|
Plagegeister aller Art und deren Bekämpfung: Trojaner der Webseitenaufruf verhindert?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.07.2012, 16:18 | #1 |
| Trojaner der Webseitenaufruf verhindert? Hallo zusammen, ich habe seit 2 Tagen folgendes Problem. Ich kann Facebook.com nicht mehr aufrufen alle möglichen anderen Seiten aber schon. mit meiner Antivirus software von Win 7 habe ich nichts finden können. Kennt wer das Problem und kann mir helfen? habe auch keinen Eintrag in der Hosts und auch schon versucht die Firewall sowie Antivirus auszuschalten leider ohne Erfolg. grüße chris Geändert von chris84 (19.07.2012 um 16:49 Uhr) |
19.07.2012, 17:12 | #2 |
/// Malware-holic | Trojaner der Webseitenaufruf verhindert? hi,dein thema kommt noch ins passene unterforum, es wird verschoben, brauchst kein neues aufmachen
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
20.07.2012, 17:22 | #3 |
| Trojaner der Webseitenaufruf verhindert? Hi markus,
__________________danke schonmal das du mir helfen möchstest. Anbei die OTL.txt und Extra.txt. OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 18:04:50 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Loken\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,61% Memory free 15,99 Gb Paging File | 14,21 Gb Available in Paging File | 88,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,32 Gb Total Space | 31,36 Gb Free Space | 29,22% Space Free | Partition Type: NTFS Drive D: | 1289,84 Gb Total Space | 329,25 Gb Free Space | 25,53% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 202,65 Gb Free Space | 43,51% Space Free | Partition Type: NTFS Computer Name: LOKEN-PC | User Name: Loken | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.19 18:15:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Loken\Desktop\OTL.exe PRC - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Loken\AppData\Local\Akamai\netsession_win.exe PRC - [2012.02.22 21:48:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.14 00:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.11.14 00:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.11.14 00:27:06 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011.09.23 21:35:54 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.10.05 10:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010.04.02 15:21:50 | 001,109,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.28 15:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2010.09.01 08:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe MOD - [2008.12.10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld -- (MySQL) SRV:64bit: - [2012.06.11 19:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.12.16 22:49:02 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.19 16:10:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.07.10 20:23:29 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012.06.24 20:42:01 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- D:\games\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.06.20 21:03:42 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.22 21:48:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.11.14 00:27:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.11.14 00:27:18 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.11.13 23:55:18 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2010.08.11 21:29:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.11 20:59:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.07.16 18:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare) SRV - [2010.05.07 09:12:42 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.28 15:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.02.19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.11 20:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 18:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.05 01:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011.11.14 00:28:16 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.11.14 00:26:30 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.11.13 22:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.11.13 22:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE) DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 21:37:05 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.09.29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2010.09.29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2010.09.08 05:16:54 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs) DRV:64bit: - [2010.08.12 21:12:32 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.03 17:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas) DRV:64bit: - [2010.05.11 12:00:40 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2010.05.07 09:12:42 | 000,038,432 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.10.19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 87 BD 25 CD 08 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=5a7f0fd200000000000000ff0fd4309c IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5C63DD7F-42B3-4B5A-B1BD-8F2DEA401F1B}&mid=04cefb0dbf4f47d0a2a2d1191024e9fb-916f47a1f52547da16c94637ad6aaa9497fca25b&lang=de&ds=gm011&pr=sa&d=2012-04-18 