixed Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.update\ deleted successfully.
Invalid CLSID key: *.update
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.update\ not found.
Invalid CLSID key: *.update
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ce4474-5eb5-11df-808d-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ce4474-5eb5-11df-808d-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ce4474-5eb5-11df-808d-0019db617af5}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ef1771-54ec-11e1-9c8e-0019db617af5}\ not found.
File H:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c095cd20-6a1f-11dd-a042-806e6f6e6963}\ not found.
File G:\LaunchBFII.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2928a5-a1ee-11de-8526-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2928a5-a1ee-11de-8526-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da2928a5-a1ee-11de-8526-0019db617af5}\ not found.
File N:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd0f687-20aa-11e0-9ce3-0019db617af5}\ not found.
File "I:\WD SmartWare.exe" autoplay=true not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-459657788-2412600428-1289256178-1000Core.job moved successfully.
ADS C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DE6B1A0-2172-406E-913A-CFFC87D5C576} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DE6B1A0-2172-406E-913A-CFFC87D5C576}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
C:\Users\Fabian\Desktop\cmd.bat deleted successfully.
C:\Users\Fabian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Fabian
->Temp folder emptied: 2425943204 bytes
->Temporary Internet Files folder emptied: 3695023 bytes
->Java cache emptied: 3251583 bytes
->Google Chrome cache emptied: 174146913 bytes
->Flash cache emptied: 60117 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59367355 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32319201 bytes
Total Files Cleaned = 2.574,00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06142012_161456
Files\Folders moved on Reboot...
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_NlbdLmziYGIp9uF not found!
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_oQ9bGJVIfTTaE2g not found!
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_OrUjr9v5ooleJHW not found!
File\Folder C:\Users\Fabian\AppData\Local\Temp\etilqs_ZBbYPVGLViwSW6O not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
4.) Alles klar. 5.) System ist bereinigt. 6.) Neue HijackThis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:21:05, on 14.06.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Unified Remote\RemoteServer.exe C:\Program Files\real\realplayer\Update\realsched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\SysWOW64\conime.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O15 - Trusted Zone: hxxp://download.windowsupdate.com O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Program Files\Common\Database\bin\fbserver.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: PCSUITE INSPECTOR Service (PCSUITEINSPECTORSVC) - Markement - C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12843 bytes 8.) Eset findet 2 infizierte Dateien "a variant of Win32/Kryptik.FNT trojan": Code:
ATTFilter C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS5158974E2D28401893357694C2974746_9_0_3_9.MSI a variant of Win32/Kryptik.FNT trojan deleted - quarantined
C:\Program Files (x86)\Fix It 09\W32Int13.dll a variant of Win32/Kryptik.FNT trojan cleaned by deleting - quarantined
Siehe nächster Post. Geändert von FabFaeb (14.06.2012 um 19:54 Uhr) |
|
14.06.2012, 19:51
| #10 |
| | Bin ich infiziert? OTL.txt: Code:
ATTFilter OTL logfile created on: 14.06.2012 20:24:18 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Fabian\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19272) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 38,15% Memory free 8,20 Gb Paging File | 5,33 Gb Available in Paging File | 65,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 274,95 Gb Total Space | 35,38 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 10,04 Gb Free Space | 20,56% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 16,05 Gb Free Space | 32,86% Space Free | Partition Type: NTFS Drive R: | 1397,26 Gb Total Space | 1163,74 Gb Free Space | 83,29% Space Free | Partition Type: NTFS Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 16:13:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe PRC - [2012.05.21 23:19:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\real\realplayer\Update\realsched.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.03.04 12:59:58 | 000,232,032 | ---- | M] (Unified Intents AB) -- C:\Program Files (x86)\Unified Remote\RemoteServer.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe PRC - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Programme\Tunngle\TnglCtrl.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.07.26 09:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 09:13:37 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012.06.14 09:13:26 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2012.05.12 13:35:06 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll MOD - [2012.05.12 13:33:17 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll MOD - [2012.05.12 09:23:06 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll MOD - [2012.05.12 09:23:01 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012.05.12 09:23:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.12 09:22:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.12 09:22:51 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.12 09:22:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.05.01 08:51:14 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc) SRV - [2012.06.11 10:17:00 | 000,161,112 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Programme\BullGuard Ltd\BullGuard Backup\Support\BgRaSvc.exe -- (BgRaSvc) SRV - [2012.06.11 10:15:11 | 000,269,656 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BsMain.dll -- (BsMain) SRV - [2012.06.11 10:11:59 | 000,409,944 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe -- (BsUpdate) SRV - [2012.04.28 11:14:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.02 20:54:10 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.12 19:50:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) [Auto | Running] -- C:\Program Files (x86)\Festplattentools\PCSUITE INSPECTOR\inspectorsvc.exe -- (PCSUITEINSPECTORSVC) SRV - [2010.11.22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2010.05.04 04:33:54 | 009,241,088 