|
Log-Analyse und Auswertung: GVU Sperrbildschirm Win7 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.07.2012, 21:43 | #1 |
| GVU Sperrbildschirm Win7 64bit Hallo, auch mich hat gestern der GVU Sperrbildschirm ereilt. Ich poste mal die verschiedenen log-files und hoffe, dass das alles ist, was ihr braucht. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jan :: JAN-PC [Administrator] Schutz: Aktiviert 05.07.2012 21:06:34 mbam-log-2012-07-05 (21-06-34).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 508703 Laufzeit: 1 Stunde(n), 4 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Worm.Autorun) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 05.07.2012 22:23:25 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 9,70 Gb Available Physical Memory | 80,80% Memory free 24,00 Gb Paging File | 21,46 Gb Available in Paging File | 89,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 20,95 Gb Free Space | 21,46% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 76,98 Gb Free Space | 20,91% Space Free | Partition Type: NTFS Drive K: | 3,73 Gb Total Space | 1,64 Gb Free Space | 43,90% Space Free | Partition Type: FAT32 Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 21:12:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\afwServ.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.24 00:38:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.10.06 02:21:56 | 000,288,088 | ---- | M] () -- E:\Hotspot Shield\bin\openvpnas.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () -- E:\Hotspot Shield\bin\hsswd.exe PRC - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- E:\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- E:\Cisco Systems\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.07.05 14:59:08 | 000,256,160 | ---- | M] () -- C:\Users\Jan\AppData\Local\Temp\0_0u_l.exe MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall) SRV - [2012.06.23 10:37:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.24 00:38:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.02.21 06:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- E:\Global Agenda\HiPatchService.exe -- (HiPatchService) SRV - [2012.02.01 23:59:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.06 02:24:34 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- E:\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2011.10.06 02:21:56 | 000,288,088 | ---- | M] () [Auto | Running] -- E:\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () [Auto | Running] -- E:\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- E:\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- E:\Cisco Systems\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.17 09:36:18 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.05.17 18:50:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.30 15:22:02 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011.08.30 15:22:02 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011.05.25 01:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.07 16:24:46 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2010.09.04 00:24:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010.03.09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.12.27 17:46:16 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.10 21:09:35 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2009.10.10 21:09:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.17 13:17:22 | 000,196,096 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (Magic Tune) DRV:64bit: - [2007.05.01 15:37:06 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0464.sys -- (SaiH0464) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.07 12:03:40 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- E:\PC Wizard 2009\pcwiz64.sys -- (cpuz132) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F E4 80 F9 AD 5A CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/mail?&.src=ym&.intl=de&rl=1" FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: E:\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Jan\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.27 17:19:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.05 15:11:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Mozilla Firefox 4.0 Beta 7\components [2012.07.05 14:56:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Mozilla Firefox 4.0 Beta 7\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\Mozilla Firefox\components [2011.11.15 21:05:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\Mozilla Firefox\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: E:\Mozilla Firefox 4.0 Beta 7\components [2012.07.05 14:56:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: E:\Mozilla Firefox 4.0 Beta 7\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: E:\Mozilla Firefox\components [2011.11.15 21:05:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: E:\Mozilla Firefox\plugins [2012.04.14 11:55:37 | 000,000,000 | ---D | M] [2009.10.29 11:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2012.05.18 21:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions [2010.04.28 12:29:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.18 21:28:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.03.10 15:53:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.25 00:08:53 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\battlefieldheroespatcher@ea.com [2011.04.14 16:36:25 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\battlefieldplay4free@ea.com [2011.08.12 15:16:59 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\DeviceDetection@logitech.com [2009.10.29 11:15:09 | 000,000,000 | ---D | M] ("Image Download") -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\imagedownload@whygudu.iblog.cn [2010.07.30 23:05:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\uqp4qoq0.default\extensions\YoutubeDownloader@PeterOlayev.com [2011.01.09 14:31:13 | 000,001,742 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\uqp4qoq0.default\searchplugins\googlede-pws.xml [2012.07.05 15:11:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.03.24 12:01:37 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UQP4QOQ0.