11:00:08&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B9e7f2144-89ba-4bae-8e81-015d8c440e60%7D&mid=04cefb0dbf4f47d0a2a2d1191024e9fb-916f47a1f52547da16c94637ad6aaa9497fca25b&ds=gm011&v=10.2.0.3&lang=de&pr=sa&d=2012-04-18%2011%3A00%3A08&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Users\Loken\AppData\Local\Spoon\3.33.0.18\npMozillaSpoonPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Loken\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Loken\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Loken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 17:20:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.31 20:09:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.06 12:18:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 17:20:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.31 20:09:56 | 000,000,000 | ---D | M] [2012.02.08 16:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loken\AppData\Roaming\mozilla\Extensions [2012.02.08 16:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loken\AppData\Roaming\mozilla\Extensions\net.openvpn.client [2012.07.19 16:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loken\AppData\Roaming\mozilla\Firefox\Profiles\b7hssp2t.default\extensions [2012.01.02 11:32:11 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Loken\AppData\Roaming\mozilla\Firefox\Profiles\b7hssp2t.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.02.08 14:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.31 08:17:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.03.25 16:52:33 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\LOKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B7HSSP2T.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2012.01.17 12:05:16 | 000,584,123 | ---- | M] () (No name found) -- C:\USERS\LOKEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B7HSSP2T.DEFAULT\EXTENSIONS\BONFIRE-DEV@ATLASSIAN.COM.XPI [2012.07.19 16:10:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.09.01 12:06:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.06.22 08:19:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.10 01:05:38 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.04.18 02:12:30 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.22 08:19:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.22 08:19:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 08:19:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 08:19:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 08:19:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Loken\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Loken\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Loken\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Loken\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Loken\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Adblock Plus (Beta) = C:\Users\Loken\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Skype Click to Call = C:\Users\Loken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ O1 HOSTS File: ([2012.02.29 20:29:53 | 000,000,880 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.akademische.de O1 - Hosts: 127.0.0.1 akademische.de O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Loken\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C929A4AE-69E5-4A65-9AC8-2F44EAC7A733}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e6cd621c-dd3a-11e0-b7ac-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{e6cd621c-dd3a-11e0-b7ac-005056c00008}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2012.07.19 18:15:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Loken\Desktop\OTL.exe [2012.07.19 17:22:10 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Roaming\Malwarebytes [2012.07.19 17:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.19 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.19 17:21:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.19 17:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.19 16:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.19 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.07.19 15:36:45 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Apps [2012.07.19 11:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.07.19 11:38:06 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys [2012.07.19 11:38:05 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys [2012.07.19 11:38:05 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012.07.19 11:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.07.19 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012.07.19 11:37:15 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\adawarebp [2012.07.19 11:34:56 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Roaming\Ad-Aware Antivirus [2012.07.17 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Loken\Documents\Rockstar Games [2012.07.17 22:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.07.17 22:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2012.07.06 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Roaming\Thunderbird [2012.07.06 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Thunderbird [2012.07.06 12:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.07.05 17:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.05 17:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.05 17:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.07.03 12:12:37 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Funcom [2012.07.03 12:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs [2012.07.03 12:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom [2012.06.28 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Xenocode [2012.06.28 14:59:16 | 000,000,000 | ---D | C] -- C:\Users\Loken\AppData\Local\Spoon [2011.03.04 21:37:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Loken\AppData\Roaming\pcouffin.