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\SAMSUNG\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare) SRV - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 14:43:24 | 000,161,048 | ---- | M] (Avanquest North America, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\FIXIT0~1\MXTask.exe -- (Fix-It Essentials Task Manager) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.07.26 09:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2008.07.26 09:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer) SRV - [2005.08.10 14:26:14 | 001,527,900 | ---- | M] (The Firebird Project) [On_Demand | Stopped] -- C:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 01:02:05 | 000,043,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr) DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.17 12:14:04 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.12.17 12:14:04 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.12.17 12:13:50 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.17 19:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2011.07.27 20:48:14 | 000,014,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.05.06 12:28:18 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.05.06 12:28:16 | 000,159,136 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010.05.06 12:28:16 | 000,125,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2010.05.06 12:28:16 | 000,016,800 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.05.01 08:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.09.03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys -- (TIEHDUSB) DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.06.24 21:52:37 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.30 23:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.04.30 22:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2009.04.30 22:55:48 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.08.16 20:56:09 | 000,312,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2008.08.16 20:56:09 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2008.07.26 09:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2007.08.20 11:05:02 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64) DRV:64bit: - [2007.08.08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool) DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2010.05.01 08:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2009.10.05 09:29:46 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.08.18 22:31:29 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) DRV - [2009.04.12 14:23:12 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\oc u. ähnliches\Rivatuner\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64) DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 80 8D 94 E8 DB CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 16:43:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.21 23:20:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard Backup\files32\backup\thunderbirdbkplugin [2012.06.11 09:55:47 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: YouTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.34_0\ CHR - Extension: avast! WebRep = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\CRX_INSTALL\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: Google Mail = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.13 15:34:12 | 000,000,875 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000026 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Vertrauenswürdige Sites) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C0E4BA-CED3-45F6-8D9A-27AE468C5E5B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D6DFE45-A6DD-45ED-BE9A-FF2D87CFC2E0}: DhcpNameServer = 7.254.254.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Hamburg '11\SDC12516.JPG O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 17:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.14 17:19:57 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.06.14 17:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijack This [2012.06.14 16:58:23 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.14 16:58:23 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.14 16:58:23 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.14 16:58:17 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.14 16:58:17 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.14 16:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.14 16:14:56 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.14 16:13:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2012.06.14 15:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.06.14 13:21:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fabian\Desktop\aswMBR.exe [2012.06.13 18:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.06.13 18:18:03 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.06.13 18:18:03 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.06.13 18:18:00 | 000,043,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2012.06.13 18:17:59 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.06.13 18:17:58 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.06.13 18:17:56 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.06.13 18:17:55 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.06.13 18:16:35 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.06.13 18:16:34 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.06.13 18:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.06.13 18:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.06.13 17:34:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\SUPERAntiSpyware.com [2012.06.13 17:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.13 17:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.13 17:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.13 13:22:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 13:22:51 | 000,742,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.13 13:22:50 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 13:22:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 13:22:50 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.06.13 13:22:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.06.13 13:22:50 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.06.13 13:22:50 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.06.13 13:22:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 13:22:50 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 13:22:50 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 13:22:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.06.13 13:22:50 