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Xvid] E:\Program Files (x86)\Xvid\CheckUpdate.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B8DFC33-AC17-4778-83C9-38F3358C7C2B}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b21ac3c3-844f-11e0-af39-002421e3d649}\Shell - "" = AutoRun O33 - MountPoints2\{b21ac3c3-844f-11e0-af39-002421e3d649}\Shell\AutoRun\command - "" = J:\Autorun.exe O33 - MountPoints2\{ffad9f23-a03c-11e1-8453-978914e137ec}\Shell - "" = AutoRun O33 - MountPoints2\{ffad9f23-a03c-11e1-8453-978914e137ec}\Shell\AutoRun\command - "" = F:\arun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 21:12:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.07.05 21:00:24 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes [2012.07.05 21:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.05 21:00:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.05 21:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.05 21:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.03 20:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2012.07.03 20:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2012.07.03 20:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems [2012.07.03 20:58:47 | 000,000,000 | ---D | C] -- C:\Temp [2012.07.02 16:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Electronic Arts [2012.07.02 16:15:57 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Electronic Arts [2012.07.02 11:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.01 17:42:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2012.06.16 17:53:51 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Klinische Psychologie Seminar SS12 [2012.06.13 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Macromedia [2012.06.13 08:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.13 08:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.13 08:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2009.09.04 19:12:23 | 052,930,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Jan\9-8_vista32-64_ccc_lang2.exe [2009.09.04 19:08:27 | 042,859,104 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\Jan\9-8_vista64_win7_64_dd.exe [2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.05 22:27:10 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 22:27:10 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 22:22:18 | 000,000,020 | ---- | M] () -- C:\Users\Jan\defogger_reenable [2012.07.05 22:20:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 22:19:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 22:19:34 | 1073,094,654 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 22:11:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 21:37:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.05 21:12:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.07.05 21:11:53 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Desktop\Defogger.exe [2012.07.05 21:00:19 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.05 20:52:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.05 15:29:44 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.05 15:29:44 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.05 15:29:44 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.05 15:29:44 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.05 15:29:44 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.05 15:11:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.05 14:59:08 | 000,001,873 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.03 21:00:07 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2012.07.03 20:59:30 | 000,002,591 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.07.03 20:58:22 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2012.07.03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.06.19 15:09:09 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.19 15:09:09 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.19 15:08:33 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.06.14 10:19:46 | 000,446,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 08:25:11 | 000,001,440 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.11 13:50:46 | 000,187,392 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe ========== Files Created - No Company Name ========== [2012.07.05 22:22:17 | 000,000,020 | ---- | C] () -- C:\Users\Jan\defogger_reenable [2012.07.05 21:11:52 | 000,050,477 | ---- | C] () -- C:\Users\Jan\Desktop\Defogger.exe [2012.07.05 21:00:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.05 14:59:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.05 14:59:08 | 000,001,873 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.03 20:59:30 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.07.03 20:58:22 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2012.06.13 08:25:11 | 000,001,440 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.11 13:50:46 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.29 15:46:14 | 000,035,407 | ---- | C] () -- C:\Users\Jan\.TransferManager.db [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.11 13:05:03 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.08.11 13:05:03 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.04.22 13:40:30 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.04.22 13:40:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.04.22 13:40:26 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.03.05 