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.20 18:08:15 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 18:08:15 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 18:01:38 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.07.20 18:01:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.20 18:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 18:00:49 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2012.07.20 03:41:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000UA.job [2012.07.20 03:24:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.19 18:15:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Loken\Desktop\OTL.exe [2012.07.19 17:22:03 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.19 16:06:08 | 000,007,621 | ---- | M] () -- C:\Users\Loken\AppData\Local\Resmon.ResmonCfg [2012.07.19 15:45:24 | 000,000,600 | ---- | M] () -- C:\Users\Loken\AppData\Local\PUTTY.RND [2012.07.19 08:41:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000Core.job [2012.07.19 08:07:39 | 000,239,427 | ---- | M] () -- C:\Users\Loken\Desktop\Vorgabe bzgl. Scoremed-Konzept-Download.png [2012.07.19 08:03:56 | 004,846,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.17 16:32:13 | 000,011,008 | ---- | M] () -- C:\Users\Loken\Desktop\scoremed.de.har [2012.07.17 16:18:24 | 000,013,346 | ---- | M] () -- C:\Users\Loken\Desktop\IMG_17072012_161814.png [2012.07.17 14:58:19 | 000,003,954 | ---- | M] () -- C:\Users\Loken\Desktop\Bewerten.png [2012.07.13 10:36:33 | 000,045,835 | ---- | M] () -- C:\Users\Loken\Desktop\Vorgabe Scoremed 'Selbstbeschreibung'.png [2012.07.11 19:37:35 | 000,002,401 | ---- | M] () -- C:\Users\Loken\Desktop\Google Chrome.lnk [2012.07.06 15:09:09 | 000,000,600 | ---- | M] () -- C:\Users\Loken\AppData\Roaming\winscp.rnd [2012.07.06 12:19:00 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.03 12:12:33 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.19 17:22:03 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.19 11:38:40 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012.07.19 08:07:18 | 000,239,427 | ---- | C] () -- C:\Users\Loken\Desktop\Vorgabe bzgl. Scoremed-Konzept-Download.png [2012.07.17 16:32:06 | 000,011,008 | ---- | C] () -- C:\Users\Loken\Desktop\scoremed.de.har [2012.07.17 16:18:23 | 000,013,346 | ---- | C] () -- C:\Users\Loken\Desktop\IMG_17072012_161814.png [2012.07.17 14:58:13 | 000,003,954 | ---- | C] () -- C:\Users\Loken\Desktop\Bewerten.png [2012.07.13 10:36:20 | 000,045,835 | ---- | C] () -- C:\Users\Loken\Desktop\Vorgabe Scoremed 'Selbstbeschreibung'.png [2012.07.06 12:19:00 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.07.06 12:19:00 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.07.03 12:12:33 | 000,000,703 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk [2012.04.30 10:26:39 | 000,390,423 | ---- | C] () -- C:\Users\Loken\website_neu-19-5-1.jpg [2012.04.30 10:26:39 | 000,370,593 | ---- | C] () -- C:\Users\Loken\website_neu-19-5-2.jpg [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.19 17:32:36 | 000,000,600 | ---- | C] () -- C:\Users\Loken\AppData\Local\PUTTY.RND [2011.08.19 15:57:58 | 000,000,600 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\winscp.rnd [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.10 20:27:16 | 000,007,621 | ---- | C] () -- C:\Users\Loken\AppData\Local\Resmon.ResmonCfg [2011.03.04 21:37:05 | 000,099,384 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\inst.exe [2011.03.04 21:37:05 | 000,007,859 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\pcouffin.cat [2011.03.04 21:37:05 | 000,001,167 | ---- | C] () -- C:\Users\Loken\AppData\Roaming\pcouffin.inf [2011.01.25 21:07:44 | 001,535,254 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.14 16:41:40 | 000,004,608 | ---- | C] () -- C:\Users\Loken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.11 00:09:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.11 00:09:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.12.11 00:09:02 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.12.11 00:09:02 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.12.11 00:09:00 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.12.08 16:26:32 | 000,001,456 | ---- | C] () -- C:\Users\Loken\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.10.27 15:47:28 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.10.24 01:12:36 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2010.10.20 00:40:10 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.10.05 15:05:24 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.10.05 15:05:23 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2010.10.05 15:05:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.09.19 21:44:32 | 000,735,229 | ---- | C] () -- C:\Users\Loken\ace_uninstaller.exe [2010.08.28 21:39:53 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.08.12 21:00:52 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe [2010.08.12 21:00:50 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll [2010.08.12 21:00:50 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll [2010.08.12 21:00:50 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll [2010.08.12 21:00:50 | 000,567,808 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll [2010.08.12 