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.06.13 13:22:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 13:22:50 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.06.13 13:22:49 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.06.13 13:22:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.06.13 13:22:49 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.06.13 13:22:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 13:22:49 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 13:22:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 13:22:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.06.13 13:22:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.06.13 13:22:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.06.13 13:22:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.06.13 13:22:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.06.13 13:22:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.06.13 13:22:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.06.13 13:22:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.06.13 13:22:38 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 13:22:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.11 10:12:18 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\BullGuard [2012.06.11 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2012.06.11 10:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Festplattentools [2012.06.11 09:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012.06.11 09:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard [2012.06.11 09:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard [2012.06.11 09:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\BullGuard Ltd [2012.06.09 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Bewerbung Mannheim [2012.06.08 10:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes [2012.06.07 22:28:19 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\msvci70.dll [2012.06.07 22:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave [2012.06.07 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Audible [2012.06.07 20:26:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll [2012.06.06 18:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo [2012.06.01 16:30:44 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2012.06.01 16:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2012.05.21 23:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.05.21 23:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.05.21 23:19:50 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.05.21 23:19:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.05.21 23:19:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.05.21 23:19:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.05.21 23:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks ========== Files - Modified Within 30 Days ========== [2012.12.06 15:22:13 | 000,002,087 | ---- | M] () -- C:\Users\Fabian\Desktop\Google Chrome.lnk [2012.06.14 20:18:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 19:15:38 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 19:15:38 | 000,004,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 17:25:09 | 001,594,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 17:25:09 | 000,683,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 17:25:09 | 000,642,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 17:25:09 | 000,150,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 17:25:09 | 000,123,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 17:19:57 | 000,001,986 | ---- | M] () -- C:\Users\Fabian\Desktop\HiJackThis.lnk [2012.06.14 17:12:08 | 000,385,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 17:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 17:04:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.14 17:04:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2012.06.14 16:57:53 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.14 16:57:53 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.14 16:57:53 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.14 16:57:50 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.14 16:57:48 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.14 16:18:14 | 000,003,488 | ---- | M] () -- C:\Users\Fabian\Documents\MSP Expo, certified.eml [2012.06.14 16:13:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2012.06.14 14:59:10 | 000,001,356 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat [2012.06.14 13:22:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fabian\Desktop\aswMBR.exe [2012.06.13 18:18:04 | 000,001,803 | ---- | M] () -- C:\Users\Fabian\Desktop\avast! Free Antivirus.lnk [2012.06.13 18:17:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.06.13 17:33:52 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.13 15:34:12 | 000,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.11 11:53:10 | 000,199,168 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.11 09:55:55 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk [2012.06.08 10:50:21 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2012.05.21 23:19:50 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.05.21 23:19:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.05.21 23:19:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.05.21 23:19:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.05.20 20:29:43 | 000,058,042 | ---- | M] () -- C:\Users\Fabian\Documents\thomaskrone.odt ========== Files Created - No Company Name ========== [2012.06.14 17:19:57 | 000,001,986 | ---- | C] () -- C:\Users\Fabian\Desktop\HiJackThis.lnk [2012.06.13 18:36:32 | 000,001,803 | ---- | C] () -- C:\Users\Fabian\Desktop\avast! Free Antivirus.lnk [2012.06.13 18:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.06.13 17:33:52 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.11 09:55:55 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard Backup.lnk [2012.06.08 10:50:21 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2012.05.20 20:21:13 | 000,058,042 | ---- | C] () -- C:\Users\Fabian\Documents\thomaskrone.odt [2011.12.08 23:22:08 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.24 12:07:12 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.21 12:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.23 22:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.04.16 17:38:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.16 17:38:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.07 21:37:40 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat [2011.02.07 20:27:38 | 001,573,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.29 