18:30:23 | 000,007,606 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg [2010.10.29 12:59:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010.10.29 12:59:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010.10.24 22:09:04 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.04.24 22:07:55 | 000,005,632 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.09 21:33:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.29 11:28:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.04 19:22:46 | 037,922,152 | ---- | C] () -- C:\Users\Jan\setupger.exe ========== LOP Check ========== [2012.01.21 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft [2012.01.22 00:11:18 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.minecraft_xray [2011.08.17 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\.visualvm [2009.10.29 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Azureus [2009.10.29 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Bump Technologies, Inc [2012.05.17 18:51:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite [2011.12.01 01:00:11 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoft [2011.11.28 23:22:23 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.02 16:15:57 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Electronic Arts [2009.12.02 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Foxit [2011.02.22 01:36:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Hi-Rez Studios [2011.01.04 00:39:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\ICQ [2009.10.29 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Leadertech [2010.12.19 03:10:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LolClient [2009.12.11 00:00:49 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010.04.27 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Mount&Blade Warband [2009.10.29 11:15:09 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org [2011.10.26 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Origin [2011.03.17 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\PunkBuster [2012.04.24 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\TS3Client [2011.05.23 00:24:17 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Ubisoft [2012.01.18 01:26:52 | 000,000,000 | ---D | M] -- C:\Users\Jan\AppData\Roaming\Unity [2012.06.19 14:49:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.07.2012 22:23:25 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 9,70 Gb Available Physical Memory | 80,80% Memory free 24,00 Gb Paging File | 21,46 Gb Available in Paging File | 89,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 20,95 Gb Free Space | 21,46% Space Free | Partition Type: NTFS Drive E: | 368,10 Gb Total Space | 76,98 Gb Free Space | 20,91% Space Free | Partition Type: NTFS Drive K: | 3,73 Gb Total Space | 1,64 Gb Free Space | 43,90% Space Free | Partition Type: FAT32 Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ECD0029-747B-44A1-B42F-86A1AB926CF9}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{10114B6B-E924-4445-9B17-F16F57C835D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1FCE04CC-8EFD-490E-8C31-1ECE6872D247}" = lport=3724 | protocol=6 | dir=in | name=blizzard | "{2379E9EB-7C31-4C7A-89FB-3B434CC82777}" = lport=2869 | protocol=6 | dir=in | app=system | "{313E3685-22C0-47F2-8393-1A2E28C8D605}" = rport=138 | protocol=17 | dir=out | app=system | "{33FDD278-5024-4E9E-887F-AABEFCA6987F}" = rport=137 | protocol=17 | dir=out | app=system | "{349166D8-7849-4378-BA64-F65E0BA47F4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3731AB24-C4F4-488A-90B4-2A28DC7DFC4D}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher | "{3903FB2A-8C7D-4800-9604-E8E96480ADF2}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{3B0E206C-8F2A-4CA8-8BC2-6C1D561E63E2}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{3E4511B1-17F9-4721-A8A4-676801202E35}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{4D0B3D67-D465-4398-A299-153360FF0095}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | "{4EB3F8F4-1134-4560-9D88-C286960B51AE}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher | "{51F56C72-2EB8-4D20-A83D-D6389B875877}" = lport=10243 | protocol=6 | dir=in | app=system | "{52467EFE-14D3-47D3-83B5-B3F2DAE9C75D}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{52AE3E79-B87A-44A0-826B-70DCD6DA874E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52D2053C-C7A1-4A36-8419-7D3090EEFF05}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher | "{5C4D133F-4537-4F5E-AE20-FD515FBE9F58}" = lport=3724 | protocol=17 | dir=in | name=wow | "{64335716-B49E-4863-8A90-2BB78FFFCEA0}" = lport=1119 | protocol=17 | dir=in | name=wow | "{80122AD6-03EB-4250-8252-5C9D178688EE}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | "{84B43CA1-E808-422F-B9E1-D4C42A90E991}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{87CA625D-3045-4B88-88A8-8EA5CA5B08B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8AB1E30B-1077-4305-A17A-AC4D5FCDE01B}" = lport=6004 | protocol=17 | dir=in | app=c:\microsoft office\office14\outlook.exe | "{8DB379B9-6CEF-41F7-B531-E7A037913362}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{8F2CA56A-668E-4B24-A3AC-7D9CEAFFBBA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{91DE59C7-ACE9-45D9-ABA5-1AC3BE1C0B52}" = lport=6948 | protocol=17 | dir=in | name=league of legends launcher | "{93E1B5A9-759D-42EA-AA6E-2101585FB13A}" = lport=6948 | protocol=6 | dir=in | name=league of legends launcher | "{97BE848D-B48E-41BD-9393-196E617C823B}" = rport=445 | protocol=6 | dir=out | app=system | "{A29C97C5-C7C2-47A5-BF1D-21A8440ADD62}" = lport=1119 | protocol=6 | dir=in | name=wow | "{A8027A9F-10D3-48D4-A881-A0A99E4F8AB4}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{B23CDA7C-7020-4C6B-8CC8-F10D309D7A28}" = rport=10243 | protocol=6 | dir=out | app=system | "{B2D9E3DC-49A7-4215-867B-42A05D658A95}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher | "{B5B93F40-FD4C-4B7E-B93A-799C454985B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BADE2AD7-554B-4249-9800-4FAFBBF50769}" = lport=4000 | protocol=6 | dir=in | name=wc3 | "{BC6494A9-7277-4861-A4D0-3205EBB0C13D}" = lport=137 | protocol=17 | dir=in | app=system | "{C4B546E4-E6D9-4640-8B2F-2AAA40C2F296}" = lport=139 | protocol=6 | dir=in | app=system | "{CA4497F4-2BF2-4C1E-A7E6-4A7C87B9B721}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CCA013DC-0C31-4982-9474-89EF17A5FFC2}" = lport=138 | protocol=17 | dir=in | app=system | "{E986D5C4-CDEE-4438-82F9-E8A1B3F8AA44}" = lport=445 | protocol=6 | dir=in | app=system | "{F2D2697B-F6AE-4F38-BA68-3555CB007ABE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F3FEC633-2A78-4E95-8370-76E7E707B6AE}" = rport=139 | protocol=6 | dir=out | app=system | "{F6AC7B29-8F1C-457C-BA93-D5D60A1DF742}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FB3CB45A-D0AE-4140-B9FC-B0A06FCE21B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF29A720-E90C-43D8-8E59-0B76EBEC1316}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01096B37-39A0-4D55-9D90-71BB616FBF5F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0218DB8F-F3B1-475D-B517-8195EBA0C667}" = protocol=6 | dir=in | app=e:\ac 2\assassinscreedii.exe | "{03BC1D50-EE7F-4159-913F-8774A0BFA04D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{081B42E9-B9BA-41AB-AC1D-27199600F3EA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | "{0967D264-9E95-4639-AD60-0ADE162E7876}" = protocol=17 | dir=in | app=e:\ac 2\assassinscreedii.exe | "{09B60185-E465-4348-98B1-B0E83D57966C}" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe | "{0AF9FFD7-BDA8-4DD9-A11B-559FB075BE2F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0E20B237-A263-4920-AF28-C69A1BAE9E51}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1209DC48-9142-4879-AF2E-FB07F5C6403E}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe | "{12A4B7FB-4D01-4719-89C0-FCEAD1EF7465}" = protocol=6 | dir=in | app=e:\games\league of legends\game\league of legends.exe | "{13B1912D-69D9-4A61-98BA-3DAB5A084B87}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{174C43A2-58A7-4BD3-BE15-AFDF971A46A0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{178F090B-B5B6-4512-A627-635F5F39A5EE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | "{1BB0DD17-3835-4E1F-A79B-A53A8C510B85}" = protocol=6 | dir=in | app=e:\league of legends\air\lolclient.exe | "{1C0720F0-C462-4646-B320-C5F02BA38C0B}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{1EF34689-2119-4881-AD09-7C5152DA0824}" = protocol=6 | dir=out | app=system | "{1F6D4F8A-F768-45AD-AEB0-99A29CB04798}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{23C3D17D-8BDF-43FD-B666-42EF7DE32C6E}" = protocol=17 | dir=in | app=e:\games\lol\air\lolclient.exe | "{2569B4DF-FEAA-4790-A3F4-47E823E6B411}" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe | "{267611C9-BEB2-4515-99A7-B30AF8EF4EE0}" = protocol=6 | dir=in | app=e:\ac 2\assassinscreediigame.exe | "{2875CA18-D694-48F2-A899-524C81B145BE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{28C685BE-E8F4-45D4-B2E8-BD01397C9D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2A9F1D63-6F56-4E34-A913-119849A28F43}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe | "{2C8DE28A-0FFB-4CDA-9C7F-A72110BB884B}" = protocol=17 | dir=in | app=e:\anno 1404\anno4.exe | "{2FDE20C8-6F05-4469-A753-FE5754C70F59}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{335AA602-1988-41A8-A735-3535C693BDBD}" = protocol=6 | dir=in | app=e:\battlefield 2\bf2.exe | "{335C255B-507F-489C-A2A9-E55AAE3AC992}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{36DC6640-99CC-4F69-A589-126E19D0121C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{374EC68D-3A2E-4FAA-81AB-AD28E886E2D7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{3912B93B-53CB-4E3B-944B-27D3D9480CD0}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe | "{3941E6AA-E040-4825-B1BB-1271C42E0CE2}" = protocol=6 | dir=in | app=e:\anno 1404\anno4.exe | "{397A33A2-6BC0-4EF9-B3BF-D41CF81914D9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | "{434200E9-A3D2-4EB2-81AE-5B8CA54418F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{44390BCE-A5E5-4E6B-BD7B-09A984CA7B51}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{45AD8206-F347-4558-B6C7-3600D0B9097B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{4B308AAE-FC80-4827-8E2A-CEFC7D66FE8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{52355B85-84BA-499E-8205-9F8B41761DF1}" = protocol=17 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe | "{52A8253B-652F-4293-99C4-6EFB18A780F6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mountblade warband\mb_warband.exe | "{55EE0D63-457C-47C5-B0B0-9FF845770DDF}" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe | "{593E33B4-E2E1-44C1-B97F-B26DD0EEA93E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{598EF00A-6D32-4CE1-B34C-05B357FCCD12}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{59B17F49-FEFD-40F9-A61D-A87FC1D10BCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5A3F19CE-8BA5-4C59-855B-4D8D2F1DC645}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5BADCF9A-1B1A-4874-AE6B-281E156B2037}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5BDF4EAE-BDEC-4605-8215-AA4D31D0A0D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5C97A9A9-D9AC-43EE-AA80-E0D395571017}" = protocol=17 | dir=in | app=c:\bluetooth\bluesoleil.exe | "{5FC49D07-53C9-445D-8585-3E68F3A07045}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{63287CBB-A327-4062-8F98-0FB6A60096C4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{638BCDC6-23A8-4B64-869B-0F9B100EF3D8}" = protocol=6 | dir=in | app=e:\games\league