21:00:50 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll [2010.08.12 21:00:50 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll [2010.08.12 21:00:50 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXBKhcp.dll [2010.08.12 21:00:50 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll [2010.08.12 21:00:50 | 000,233,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe [2010.08.12 21:00:50 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll [2010.08.12 21:00:50 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll [2010.08.12 21:00:50 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll [2010.08.12 21:00:50 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll [2010.08.12 21:00:49 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll [2010.08.12 21:00:49 | 000,565,928 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe [2010.08.12 21:00:49 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll [2010.08.12 21:00:49 | 000,235,688 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe [2010.08.11 21:18:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.11 21:00:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.11 20:58:59 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.08.11 20:58:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.08.11 20:58:46 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2010.08.11 20:38:13 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.08.11 20:38:13 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.08.11 20:38:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.08.11 20:38:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.08.11 20:31:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.08.11 20:31:40 | 000,029,750 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2012.02.29 20:35:29 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\AAV [2012.07.19 18:15:27 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Ad-Aware Antivirus [2011.08.07 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\AtomZombieData [2011.09.09 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Braid [2012.02.12 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Broken Rules [2010.08.28 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Canneverbe Limited [2012.04.18 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\CDisplayEx [2010.08.12 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\DAEMON Tools Lite [2012.06.12 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\DAoC Portal [2012.02.09 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Easeware [2012.06.12 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Electronic Arts [2012.07.19 13:56:07 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\FileZilla [2012.07.12 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\foobar2000 [2010.09.01 12:06:50 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Foxit Software [2012.05.11 08:55:42 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\HD Tune Pro [2010.12.08 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\HeidiSQL [2010.10.30 12:36:30 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Hi-Rez Studios [2011.06.30 19:19:06 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\IrfanView [2012.07.19 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\KeePass [2011.03.07 14:47:55 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\kikin [2011.01.03 21:58:27 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Leadertech [2011.04.17 20:08:12 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\LockHunter [2010.10.11 23:41:48 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\LolClient [2011.12.14 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\LPECommon [2012.07.20 02:47:59 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Mumble [2011.07.02 01:56:38 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Natural Selection 2 [2011.08.19 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Notepad++ [2012.02.08 16:26:05 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\OpenVPN Technologies [2011.11.01 19:39:57 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Origin [2012.04.18 02:12:29 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\pdfforge [2010.09.06 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\QIP [2011.06.10 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\RIFT [2010.10.23 17:19:18 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Soldat [2010.12.10 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Subversion [2012.07.19 12:45:46 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\TeamViewer [2012.07.06 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Thunderbird [2012.07.18 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\TS3Client [2012.04.02 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Ubisoft [2012.03.08 16:30:33 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Unity [2012.06.30 00:14:39 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\uTorrent [2011.03.04 21:50:16 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\Vso [2011.05.07 04:32:21 | 000,000,000 | ---D | M] -- C:\Users\Loken\AppData\Roaming\ZumoDrive [2012.05.19 18:56:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.12.06 22:09:55 | 000,000,000 | ---D | M](C:\Users\Loken\Documents\?? ???) -- C:\Users\Loken\Documents\넥슨 플러그 [2010.12.06 22:09:55 | 000,000,000 | ---D | C](C:\Users\Loken\Documents\?? ???) -- C:\Users\Loken\Documents\넥슨 