21:26:53 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.11.19 16:41:22 | 000,000,565 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini [2010.09.27 22:52:01 | 000,150,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll ========== LOP Check ========== [2011.07.06 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft [2009.05.08 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AceBIT [2009.06.15 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Avanquest [2012.06.11 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard [2008.11.26 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Canneverbe_Limited [2008.11.11 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Cornelsen [2010.12.09 23:23:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CrypTool [2011.12.29 23:30:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dropbox [2012.05.27 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft [2011.04.16 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.14 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FileZilla [2012.06.06 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2011.11.17 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ImgBurn [2010.06.14 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView [2010.06.17 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\JAlbum [2009.01.14 13:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech [2010.07.27 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient [2009.07.19 20:23:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MAGIX [2008.09.08 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2008.08.15 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Meine Die Schlacht um Mittelerde -Dateien [2008.12.25 02:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag [2009.03.30 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Notepad++ [2011.10.10 20:48:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OfficeRecovery [2010.12.29 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenArena [2009.06.04 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org [2010.05.31 19:00:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Suite [2012.05.10 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\RipIt4Me [2011.11.29 00:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Samsung [2009.01.05 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u [2009.07.19 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steinberg [2011.01.25 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TeamViewer [2011.05.18 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds [2011.07.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tunngle [2012.04.14 11:57:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ubisoft [2011.11.28 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unified Remote [2012.02.22 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Unity [2010.11.29 17:31:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\W [2012.06.08 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\wargaming.net [2012.06.14 17:04:01 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.13 20:18:57 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94EF8A00-19B1-42B2-BF10-FE258F391200}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 752 bytes -> C:\Users\Fabian\Documents\MSP Expo, certified.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.06.2012 20:24:18 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Fabian\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 38,15% Memory free
8,20 Gb Paging File | 5,33 Gb Available in Paging File | 65,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,95 Gb Total Space | 35,38 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 10,04 Gb Free Space | 20,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 16,05 Gb Free Space | 32,86% Space Free | Partition Type: NTFS
Drive R: | 1397,26 Gb Total Space | 1163,74 Gb Free Space | 83,29% Space Free | Partition Type: NTFS
Computer Name: FABIANS-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = B2 39 E6 04 DB FE C8 01 [binary data]
"VistaSp2" = 75 47 43 BA C9 ED C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04100698-9114-49EA-92AD-DE29C3161DB5}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{10ADAA98-3557-4884-BFAB-CDEC9A14620E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{15C2B4D2-309A-42D7-BD48-C32DB6FD22E3}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher |
"{1F242E23-C91E-44A7-A32B-6BC67DD94B9C}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher |
"{20ED10D9-815D-4C75-8455-C568CA6B3092}" = lport=9000 | protocol=6 | dir=in | name=receiver |
"{23037353-4C1B-4071-80B9-5A1280CF6B8D}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{292FF059-A746-40F4-80AC-04B03BC10602}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher |
"{3308C5CE-B5D0-4756-82A5-AD2E88AD3692}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
"{35220968-49CE-4A2B-9674-35665691CFFB}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher |
"{37C970A0-C782-4C69-AC73-B86F213C47F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3857C6F6-EC2B-4677-A687-230853176615}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher |
"{398E561A-6F80-4268-BEC4-596A1DB6E0A3}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher |
"{3CB282DA-F7B5-478F-B4D4-F9D7AD567781}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher |
"{45021840-9D5F-41FB-95A2-000BD6A3DD72}" = lport=8303 | protocol=17 | dir=in | name=teeworlds |
"{458656F4-9866-4920-910A-6372BF71D35B}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{47DF3933-A8C0-4BB7-9DF9-F37D0D1E6FEA}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{49372A40-41E4-4D3F-968A-F6CD90C531A8}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{4D702D9A-D7AE-4128-B60F-E6AB43C20EF7}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{4E2FAA19-F213-443F-A92C-0E701091894B}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{616C1F18-C9F4-4BC3-81D7-E7D3242AF60E}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher |
"{65EEC43E-42A1-4B72-8B62-D4077AC60829}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{6773D17E-8F4B-4B48-B01E-E5CE6C224037}" = lport=25565 | protocol=6 | dir=in | name=minecraft |
"{6CC1DB3F-F5F2-4154-A36B-4EABF64575B5}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher |
"{7176D888-D85E-43E0-A2B0-6B1E2C0688BF}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{76494C8C-1FF3-4A8F-837D-1D89F49C0686}" = lport=9000 | protocol=17 | dir=in | name=receiver |
"{7972A541-A73B-4D80-8486-F5FED23BF541}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher |
"{7A100DB1-45B9-4BEE-87AD-8C3D65800DAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B428045-B684-4CA3-A1BB-E770577FD7C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81DB40DD-91C7-48D4-866D-69626A686B37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82BAF8FB-20C9-44EF-865D-41D451F8DB53}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher |
"{89A835D1-9B7C-4688-8C07-FA2A1DE77874}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DC35AE9-53DD-4FDE-99C8-AD70C5AA8958}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher |
"{93F9E2F1-2657-4662-939D-70A9688759DD}" = lport=25565 | protocol=17 | dir=in | name=minecraft |
"{976475FB-AE87-4761-B982-C110E40518FB}" = lport=8303 | protocol=6 | dir=in | name=teeworlds |
"{9AD45407-7D53-42D3-90C1-856660D595EB}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{9C8F8432-8C91-4A6C-8753-AD3F0CF6FAC6}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{9E87B6D1-BB3C-48C6-B863-13F1C0549425}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{A7603C99-3BCF-4948-B2B7-E8706BD433C8}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{AF58DF2D-A1AC-4D5D-84E3-DE94BE4CC2CF}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher |
"{AF70FEA6-78D6-4C4F-B649-3BB12250974F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF909A86-7403-4BCE-A316-2741CA46D7A9}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher |
"{B59AEB95-FF58-46C6-ABA0-128C79A79AA2}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{B6DCD223-B76C-4112-A9CC-1779D2351FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6FFDCCD-E2A6-4861-9CEE-4FCD8AF603D5}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{BBA76768-1957-437A-9385-80E614982BF4}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{BEB66C21-7FF0-4D77-BA72-097D52BA9E76}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher |
"{C2B530A0-22C3-47BD-A7EC-EA27401ADD98}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{C2B5708F-9FBF-49E1-BAFB-4B2399E33007}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{C4333209-AAF7-468D-BF82-23FC1B5E9661}" = lport=21 | protocol=17 | dir=in | name=receiver |
"{C6063BBD-A744-42A7-9FB0-0C2F1C7D0C8A}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{C708188A-7F92-4413-9E0D-2ADE8DCE179F}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher |
"{D0784062-DA42-48DE-A8E2-D3C9E072F96A}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher |
"{D1F503B6-EB15-49D6-8334-D01060E1BF92}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher |
"{D3A097D1-E061-4DCB-BB89-5DC57731DB22}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{D5D97A36-1206-4D67-A095-97437812B128}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{D80571D9-ABFB-4762-8076-F70AD81B6BA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2837AD2-1BDA-4C05-8553-13864BED679A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher |
"{E4C0A4B5-0606-46DA-BBC3-AC720DDA6C97}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher |
"{E562F31D-E7F1-4AE3-8E0A-83235587B06E}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{E8445FD7-D348-4619-BAA9-7CA3E7CAA7B3}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher |
"{E8C2AAAF-418B-47DE-985E-DE975BD17205}" = lport=21 | protocol=6 | dir=in | name=receiver |
"{E9F949B6-44BD-4FA4-93A0-1A17478B1B4C}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{EB9CA200-0A5F-4788-8185-2CB9FCBBC61E}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher |
"{ED6B5899-912E-42EC-899A-7CBFACF5D54C}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{EFA9C583-80A2-472B-A574-3A402C05FBBB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F657A651-C15C-4BE5-AFE7-22FB249BFF51}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{F886672B-EA4D-48F5-AAAE-37C343FFEF09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA363C42-0177-4AC7-B93A-C822E9C5E95C}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{FC9A2C56-9BE0-49EB-AF65-88C3560522C5}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FE771E8D-B62B-4240-A033-2C4C6B7A45F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E7964-0E5F-40E7-B10C-6F91644F768E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{010396E0-D40F-4528-89AB-2362CF1C4C30}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{010D6B88-64E0-4CC1-B15C-E8E635BDA04C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0876FF0C-3149-499A-A280-8B9C15CD1AEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0BCC37EB-6525-4E6F-B832-13A47032ADD5}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"{0C2E82E4-5D6F-4520-8CC0-0DEA64FC83BE}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe |
"{0DB14B72-38BE-4D98-9E45-2F4E9EB53835}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{108DDEBE-E7E2-4256-8718-AAC1A1A152F9}" = protocol=17 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe |
"{10CEFBAE-7873-4461-9B77-0A672A78AE08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12AB5F36-70E6-4A51-B862-8382D34F14EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{14265932-D0E2-409F-BA6A-0D402C288C80}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{15DA1762-A254-494C-9936-F416D0E743FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16C2AB3B-93AF-4BA4-808B-E71E99F4C8D6}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{18A19F96-861B-491F-BE9B-E897D224942A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{18B7F494-76B8-4147-B0DC-1B441DBF4837}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{19A125DD-461B-4E5F-A4A9-1042B7510214}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{1B8CA73E-ED8C-4021-85C6-C586A5A2BD40}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{1E95147B-7A08-4468-A84E-BE1D539090D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2B25DFE2-D232-4DB2-BE47-4BC08662B83D}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"{2C9582B4-8136-4A08-9590-5749F0C912AA}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\dropbox\bin\dropbox.exe |
"{2E094C49-F516-436A-B404-4DCE653C1B95}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{33AAC75A-F3A4-42EA-9A89-682FA9AC2FDA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{3410CB29-DC25-4B4E-BD31-60B78A281FA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{3921325B-3568-4A92-800A-E3927E8DA101}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{39403AF5-3650-4F7D-9212-EC54D4637BF8}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{3A1A9C3B-DE19-4801-A25A-DE6D6D9E87A7}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"{3D592DF9-8862-4991-8194-0C32CA2B0922}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{45CE5F4C-4819-4142-8A62-688BC9EEDD26}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"{4A1D52A2-F5FA-4949-A413-A7912A1473D1}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{5004ACC5-B161-4824-A132-E2D09C0F3572}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{54EA1C48-78DA-490B-A5F9-2AB5C735796E}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\.minecraft\minecraft.exe |