of legends\air\lolclient.exe | "{63A4AFC7-F50F-4D5A-94ED-C6AEDB51EF1C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{65952847-E5CB-4F9E-A01A-B659F4C67F87}" = protocol=17 | dir=in | app=e:\battlefield 2\bf2.exe | "{66276E9E-3BA7-4805-A618-78FF31E6309E}" = protocol=6 | dir=in | app=e:\steam\steam.exe | "{66400829-01A2-4690-BCE0-E44A6261CEDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{6BE3403F-6ADA-40B6-BEE8-E1BF73673DBD}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\uplaybrowser.exe | "{70A8F198-1CE0-4F08-A56D-93132ED4E551}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{735CDBA1-899E-4C45-99FC-ED33E3EE56BC}" = protocol=6 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | "{73E55D7C-0F11-4B7E-BA99-16CA487C722C}" = protocol=17 | dir=in | app=e:\ac 2\assassinscreediigame.exe | "{743E90EF-A9E4-4B58-96FC-6C6D303E23A6}" = protocol=17 | dir=in | app=e:\assassin's creed brotherhood\acbmp.exe | "{763850FA-36E2-4EA3-B17E-1F322F656B81}" = protocol=17 | dir=in | app=c:\microsoft office\office14\onenote.exe | "{7A52E283-C559-4868-8FB5-B92B82E4CF83}" = protocol=6 | dir=in | app=c:\bluetooth\bluesoleil.exe | "{7B1C9E8D-C26D-4828-B7E2-7A6B8A022A89}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{86551163-F02D-4C9E-9FEF-1CAC8A03053A}" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.patch.exe | "{8A59A1D7-3C2F-4DE3-A45D-8DECC55B8980}" = protocol=17 | dir=in | app=e:\vindictus\vindictus eu\en-eu\nmservice.exe | "{8F667F4B-6374-4C81-B07E-CBD29F94AE16}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{93919DE2-88B0-43B5-9E24-009061ACC8C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | "{939A6B93-FC26-41DC-8379-3CC68A2080FF}" = protocol=6 | dir=in | app=e:\games\lol\air\lolclient.exe | "{944B3B11-A1AF-48A1-A0FA-42029FE0A3CF}" = protocol=17 | dir=in | app=e:\battlefield 3\battlefield 3\bf3.exe | "{954F30F6-96DC-4FCF-AB7A-6CCA39E5F5B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{95C708BA-CECA-4102-BC9E-2C9254AD31FF}" = protocol=17 | dir=in | app=e:\games\league of legends\air\lolclient.exe | "{962955F3-E0FF-49F1-A893-434282F0D2B4}" = protocol=17 | dir=in | app=e:\steam\steam.exe | "{993B7061-3A15-4EDE-925A-621275186CC9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9AAA9E79-CE41-4ABD-B42B-0FC0B0EABBD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{9DBC2F26-1642-47B7-BDFC-D70EA1E3D597}" = protocol=6 | dir=in | app=e:\bad company 2\bfbc2updater.exe | "{9DF522AF-E6AA-4069-9DBF-4AE98C126668}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A255C2EB-2C78-4363-8407-E8057EBF1B79}" = protocol=6 | dir=in | app=e:\anno 1404\anno4.exe | "{A2AB67A9-08AE-4AC5-9DC3-E7E566656B05}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{A2BDB4F1-C10A-419C-8F85-2AB25ABFFF80}" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe | "{A316A9F0-63D7-4511-8BAA-2B2EFE748F8B}" = protocol=17 | dir=in | app=e:\hellgate\hgllauncher.exe | "{A609792B-26A7-42BE-A8F3-80019654D2FF}" = protocol=17 | dir=in | app=e:\league of legends\game\league of legends.exe | "{AB29ED1F-3873-4CC4-A4F1-11075D4E3546}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF0DBFDB-8D16-4BEA-9B90-81B112E76EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{AFCE6586-BF8D-4682-916B-E04588FA4F21}" = protocol=17 | dir=in | app=e:\league of legends\air\lolclient.exe | "{B78B3ACD-23CD-42DA-B86F-55EEC203C566}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{BC67D613-42E8-40B4-B9CB-4FB9F74A5DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BD603000-E755-493D-A4EE-487CFB2C98E6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe | "{C0300FC9-7261-4172-A4F5-E81C5295DB88}" = protocol=6 | dir=in | app=c:\bluetooth\bluesoleil.exe | "{C0C9E006-C598-4623-9655-53A596A7E5E9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{C10ACA8E-745D-4DC2-9227-B23A25333F6A}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{C3A0E66F-BFD5-4B80-B240-3069B7E9C4F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C5760FC1-05DA-4109-9B9F-A40F96831573}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{C7421A38-3930-480D-AE7F-9A9A4F91FFC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C960FA3B-AA48-4EE8-8151-5F324FDC52D5}" = protocol=17 | dir=in | app=e:\games\lol\game\league of legends.exe | "{C9A53DDC-86C5-4C3A-AA33-FA8BC92DD5DD}" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe | "{CAAD4758-61C2-4E30-B895-7BAE3684EDD5}" = protocol=6 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe | "{CD3819B5-5F69-4E29-911C-9C8A6D76C22E}" = protocol=17 | dir=in | app=c:\bluetooth\bluesoleil.exe | "{CDB494FE-7BFA-42C2-A8DB-ECDA75345A80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CF13117F-78D7-49F0-8745-D00906715002}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{D06F79C4-3E88-429D-AA2C-F0C244D0E3F6}" = protocol=6 | dir=in | app=e:\ac 2\uplaybrowser.exe | "{D1B9C84E-7314-4781-B84D-B15D0D973AE1}" = protocol=17 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe | "{D26B6A97-E005-4122-A388-E390DDE0E7CD}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{D4A98EA2-4456-4AA2-B54B-558E038081D2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{D626A120-4B89-4B56-8547-7B6906AB14BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D9D2433C-B16B-49E1-B118-D18EAD77D69E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mountblade warband\mb_warband.exe | "{DA7F8796-BBC8-4044-9099-49E30B6F63C7}" = protocol=17 | dir=in | app=e:\ac 2\uplaybrowser.exe | "{DCACD27A-BF05-4237-B2D0-97E757BFBCE0}" = protocol=17 | dir=in | app=e:\games\league of legends\game\league of legends.exe | "{DE42FA76-5EF7-4726-B4E5-52113499AFC4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E118AB05-B17D-401C-B587-B39CE56B619E}" = protocol=6 | dir=in | app=c:\microsoft office\office14\onenote.exe | "{E1880CF9-6A59-41B1-BAFD-AC2A83500CEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E32F0EAF-16B7-4021-B484-F7B12EC0C61F}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{E3742938-E19B-4DFC-A8FD-C57A508634E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E41973A9-638A-409C-BC5E-0026C7913238}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | "{E43C4262-A5C2-49FA-B579-1C52E7E0A57D}" = protocol=17 | dir=in | app=e:\anno 1404\anno4.exe | "{E50F92FA-1537-4314-86CA-846B853412A5}" = protocol=6 | dir=in | app=e:\assassin's creed brotherhood\acbsp.exe | "{E732B888-EDFB-4DF9-9220-F1C534CB2E65}" = protocol=6 | dir=in | app=e:\games\lol\game\league of legends.exe | "{EC0F9933-33EA-4701-B1A6-95BC782543CE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{F16EC508-58D8-4387-9F94-33750DAD5EE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F214F0A5-D5AC-4C7E-9EFB-E4648F200515}" = protocol=6 | dir=in | app=e:\vindictus\vindictus eu\en-eu\nmservice.exe | "{F68E0405-2218-4666-962E-7D65CAB740A4}" = protocol=17 | dir=in | app=e:\bad company 2\bfbc2updater.exe | "{F8648142-39C7-49AC-B29A-4949670379EE}" = protocol=6 | dir=in | app=e:\games\world of warcraft\backgrounddownloader.exe | "{FA0331C6-6256-48AA-830C-8FC071C20BAC}" = protocol=6 | dir=in | app=e:\league of legends\game\league of legends.exe | "{FB89542C-5110-49A0-B919-83DDBAF1FFC5}" = protocol=6 | dir=in | app=e:\hellgate\hgllauncher.exe | "{FC6E4F64-9576-4D0E-9BF9-A5E572FED142}" = dir=in | app=e:\itunes\itunes.exe | "{FE0E4A62-BAE0-4728-8544-608502961ACA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{04C8EC21-0CBA-4D5F-BDDD-D6D1ED5C4403}C:\program files (x86)\sony\station\launchpad\_aunchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\_aunchpad.exe | "TCP Query User{0FBA6E35-C421-4A69-8362-C935B5337760}E:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base16605\sc2.exe | "TCP Query User{14557225-88D7-42D6-92B8-3CB2AACFA746}E:\games\war_trial_downloader.exe" = protocol=6 | dir=in | app=e:\games\war_trial_downloader.exe | "TCP Query User{17B3C0FE-5261-4890-AA37-978A139DA0BC}E:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base16561\sc2.exe | "TCP Query User{1BA2510C-5221-4911-BAEE-164CCB2C3ED7}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | "TCP Query User{1DBFE5F6-AEAE-497E-A67E-D55831E7EED5}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe | "TCP Query User{34BDC3D8-F609-439F-8277-667DB3C331B0}E:\java\jdk1.7.0\bin\java.exe" = protocol=6 | dir=in | app=e:\java\jdk1.7.0\bin\java.exe | "TCP Query User{3526CFBA-348D-4484-B9E5-5E88900D3F24}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{37201149-7303-4202-A0F1-C1629A6F2EC2}E:\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=e:\age of conan\conanpatcher.exe | "TCP Query User{3AB6F258-5AA2-4852-87AA-61D85F16CCB0}E:\bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=e:\bad company 2\bfbc2game.exe | "TCP Query User{4612B421-1D70-47E5-8488-277F6C9EDBE0}E:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe | "TCP Query User{48655786-E425-4932-B532-120E0807A176}E:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=e:\eve\bin\exefile.exe | "TCP Query User{48B97985-3C93-4B1D-8114-DA32208D8D29}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{4AAB5F62-1EC9-4A53-B274-DD3534167875}E:\gw2 beta\gw2.exe" = protocol=6 | dir=in | app=e:\gw2 beta\gw2.exe | "TCP Query User{4B7E3A10-0E2C-4154-B351-EB2AA2C0E7F4}E:\games\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=e:\games\anarchyonline_18.1.1-large.exe | "TCP Query User{4FDEC4A8-A9E1-4EE3-AAEC-D3CCACE1419A}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe | "TCP Query User{52EDE5DC-8C17-4DAA-AC26-6A84354EAB7C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{53EE0D91-A6AC-42B2-A75B-50254A1047AF}E:\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=e:\age of conan\ageofconan.exe | "TCP Query User{54E2BE7C-ECAF-473E-8B59-B95EBB8371B1}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{6366966E-6629-467F-B9E8-DFF86A532E80}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | "TCP Query User{6BA5B67B-1731-4F6A-9210-1B6D5A09BB8F}E:\loleudownloader.exe" = protocol=6 | dir=in | app=e:\loleudownloader.exe | "TCP Query User{74124F36-F579-4E51-8C2F-7E2491759768}E:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{8FDCDB3C-11A1-46EC-A62F-5ED9C8DF89BB}E:\programme\azureus.exe" = protocol=6 | dir=in | app=e:\programme\azureus.exe | "TCP Query User{929A0E5F-6395-453F-AB2D-4B858519530E}E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "TCP Query User{A0DC9AC0-A3E0-42C8-96DB-9473900BC41F}E:\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=e:\age of conan\ageofconandx10.exe | "TCP Query User{C3A810F0-7FB3-4FA7-8401-D77BCACC551F}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | "TCP Query User{C3C54E3D-85A8-40AF-8404-99FEC8E89649}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{C3D496C6-1818-498C-8193-BAA411B03B6B}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe | "TCP Query User{CE269316-48E9-47D2-A28F-9267EFB2A868}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe | "TCP Query User{DE6F404D-9892-4BDE-8604-AD3D4AAA5CD2}C:\users\jan\downloads\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=c:\users\jan\downloads\anarchyonline_18.1.1-large.exe | "TCP Query User{EB53FBDD-2487-4B8B-9AA5-64CED18B51E6}E:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{F1A9B97A-FA5B-4CD2-95E6-F15CB253A691}E:\bf play4free\bfp4f.exe" = protocol=6 | dir=in | app=e:\bf play4free\bfp4f.exe | "TCP Query User{F9275379-404F-4309-A154-05F7A6DFC850}E:\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=e:\battlefield 2\bf2.exe | "TCP Query User{FACE66CC-A104-4AA5-B377-F5862F8EB1F9}E:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=e:\global agenda\games\global agenda live\binaries\globalagenda.exe | "UDP Query