"{58002418-9A4E-4641-B73C-8DD498EF5CBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59D2C68E-ACB1-49DF-B5A3-0B63AA988073}" = protocol=6 | dir=out | app=system |
"{5BBDCAEE-7359-4056-9920-3851FCBBF4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC26BD7-92E2-4EAD-B1CC-CB4C59550EE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC3A78C-3E3D-4425-85AC-83186F121040}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5CB0444F-CAFC-4FA9-AEE9-B4991C34D322}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat |
"{5CF7657B-41C6-4AC1-806C-A7FF26EEEB8B}" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe |
"{5EEA0839-D093-4720-816C-10DAFB404AC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FE3C1C6-91A7-4004-8646-194B871D0B52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6832A22C-6E2F-4606-9714-AAB023FCEB1C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6BE7C66C-E81F-4B3D-BFEA-772A089751B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{725F6923-9C0E-4430-9370-088974E81E58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{74E1FCAA-3C96-4672-AE4F-3C1E90E2D056}" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe |
"{7532A1DD-5359-4862-AD36-B0B11908820E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AD12077-DC1C-440E-90DA-CD1AA821AE78}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85F48457-A447-44BE-A8C8-5E78172DBF6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B53A871-B2EC-4061-8723-52BBD7AE4791}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CDFB926-C3B0-46EB-B2DD-49A56F38D1EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D718B6E-4E8C-4B48-A49A-88703DDEDC2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DEE1533-0AA9-43A2-A88C-DD75160A5F37}" = protocol=17 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe |
"{8FEB4581-5C48-44C3-9CF4-B7C715AFD5BA}" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe |
"{907C412F-5299-4572-B3A3-5DAC7AA9179D}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{9956B587-79FE-4792-91DE-8D57422C55EE}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\game.dat |
"{9C3062C7-0353-44CF-ADBD-F3AE626AB97A}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3x.exe |
"{9C390541-6C9B-4A1D-B310-3C619C214824}" = protocol=6 | dir=in | app=c:\spiele\minecraft\minecraft 1.4\server\minecraft_server.exe |
"{A0F4312B-04CA-4B18-A2B3-B9560F004B77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1348B64-08C5-4311-89FB-37C9C8269725}" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe |
"{A4B6BBD3-BD00-490D-8813-3619322DBA92}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{AA1286C7-7AF3-485A-BA72-F5160D0607F7}" = protocol=17 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{AA63D0B6-E9D1-46D8-BD2E-FD913CDC534B}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{B6EDECC1-2D56-4395-BBD3-02DE3BD9DC47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BA1960B7-B800-4439-A14B-DA2E9410CA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C05256D7-1F50-46C8-B693-A34835EF7A88}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C1704507-1C84-4592-9646-21301BDF2EBE}" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3x.exe |
"{C2BBD44A-79ED-433A-AC9D-30C992A0AE88}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D16B5AFD-72AB-4F23-81A9-8479BECAA39B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5A94B83-D720-4E21-B195-CE2CDFBD8383}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{D8F80788-B0F0-44A7-81D7-54AA2B0CAAD7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DB06D9D7-B983-4F96-A57E-C5B0F59D962B}" = protocol=6 | dir=in | app=c:\spiele\league of legends\lol.launcher.exe |
"{DBDBBB85-5B8F-44B9-9DFB-7F6F27F48DE6}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DF63DAE9-612A-45A1-8573-A9568CCCD1EA}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"{E2117690-7B26-4382-97BE-42E2FBCCEF72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E226033F-83BE-4D44-8824-8B268E25AF05}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{E5D4889E-7251-425F-9E86-4C254424AF3A}" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_launcher.exe |
"{E64B945A-B9CB-4CD7-B974-BBA931B0F4AE}" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"{EC740130-0432-4842-8983-7AEE9209FF61}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ECDAF734-6FDD-4535-B7D1-6650580BEE30}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"{F090FDD4-A877-45B6-A3CE-40E29AB5D0CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2EB7DBC-B71F-4E72-ADB9-34507F93F3D7}" = protocol=6 | dir=in | app=c:\spiele\schlacht um mittelerde\aufstieg des hexenkönigs\game.dat |
"{F4D77455-3D32-4E76-8808-8E1641689B9C}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"{F57F334E-C984-4944-9583-88E99B4AF487}" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\frozen throne.exe |
"{F6F07F1C-5635-4D1C-B7BD-5E0EB00E7ED2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FA99B6CB-2989-4846-8489-6F5DA904BA84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FBFEE196-3EE8-469A-AB70-FDAAC3670DA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FDCC61F3-BFFE-4779-8DE2-AF10D483C826}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{FE67A9FC-CB7C-4DB9-93EB-EEE26AEBAA56}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{FEE6904B-338E-44DA-9C34-98032DA47926}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"TCP Query User{05D3F2DE-5F1D-4CB9-A19D-85B9B063DB55}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"TCP Query User{0DBDC3FB-7E02-4C11-84B3-B1865F63B64B}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{1148BFCA-E7C4-4C2D-80FC-D4D3E9149557}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{271F4535-19FB-4991-8DE5-14F339ED9F6C}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"TCP Query User{2B6DE577-E742-4B3C-9BD3-FE747DA7DA92}C:\spiele\flatout 2\flatout2.exe" = protocol=6 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"TCP Query User{37236AFD-3456-4734-B461-8A4889A51EF5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{3EB228CB-4D34-47FF-AD6E-1B5C8D5D9F12}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe |
"TCP Query User{40952BE1-9798-4415-AB57-03A542EF5DEB}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"TCP Query User{431B175F-58DF-4CEA-8B7D-9D576E89E12B}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe |
"TCP Query User{49180112-0E03-4E67-ADDE-E8331D5231E7}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{49A2BF60-6016-49C1-9CE9-C5831C2AA99A}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe |
"TCP Query User{4B255099-CAEB-4296-884D-2E64757B69BD}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=6 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"TCP Query User{4BE6ED03-BCFC-4C02-849C-9095179EFC95}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{4FAE8C97-0146-4B70-81AA-C9A651E86BE2}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe |
"TCP Query User{512F1569-9A39-4F96-B788-6C100D9188C0}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"TCP Query User{54A71D9C-626F-4FB7-8467-E23640240709}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"TCP Query User{5FCE15EC-CFAD-4C28-A184-8DEF3A48FB2F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{6329D3FE-AFF6-45F3-88C0-A6419DEC8273}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{65C973A8-6D3C-4464-B03F-6EB7CDDF103A}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"TCP Query User{6A276740-B662-4EA5-AF5F-E6BE9EBE8C1D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{76C7B38D-3512-4546-B5CC-9A1E0AD1F75B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{78726115-B37B-43E7-9DAC-5F6CFC25AA2A}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"TCP Query User{7B5ED082-8ECC-4184-BA84-7F32007D27EC}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe |
"TCP Query User{7DC516DB-9806-4747-8935-968F62FB71A8}C:\spiele\aoeiii\age3y.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"TCP Query User{80AF8CEC-7384-4B25-A4CA-1A51DEDFF7FC}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"TCP Query User{9F84EC17-5330-4924-96FA-8E350745FF0E}C:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"TCP Query User{A4141EE7-2986-463B-9EAD-D95F82C9ED44}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe |
"TCP Query User{AA63419B-E311-428D-83CB-B8CE22D7CC11}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=6 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"TCP Query User{B0332979-C8DE-45B0-8847-F285B38E6CE3}C:\spiele\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\spiele\fifa 09\fifa09.exe |
"TCP Query User{B60665F1-401C-459F-AB55-515E65DFCC07}C:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"TCP Query User{C6CE7081-9183-40F4-9145-CCC711827F6F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{D8E3B152-5C60-4AC0-8B04-CE6660C33E56}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"TCP Query User{E59E0DD2-A631-4F44-94D7-D0CED82B094C}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"TCP Query User{E5A47F50-6CFF-49C3-A78F-123318A8A9C9}C:\spiele\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"TCP Query User{E63F8070-D263-490E-BB8B-1B27772408EA}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{E99AE711-ED6D-4048-8384-2FB88A8BA6EC}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{FF7AC07D-3FEC-4D39-B2A7-A83490A35120}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"UDP Query User{038A7618-501C-4FFE-87F3-81C124424708}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{083586AA-E3F8-4834-B5CE-D008F4F87F9A}C:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\fabian\ziegler - edv\elepost\elepost\database\bin\mysqld-nt.exe |
"UDP Query User{0A946031-9B0C-4A56-A47C-F36F369E0359}C:\spiele\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"UDP Query User{17C06CCA-0601-42BF-B849-54BCEE06CD73}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"UDP Query User{294552DE-F50E-4F3A-85A3-F96EFED55D1D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{2A0D87FD-6272-42F2-8D40-931B2617F149}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"UDP Query User{359A341E-8737-4F99-93D6-B1389071A459}C:\spiele\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\spiele\fifa 09\fifa09.exe |
"UDP Query User{381BEA96-AFB3-43D9-9580-90774B284F5B}C:\program files (x86)\kathrein\dvrmanager\mfserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\mfserver.exe |
"UDP Query User{387E2434-E030-4106-BEE5-334F18EE6765}C:\spiele\hdro\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\hdro\der herr der ringe online\lotroclient.exe |
"UDP Query User{3A50A205-137B-48ED-A124-670DC61CE6AE}C:\program files (x86)\kathrein\dvrmanager\ufs922.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kathrein\dvrmanager\ufs922.exe |
"UDP Query User{405C4069-8AB5-4992-B1C8-6D00F6FA5CF9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4F696627-DF62-482C-84CB-221E53FECA97}C:\spiele\aoeiii\age3y.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3y.exe |
"UDP Query User{501C22E0-0827-4925-9045-D80EBE331B52}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
"UDP Query User{535D9115-CE6A-410D-856C-E1B75269DC07}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"UDP Query User{553C6625-015A-4ECA-B3DA-F08ECA2D7552}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"UDP Query User{5E7089A0-EE8D-4257-A682-1212AA89A97C}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"UDP Query User{6B747647-13BD-4B84-B351-10143FC85A36}C:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{6D415A2F-7538-4A54-95F1-F2EC73AE5CB7}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"UDP Query User{757AD208-4534-4EE9-AEAF-78A93A2A838B}C:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\age of empires ii\age2_x1.exe |
"UDP Query User{7B710251-D681-4079-B192-33DE0D220D23}C:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe" = protocol=17 | dir=in | app=c:\spiele\rainbowsix vegas\binaries\r6vegas_game.exe |
"UDP Query User{7CFDDFA1-7979-4BEB-B599-718665E6DA68}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{869C5412-AC1E-42B9-B4C3-CBF8F338753A}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{970DBDBA-9E24-4FD5-B621-E81267CC18B4}C:\spiele\flatout 2\flatout2.exe" = protocol=17 | dir=in | app=c:\spiele\flatout 2\flatout2.exe |
"UDP Query User{97ADBECD-305C-4605-8BA4-2FBA1DAA4ABB}C:\spiele\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\spiele\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{B0AFA62A-9E79-44F0-ADA9-5C699EDF3810}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{B8522E5F-48C5-4225-ABD5-C9BECC6A05EA}C:\spiele\world of warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\spiele\world of warplanes\worldofwarplanes.exe |
"UDP Query User{BF1965A3-203C-49BD-B478-FF87EB3CBB83}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"UDP Query User{BF3682F6-4FE2-4966-A05A-5F351745E65F}C:\spiele\empire earth - zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\spiele\empire earth - zde\ee-aoc.exe |