User{0E4A821C-5450-44A9-8B2E-982433B1DAA2}E:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{106F429C-867A-4F07-AD9A-9B7EE209F315}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe | "UDP Query User{16D5F74A-1699-4725-B086-DB298A289CBC}E:\loleudownloader.exe" = protocol=17 | dir=in | app=e:\loleudownloader.exe | "UDP Query User{20E08F46-4CEF-4AF9-B6BE-9CEE35D211A5}E:\gw2 beta\gw2.exe" = protocol=17 | dir=in | app=e:\gw2 beta\gw2.exe | "UDP Query User{2316560A-CC4A-4229-A73E-0EA9562AC39D}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe | "UDP Query User{2F413A2D-7312-471A-858C-0A2E3DEBDF70}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{4158F0E4-7206-4A4F-9F34-D21307FC1488}E:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{467C4D95-F54B-4F95-A8F9-E7351F5BBCE7}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | "UDP Query User{55034E3F-B7A2-48F9-BA8E-4EEE6F625824}E:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{58028835-07E3-4710-B9D8-AD06B81E61C1}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe | "UDP Query User{5E76A491-0EBD-4864-809E-DABE670D5969}C:\program files (x86)\sony\station\launchpad\_aunchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\_aunchpad.exe | "UDP Query User{6ADFBAFD-D150-4179-904A-7F4D483B9F4A}E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "UDP Query User{6C60A872-57A0-430C-A4CF-208A839764F5}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe | "UDP Query User{701495AF-F271-4C0A-B31C-6CF9F453774F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{74311317-421A-48B9-88C3-B0C26A72AA88}E:\global agenda\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=e:\global agenda\games\global agenda live\binaries\globalagenda.exe | "UDP Query User{84F371FE-9CE6-4633-BCB5-22D4E493D24B}E:\programme\azureus.exe" = protocol=17 | dir=in | app=e:\programme\azureus.exe | "UDP Query User{87DC811E-DDBE-41B5-808A-2782C4B64373}E:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=e:\eve\bin\exefile.exe | "UDP Query User{8DFCDCF4-A261-40D2-B5F6-DA405E9AD9C8}E:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base16561\sc2.exe | "UDP Query User{8EDEA2E3-BF0C-4842-A49E-9AB7AB04238D}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | "UDP Query User{93A8F3FD-3274-4C4A-880F-FEDD1F6F0C52}E:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\dr_grftjx\team fortress 2\hl2.exe | "UDP Query User{ADAF48E8-ED49-41E9-9BCE-EABE82F8A46D}E:\games\war_trial_downloader.exe" = protocol=17 | dir=in | app=e:\games\war_trial_downloader.exe | "UDP Query User{B079F691-E87D-4F93-8174-2F3B9169D7EB}E:\bf play4free\bfp4f.exe" = protocol=17 | dir=in | app=e:\bf play4free\bfp4f.exe | "UDP Query User{B1832AEF-043B-4EDB-B8EE-B7A38D1A563F}E:\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=e:\age of conan\ageofconan.exe | "UDP Query User{BFEFE293-1E81-4456-B2E8-0486FDD080EA}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | "UDP Query User{CD1CBAC4-1286-4F6C-B31B-9F45F44AB490}E:\games\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=e:\games\anarchyonline_18.1.1-large.exe | "UDP Query User{CD4F7A74-8D01-42B6-A5F1-C7E097434B31}E:\bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=e:\bad company 2\bfbc2game.exe | "UDP Query User{CEBECEEA-215D-41F3-BCA5-B2BF5DBB6C7A}E:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base16605\sc2.exe | "UDP Query User{D0083876-E3CB-4D8A-8250-AFEABFE40FDD}E:\java\jdk1.7.0\bin\java.exe" = protocol=17 | dir=in | app=e:\java\jdk1.7.0\bin\java.exe | "UDP Query User{D01C5DE8-7F15-4208-84F3-C2F9D7EE4511}E:\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=e:\age of conan\ageofconandx10.exe | "UDP Query User{D161F12E-F876-4251-AE7E-FFF4FB99E829}C:\users\jan\downloads\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=c:\users\jan\downloads\anarchyonline_18.1.1-large.exe | "UDP Query User{D3779FF6-6840-47BB-85A9-97883B6E34AA}E:\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=e:\battlefield 2\bf2.exe | "UDP Query User{DD3C84E2-78D2-4273-BFC7-2B73DD9DECF9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{F454277E-1109-4884-B078-C9699E343EBB}E:\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=e:\age of conan\conanpatcher.exe | "UDP Query User{F4E95B8A-B53C-4127-B960-054F3D4325D8}E:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{225FA1E8-372F-BBFF-F488-E79D78A5180E}" = AMD AVIVO64 Codecs "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{825C7AAC-C5D5-B89B-EBA1-D4DFC5E46D6C}" = AMD Drag and Drop Transcoding "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "sp6" = Logitech SetPoint 6.30 "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{0E6C1531-9546-4153-9D88-689519385319}" = Haushaltsbuch 5.0 "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3 "{26A39957-0BE3-449B-BA6F-922C8713AB2B}" = G*Power 3.1.3 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}" = Global Agenda Live "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7EED52BE-2247-D8E2-2196-492D03ABF276}" = HydraVision "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{BE90CE58-41DE-4708-9291-A9D1D49B1031}" = SecurDisc Viewer "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2 "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Conan_is1" = Age of Conan: Unchained "Anarchy Online_is1" = Anarchy Online "avast" = avast! Internet Security "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor 4_is1" = AVS Video Editor 4 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "CamSpy_is1" = CamSpy V.4.2.2 "DAEMON Tools Lite" = DAEMON Tools Lite "Dark Age of Camelot" = Dark Age of Camelot "DesignWorkshop Lite" = DesignWorkshop Lite "DivX Setup" = DivX-Setup "DotAzilla" = DotAzilla "eMule" = eMule "ESN Sonar-0.70.0" = ESN Sonar "ESN Sonar-0.70.4" = ESN Sonar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123 "Gpower_2.0i" = Gpower 2.0i "HotspotShield" = Hotspot Shield 2.09 "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2) "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1 "Office14.SingleImage" = Microsoft Office Professional 2010 "Origin" = Origin "PC Wizard 2009_is1" = PC Wizard 2009.1.90 "PunkBusterSvc" = PunkBuster Services "Rockstar Games Social Club" = Rockstar Games Social Club "StarCraft II" = StarCraft II "Steam App 17050" = Global Agenda - Demo "Steam App 440" = Team Fortress 2 "Steam App 48700" = Mount and Blade: Warband "Steam App 620" = Portal 2 "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "Warcraft III" = Warcraft III "Warkeys" = Warkeys 1.16.0.0b "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft "XMind" = XMind "Xvid Video Codec 1.3.1" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de) "UnityWebPlayer" = Unity Web Player "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Antivirus Events ] Error - 16.09.2009 19:21:33 | Computer Name = Jan-PC | Source = avast! | ID = 33554522 Description = Error - 17.09.2009 05:00:11 | Computer Name = Jan-PC | Source = avast! | ID = 33554522 Description = Error - 17.09.2009 05:56:22 | Computer Name = Jan-PC | Source = avast! | ID = 33554522 Description = Error - 22.10.2009 07:03:02 | Computer Name = Jan-PC | Source = avast! | ID = 33554522 Description = Error - 27.12.2009 11:32:26 | Computer Name = Jan-PC | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 04.07.2012 12:18:52 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 08:52:55 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 09:23:59 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 09:26:41 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 09:27:19 | Computer Name = Jan-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 14.0.0.4562 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f1c Startzeit: 01cd5ab1a71174d4 Endzeit: 0 Anwendungspfad: E:\Mozilla Firefox 4.0 Beta 7\firefox.exe Berichts-ID: 21441f2d-c6a5-11e1-8387-f9c70f5bdb96 Error - 05.07.2012 09:37:27 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 09:41:35 | Computer Name = Jan-PC | Source = Application Hang | ID = 1002 Description = Programm rescue2usb.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16c8 Startzeit: 01cd5ab37b82985e Endzeit: 60000 Anwendungspfad: K:\rescue2usb.exe Berichts-ID: f50278e2-c6a6-11e1-aeea-cfd931ad8d8f Error - 05.07.2012 14:32:14 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 14:53:25 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 16:21:28 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.07.2012 14:38:24 | Computer Name = Jan-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 05.07.2012 14:38:32 | Computer Name = Jan-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 05.07.2012 14:38:40 | Computer Name = Jan-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 05.07.2012 14:38:48 | Computer Name = Jan-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 05.07.2012 14:38:57 | Computer Name = Jan-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 05.07.2012 14:39:05 | Computer Name = Jan-PC | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 05.07.2012 14:51:27 | Computer Name = Jan-PC | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 05.07.2012 14:51:59 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: BTHidMgr sptd Error - 05.07.2012 16:19:25 | Computer Name = Jan-PC | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 05.07.2012 16:20:05 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: BTHidMgr sptd < End of report > Hoffe ihr könnt mir helfen. Beim Neustart wurde der Sperrbildschirm zwar von Malwarebytes blockiert, aber ich hätte das Ding schon gerne ganz weg. Gruß |
06.07.2012, 10:22 | #2 |
/// Malware-holic | GVU Sperrbildschirm Win7 64bit hi
__________________bitte mal den stick in den pc, und dann rechtsklick, formatieren, der ist infiziert und das einfachste ist ihn zu formatieren, dann stick raus. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.07.03 20:59:30 | 000,002,591 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.07.05 14:59:08 | 000,001,873 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk O33 - MountPoints2\{ffad9f23-a03c-11e1-8453-978914e137ec}\Shell\AutoRun\command - "" = F:\arun.exe :Files :Commands [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden falls das geklappt hatt: für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn fertig, bescheid geben bitte
__________________ |
06.07.2012, 15:50 | #3 |
| GVU Sperrbildschirm Win7 64bit Vielen Dank schon mal. Nach dem Fix und dem anschließenden Neustart kam der Sperrbildschirm schon mal nicht.
__________________Habe jetzt zwei gleichnamige Dateien auf dem Desktop (Desktop.ini) Hier die Inhalte beider Dateien. Code:
ATTFilter [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 Code:
ATTFilter [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 C:\users\Jan\appdata\local\temp\0_0U_L.exe Trojan.Agent Die .rar-Datei werde ich jetzt hochladen. Danke nochmals! Edit: hoffe das hochladen hat geklappt. Hab da jetzt keine Bestätigung gesehen. Wenn nicht, einfach noch mal melden. Versuche es dann noch mal. Geändert von Grftjx (06.07.2012 um 15:54 Uhr) Grund: Datei Upload |
06.07.2012, 16:38 | #4 |
/// Malware-holic | GVU Sperrbildschirm Win7 64bit hi File-Upload.net - Ihr kostenloser File Hoster! datei mal da hochladen, link als private nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu GVU Sperrbildschirm Win7 64bit |
antivirus, battle.net, bho, black, blockiert, bonjour, converter, document, error, firefox, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, install.exe, langs, launch, league of legends, logfile, microsoft office word, mp3, object, plug-in, realtek, registry, rundll, scan, searchscopes, security, senden, software, sperrbildschirm, super, svchost.exe, teamspeak, udp, vista, win7 64bit, worm.autorun |