"UDP Query User{C79553A7-59F4-4070-ADA4-F21EDE3B0CA0}C:\spiele\openarena-0.8.1\openarena.exe" = protocol=17 | dir=in | app=c:\spiele\openarena-0.8.1\openarena.exe |
"UDP Query User{C9005B0A-BC02-475D-902B-E25FD3A7B8E0}C:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\spiele\starwars batllefront ii\gamedata\battlefrontii.exe |
"UDP Query User{C99EC000-AEC3-4355-8E03-FDEF11E1DDD0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{D3E5BBBB-28F0-41E9-BF97-8A3B78F2DD13}C:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=c:\spiele\aoeiii\age3.exe |
"UDP Query User{D84CE450-38A6-4859-96E1-EB29BDB78FEB}C:\spiele\warcraft iii - the frozen throne\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii - the frozen throne\war3.exe |
"UDP Query User{EA200AF7-639D-4F46-85C5-E4980DF3323A}C:\spiele\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{EB8872A3-63CA-45F6-845E-4D9402C92E6C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{ED08691D-51BA-4340-BD02-F9E9875A8C4D}C:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\downloads\gamestuff\teeworlds\teeworlds_srv.exe |
"UDP Query User{FCE7BA74-8274-47B1-955F-DA1FF07BBD7B}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{197985EE-73F2-B182-6AEB-21926621ED5D}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BullGuard" = BullGuard Backup
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ffdshow64_is1" = ffdshow x64 v1.1.3721 [2011-01-07]
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03420F19-6E4C-4114-805E-8B465019FBB3}" = Jalbum
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4676D76B-1BA9-4E4D-9615-72FEA5F6B007}" = Unified Remote
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Essentials 9
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9046809-36B2-4A99-AD7F-C0C16AD773EC}" = TImeSpan Creator
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6130A03-30EE-D4AD-63C8-E90F422C76C5}" = HydraVision
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.04.8012
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.2.1
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Blitzkrieg" = Blitzkrieg Mod
"BurnAware Free_is1" = BurnAware Free 2.3.8
"Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.10
"Canopus DV Codec" = Canopus DV Codec
"Company of Heroes" = Company of Heroes
"DivX Setup" = DivX-Setup
"doubleTwist" = doubleTwist
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.3.5
"Firebird SQL Server D" = Firebird SQL Server (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 5.0.2.1125
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.11.508
"Free Midi Converter_is1" = Free Midi Converter version 1.0.0.0
"Free Video Dub_is1" = Free Video Dub version 2.0.8.508
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"GoldWave v5.06" = GoldWave v5.06
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ImgBurn" = ImgBurn
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"League of Legends_is1" = League of Legends
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Fotos auf CD & DVD 5.0 D" = MAGIX Fotos auf CD & DVD 5.0 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"Mastering Edition" = Steinberg Mastering Edition v1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mp3tag" = Mp3tag v2.46a
"Notepad++" = Notepad++
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24
"Steam App 113400" = APB Reloaded
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"TeamViewer 6" = TeamViewer 6
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.06.2012 12:21:10 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:34 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:44 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:45 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:21:55 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.06.2012 12:22:02 | Computer Name = Fabians-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.06.2012 10:13:45 | Computer Name = Fabians-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OTL.exe, Version 3.2.48.0, Zeitstempel 0x2a425e19,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47a32,
Ausnahmecode 0x0eedfade, Fehleroffset 0x0001c83b, Prozess-ID 0x568, Anwendungsstartzeit
01cd4a37e6b9713e.
[ System Events ]
Error - 14.06.2012 08:58:38 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.06.2012 10:19:47 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 14.06.2012 10:21:34 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2012 10:21:34 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.06.2012 10:48:00 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 14.06.2012 10:49:52 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2012 10:49:52 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.06.2012 11:11:43 | Computer Name = Fabians-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 14.06.2012 11:13:30 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.06.2012 11:15:37 | Computer Name = Fabians-PC | Source = Service Control Manager | ID = 7011
Description =
< End of report >
|
|
14.06.2012, 20:38
| #11 |
| /// Helfer-Team | Bin ich infiziert? ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.06.2012, 20:39
| #12 |
| | Bin ich infiziert? Naja - wirkliche "Probleme" hatte ich ja nie. Ich habe bloß Angst, meine Kontodaten könnten ausspioniert werden und hätte gern ein sauberes System bzw. Backup auf der Externen. Wie sicher kann ich sein alle beseitigt zu haben? Gibt es eigentlich eine Anleitung zu einem (natürlich im Rahmen des Möglichen) sicheren System? Geändert von FabFaeb (14.06.2012 um 20:53 Uhr) |
|
14.06.2012, 20:59
| #13 | |||
| /// Helfer-Team | Bin ich infiziert? Wir haben im Rahmen der (für uns) bestehenden Möglichkeiten auf unterschiedliche Art und Weise technisch gesehen ausgenutzt, sollte insoweit alles im grünen Bereich sein.Eine 100%-ige Erfolgsgarantie gibt es nicht, es sei denn man die Festplatte komplett formatiert und Windows neu einrichtet! Tipps kann ich Dir geben: ** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Zitat:
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann. Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Bin ich infiziert? |
| 7-zip, adblock, alternate, antivir, audacity, audiograbber, avg, avira, bho, bin ich infiziert, bonjour, call of duty, converter, desktop, device driver, downloader, ebanking, error, festplatte, firefox, fix-it, flash player, format, gebraucht, google, google earth, grand theft auto, helper, home, infiziert?, install.exe, langs, launch, league of legends, logfile, mp3, plug-in, progressive, realtek, registry, rundll, safer networking, scan, searchscopes, software, super, version=1.0, vista, world at war |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