플러그 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.07.2012 18:04:50 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Loken\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,61% Memory free 15,99 Gb Paging File | 14,21 Gb Available in Paging File | 88,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,32 Gb Total Space | 31,36 Gb Free Space | 29,22% Space Free | Partition Type: NTFS Drive D: | 1289,84 Gb Total Space | 329,25 Gb Free Space | 25,53% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 202,65 Gb Free Space | 43,51% Space Free | Partition Type: NTFS Computer Name: LOKEN-PC | User Name: Loken | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01140AB6-A848-48F9-AD39-525D127547A3}" = lport=58724 | protocol=6 | dir=in | name=pando media booster | "{0446E856-89D6-445A-8C27-B183BFBA5221}" = lport=58424 | protocol=6 | dir=in | name=pando media booster | "{074D5215-3C86-4E12-87FD-3A7B6573B48D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{14AD89F2-B14C-408B-B035-6ACB0CDDAE8B}" = lport=137 | protocol=17 | dir=in | app=system | "{15502801-F426-4F58-B643-25EB50FFBDC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{19177D0E-A285-4919-9CAB-15D242F16CCD}" = lport=58424 | protocol=17 | dir=in | name=pando media booster | "{1B5303DF-B244-4588-B00B-6D4BA639242B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{1E8C6A89-955F-4FF8-9932-424FC831FCB7}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher | "{1F2FE733-9647-4CD2-A7D1-63A189F46ED2}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | "{1F6F2DF8-9EBB-4AAF-AA01-5B632076223A}" = lport=10243 | protocol=6 | dir=in | app=system | "{2D2D75AE-819F-4198-B240-1D6186064EA5}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{3FC0BB43-97DB-4714-A8C6-5BA2CEE05A45}" = lport=58724 | protocol=17 | dir=in | name=pando media booster | "{4AA4DA25-E8EA-4C47-BB35-052DB17F5C5F}" = rport=445 | protocol=6 | dir=out | app=system | "{5568EFBB-CF2F-4BA2-A6F4-17935606FD5A}" = lport=58424 | protocol=6 | dir=in | name=pando media booster | "{597A7544-7D25-488C-8B44-A8531440D05E}" = lport=58424 | protocol=17 | dir=in | name=pando media booster | "{5C22FC0C-E493-46CE-B45A-0EB68FC5BD7B}" = lport=139 | protocol=6 | dir=in | app=system | "{5CF07662-9CD9-4062-B2CF-27325BE6AC65}" = lport=58724 | protocol=6 | dir=in | name=pando media booster | "{68392D43-80E7-4620-882A-464EE6953888}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CA6EA62-32FF-4096-870A-A9568B9E4CEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7049E6D5-3627-4E22-AECE-45BEEBE61BBF}" = lport=445 | protocol=6 | dir=in | app=system | "{720E8703-DFFD-49AA-A670-0538D823EEC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{727763AC-2D05-4DC2-A292-A1C520A78892}" = rport=10243 | protocol=6 | dir=out | app=system | "{7B783E36-7762-49BA-A146-840AD924B580}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7DD3462E-524D-46B4-A30E-DBCA5C750316}" = rport=137 | protocol=17 | dir=out | app=system | "{83BAAC37-C714-4397-B2F3-A853BE1A2449}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{89460508-AA2E-4A43-9EDF-C07F37674572}" = lport=2869 | protocol=6 | dir=in | app=system | "{9098C87D-DB64-4353-9EAF-D7F66FD31396}" = lport=138 | protocol=17 | dir=in | app=system | "{99DF824E-1A3E-4302-8CBF-6BED9F5B8145}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher | "{9F8C218B-BEE0-47D5-9B73-764EB5B9EFC3}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher | "{A935CB5D-CAFE-4AA7-B48F-F8A93CA27752}" = rport=139 | protocol=6 | dir=out | app=system | "{C3B7CFA6-EBE9-4599-86FF-6AD3CC026A40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C8D6ADBA-8522-4424-8E91-8A3BA5CD4F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D81039D3-E14A-4D6D-B9D5-365990ACB35C}" = rport=138 | protocol=17 | dir=out | app=system | "{E9D33BFA-09E9-46BA-82BD-01BF061748DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECE3FDA0-3020-4CA7-98C2-8ACF3A0D8F1A}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher | "{F35690A1-B663-4D86-A8B5-57B9ED18CF37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F5B7958B-1780-4EE6-B885-55721E3D8855}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{FAE6FB9A-AFB1-48BD-B5AF-A56003625835}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FCAFE499-6DF4-4903-9A09-B3F5C709B55C}" = lport=58724 | protocol=17 | dir=in | name=pando media booster | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02538D10-4D19-4202-AE18-39F0B725BF73}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{02AF522B-CC2A-4142-8328-A688CAF7D762}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | "{03242253-3DDE-44AD-B211-ADD95A74ECB3}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | "{03816C0D-DA6E-4929-89BE-3A00BF6655C9}" = protocol=6 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2launcher.exe | "{05D63CC8-20BC-468E-9D92-CFF6CBE868FF}" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | "{064185CF-9ED0-4C54-BF91-0DF5D18DE535}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | "{071803FB-04ED-4D23-9D71-51D64B512D41}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | "{089F2651-D357-4185-BCC3-87FD89BC8E54}" = dir=out | app=e:\games\max payne 3\maxpayne3.exe | "{0A3EA8C8-FF8D-4E5D-95DF-8600C2835BB9}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dota 2 beta\dota.exe | "{0BC3EC74-FE1D-4AD7-A252-9C3067218A3A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | "{0BFD8D26-DBAB-4813-AAC9-E065C3BF3167}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm-dedicated.exe | "{0C2F35C0-6351-49E7-BBEC-BFE3B7B14C20}" = dir=in | app=c:\program files (x86)\zecter\zumodrive\zumodrive.exe | "{0CA17338-07D0-4CFC-B601-404B130AB5E7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{0D6D11A9-88EE-425B-87CE-8AFB13D6777B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0F16DEE3-E31B-4B3F-9EF2-CA28C886F64D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{10299D78-DB67-4D48-83AA-050F40E7E78D}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | "{10C428F0-7126-4003-9004-73F77F5C9456}" = protocol=6 | dir=in | app=d:\games\sacrifice\sacrifice.exe | "{136C0A4F-29FC-41B8-966E-DB883F149F16}" = protocol=6 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | "{15EE173B-2869-4AE0-847F-2434470F34D4}" = dir=out | app=e:\games\max payne 3\playmaxpayne3.exe | "{1672C937-0D35-4DC3-97A4-3C66B6689DD9}" = protocol=17 | dir=in | app=e:\games\max payne 3\playmaxpayne3.exe | "{17406FBE-0555-4E68-BA22-C3666FA7FB4B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | "{1776754F-2040-410C-BC24-2BFB0D601AAD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{1834C3F3-CEC8-4F62-AB4C-B1F345D0244C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{1A050891-89DA-4D28-9A84-FA038B75A4A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1A8BCE62-8693-4098-9633-DD7A5361643C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\gratuitous space battles\gsb.exe | "{1C1424D0-8812-48A7-B159-90EBAB3A21BA}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{1C59894E-A885-4814-85E0-C1BA49D5C72A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | "{1CB2C279-DA01-444E-89E7-50A42F4FCC85}" = protocol=17 | dir=in | app=d:\games\league of legends\game\league of legends.exe | "{1CDCE677-6E50-4739-BDCF-EAFA63EBD68E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1F0EAAFE-50EC-44DC-AFA3-B962DDCB7101}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | "{2126B5BB-805C-44EE-A734-3F4E6037EB76}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | "{218DC853-EFA3-49F8-BC70-B3EB903B54BF}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{21E22070-E0C5-41AC-9B1C-ECD3430193EE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{221119B6-3211-4CBE-AC89-3C5615668E84}" = protocol=6 | dir=in | app=d:\games\sacrifice\sacpro.exe | "{24CB9748-1670-4DAB-A4D1-A52637D4030D}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "{276AC2DF-0EE1-4133-AB0A-92CB47F03804}" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | "{284437A4-1B30-490B-A7FB-F2F40A8FE58D}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{2B4A6699-B625-4BF8-BC67-53933CF25040}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2BC61FBA-E6D4-4962-8E5C-E9CCE168813F}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | "{2C5C86FD-BD05-4672-86F7-10DAEE1E7442}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | "{2DCDFCBC-EBE0-4FA4-A69F-1B64E6F5DA7F}" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe | "{2EB9F991-0207-4366-AD1F-FA9F97E8C2E4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{2FC6C210-557B-45F4-A0E2-15BD8015B8EE}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{30762514-1C19-409D-AC3F-FA1DE505CCFF}" = protocol=6 | dir=in | app=d:\games\diablo iii beta\diablo iii.exe | "{319AA293-C79E-43FE-8924-AD4D8FF1D8E8}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike source\hl2.exe | "{31A16E8D-38D1-40CD-A937-F532D98A7B90}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{31BEDFD3-C3D2-4FE0-A24A-F84B43658B88}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{32E04451-3D77-4707-BC7F-15F3BC5C9CDA}" = protocol=6 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | "{3303F571-59B4-4011-90D0-986B42EDBECB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | "{3446B497-B488-44BA-82B6-96AB8CB595CD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dota 2 test\dota.exe | "{365058BD-EE37-460A-8FDE-921DC1E6C5D7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | "{38608552-2776-47EC-AE15-85E5E8B07F98}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | "{3880D7E9-E2FB-4860-9767-44D26BC3BF89}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{3924ABE7-B0A2-4217-B4E7-857439DB0D8C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | "{39AB9C45-0847-4E94-B089-A9932B2D141D}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | "{39BE6EE3-D01C-4472-8118-4B70274C2DD2}" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe | "{3C3CF90F-EE96-4477-8755-28A32F30CB61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3E409E17-19B9-4C49-945A-5AC09E3943AE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{3E427088-36BD-4B11-B7CD-C147B9394E0E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | "{3E590DC9-AFAB-4B88-B334-BDA1B6DBF377}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{3ED231B3-94E0-4622-B9DC-8C3756073BED}" = protocol=6 | dir=in | app=e:\games\max payne 3\playmaxpayne3.exe | "{3F7F85C7-CF0D-4CB8-A4E7-0046017D7BD4}" = protocol=6 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | "{404A09E6-057A-4C93-952F-8F953A251378}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | "{41FA05D0-78C1-4F3D-B6D7-CEFE51524F44}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{44FE1EC0-7A30-4E1B-B7A6-32A184E6919D}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | "{44FE6E75-B432-40CA-854A-19BD2B8B8470}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | "{481EE9E5-E3CD-4C3E-A708-54DDE5AC5C31}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | "{483C4593-E59B-488B-A567-F4CB311BA5C7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{48D34201-D9DC-4406-824D-5B8E807211D2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | "{4A49E1B6-4861-4C05-ADC7-50FA4C322D5D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4BD09722-804A-4DE3-A319-88F4B6CB237F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4CDB60AE-1630-4C93-A65C-155C629F976A}" = dir=in | app=e:\games\max payne 3\maxpayne3.exe | "{505DA603-6F1F-45B7-BFC3-8C9527F28A02}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "{5181515E-1736-430B-87AB-A0EA185FB018}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | "{5231A819-38C1-41E2-B70D-CF5BC999E8C9}" = protocol=17 | dir=in | app=d:\coding\eclipse\eclipse.exe | "{53A3997C-C458-4F71-8EA0-A59E9C337B3F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{54375636-F24D-4B39-97EE-8DA4BD69D8F4}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dota 2 beta\dota.exe | "{544AA53C-0803-4A5D-B909-C4F004BCA763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{54DF07D1-E8B2-42C5-AF33-B762806D2CC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{552485C0-6785-4FE9-9512-546CE189F4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{55C7D1C0-0132-446F-8BC6-73EA0EFE04FE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | "{577B93A0-1250-4785-9B6A-BB6A9D8EF0E5}" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | "{58A36D0F-B400-4392-A987-C19F4668D639}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{592322E3-224D-42CC-9A6B-C7BDA1B5286A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | "{598AFA36-0BDB-418D-B695-194A45C8C4F2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | "{59B49068-89C4-4B9E-9D2D-003AEF577389}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{59FD964E-4419-440C-8130-19932590B8DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | "{5A5F890B-B4AD-403B-9B55-CC25D25376D1}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | "{5AC66C52-C234-49C8-8205-ED90F0F7EC56}" = protocol=6 | dir=in | app=d:\games\assassin's creed ii\assassinscreediigame.exe | "{5B948742-B951-4148-BD86-C96E6F8C6819}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | "{5F079A22-F6BD-4318-B507-51122C60E6AF}" = protocol=17 | dir=in | app=d:\games\assassin's creed ii\uplaybrowser.exe | "{602B0AAC-37A4-438F-975E-B06015CE6032}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | "{60DC683C-FDF7-4274-A03D-5AA3EF3C3490}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | "{62906C70-0915-4997-9336-063EDCF5B2ED}" = protocol=17 | dir=in | app=d:\games\diablo iii beta\diablo iii.exe | "{63C9FBFD-94E9-431C-A3A8-B18D35CAFB19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{63E766C4-360A-4BA9-ACDF-E09558237470}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | "{646E9779-7AFB-43A7-ADB4-0391CD61EC2C}" = dir=out | app=c:\program files (x86)\zecter\zumodrive\zumodrive.exe | "{65867C1E-59BF-401E-9A8B-D65E5E9D647B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | "{66806F7E-3901-4673-8BDC-67455D64F1DA}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | "{66F9C13F-3017-4236-A9F1-0F40F936D9D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{66FF120B-26AB-486B-A747-527E604CCB5E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dawn of war 2\dow2.exe | "{671E5612-93C1-4B95-9304-188D28454B40}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\from dust\from_dust.exe | "{69EC02CA-FEAB-4740-A15F-6467A2FB49BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{6A1C2C7E-597B-4F42-AD7C-B9FA8B299AC2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\gratuitous space battles\gsb.exe | "{6A80287B-A418-47BD-8C0B-3AAC0E16CA1C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6C072347-AB71-4664-85EE-FF203B6CBC25}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | "{6CA7FC71-B37E-4FB5-BB70-CC937E7FFA1E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead\left4dead.exe | "{6DDDF192-A1B6-46EE-A5A2-2AFDB517F7D6}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{6E768904-B9EC-451B-A192-9599B13939A5}" = protocol=6 | dir=in | app=d:\games\the secret world\clientpatcher.exe | "{70363F54-68E1-40B4-908E-799D1F44A2BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{71BDD049-18E6-4A66-8414-E9BB5F33DCF8}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\osmos\osmos.exe | "{71D0AEEB-40D4-43A4-82BD-0B5DDA9745CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7342B605-669A-44D3-B071-FD90BBE197ED}" = protocol=17 | dir=in | app=d:\games\sacrifice\sacpro.exe | "{739988F9-0A21-4114-BA0F-7A0CB04C49AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{74A83D69-9FA0-4316-B6F6-F4C39B4DE2C3}" = protocol=17 | dir=in | app=d:\games\assassin's creed ii\assassinscreediigame.exe | "{76857968-8261-4D54-BB5F-2ABCFA65D64E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | "{76DB0BD3-362A-42D2-8F96-9B1E986397BA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{7739CC30-6B8E-4BE1-B9EB-FD051BCC05E4}" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | "{77B4105E-CC6B-4E8A-9CBD-695AD42D89C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{77F16B05-B74C-48E4-9B23-7E0289F3CBB7}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | "{78FD9B8D-501D-42BA-9923-AB8AB3CD22E8}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead\left4dead.exe | "{790EA419-85FF-44D1-B8BB-50E030CEAD59}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | "{7B71DB83-B74D-4268-BCC8-9FB42313569B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\hammerfight\hammerfight.exe | "{7E3E193D-A85D-4AEC-94CC-0ADE9CE37325}" = protocol=17 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2launcher.exe | "{7F5C5CB8-E829-4574-A58B-9BEE6F574359}" = protocol=6 | dir=in | app=d:\games\league of legends\game\league of legends.exe | "{800126F1-82C3-4646-8B81-16CDF0EB8C99}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{805FD052-04BA-4A3F-A31A-E5B5B3E864A5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{80D86821-252D-4020-8A8D-5A8F429359A8}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{810BBF4D-DC0B-479C-821D-96B4C95497DF}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{821C082E-54C5-4CE2-B53F-503DAF41522B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8227B77C-D11C-4B92-A80B-7631C1715265}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{83025A0E-8479-46FB-ADF3-6175487F7CC1}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | "{860D9542-175B-49AA-8D96-97002BF623D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8635233D-F007-45E0-804E-BFC41DED716B}" = protocol=6 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | "{863ABF60-E8DF-4852-A0C8-CCD8CC3B5922}" = protocol=6 | dir=in | app=d:\games\assassin's creed ii\assassinscreedii.exe | "{8677C972-6835-41E6-ABDF-9DDD464E1B24}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | "{89460D60-244B-4CB8-9FCD-C69E42BA3A27}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{8A4E5A19-AFFB-4FF7-9FDC-18160C660C6B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | "{8A558F2C-B355-4F5F-84D0-D4D28DA5D198}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{8CD27473-9693-474A-A2EA-BE038D7590C1}" = protocol=17 | dir=in | app=d:\games\league of legends\air\lolclient.exe | "{8DFED289-68C3-4C2D-B6C3-4EC7437258C3}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | "{8E2A3B85-724F-4DEE-9F8E-D77CA0D38164}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{8E5FE767-0076-47AA-B50B-53777C66B9A4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | "{8E93F14E-AA87-40EE-939D-F240AE70A2C7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{906DB811-9577-443C-8D78-9C79512233ED}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe | "{90FCAE85-0606-4FF1-93F0-B12AB1CE97DA}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{910F96C4-4652-43D6-A473-4D41667DEDE1}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\launchpad.exe | "{9163E4B6-0A23-450B-8AB0-8135877F5FCE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | "{935DD952-E381-4405-AB08-19601E53E583}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94100EA2-2534-4521-A6A6-83192F6AACBB}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\brink\brink.exe | "{945A92D6-532E-4657-A267-0B898B3EC588}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{9534C520-6BE5-4047-81B6-2C1ECF9B2B2E}" = dir=in | app=e:\games\max payne 3\playmaxpayne3.exe | "{95D909D1-7855-4BE5-9BBD-9C272533F863}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | "{965AE42F-134A-44DE-ABC3-2CDD8886AD58}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{971C3ED5-F218-4066-8E8E-A39D9BBD0CA0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | "{97DA5A27-6B2F-43B8-B448-BB4BF89A00D5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\shank\bin\shank.exe | "{98118977-70D7-43A9-BA7B-86455A6E3724}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9B29710B-523F-4094-90FD-AD7954B0E617}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{9BA952B6-1352-42A2-A3B7-FB5046064774}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm-dedicated.exe | "{9E4E9F5E-35B9-4704-B953-2BB5C1CB2301}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\osmos\osmos.exe | "{9F052551-DE98-4AF4-8DDB-69D65E0082F6}" = protocol=6 | dir=in | app=d:\games\might & magic heroes vi - public closed beta\might & magic heroes vi.exe | "{A11F72FB-8A03-4E34-974B-1F17D44B5C01}" = protocol=17 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | "{A336B055-11C8-4FDB-BA6D-5603A1375AFD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | "{A40DB6A0-440E-4B01-AAC0-C967ABC1EFA2}" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | "{A55D17A1-4C8D-41DA-9478-B90225924A10}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | "{A599FA69-809C-4DBA-8FCD-0C789B2A4BE0}" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | "{A629AB71-D9E0-4EB1-841F-447E6674E695}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | "{A63D4E53-A1E3-498F-850B-5CA5D901E6ED}" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | "{A64A0AAA-354C-4F3E-B104-18FC06B7A5D6}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | "{A7163A2C-9091-4A09-BC10-E8D6E9D90946}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | "{A7961CA1-7A8D-4486-8EF9-6C82A56716B8}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "{A9E3C1C7-E86C-4706-BFBC-1B4CADCE1682}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | "{AC5D8FAA-0152-42DC-90DC-F226A53500E4}" = protocol=6 | dir=in | app=d:\games\assassin's creed ii\uplaybrowser.exe | "{AC94B1EC-CE5C-49FA-8A61-3304DE08D6BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AD1F6E36-F59C-4914-9A8C-DE88F7A0D3A2}" = protocol=17 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | "{ADF606C1-82AB-43B1-886F-689D15E37F86}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\machinarium\machinarium.exe | "{AE0766C0-A6F2-4940-9122-BD85AA9CD467}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{AE452443-622D-4775-8E0E-0B53977D60A5}" = protocol=17 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | "{B0AE12EF-B172-4E29-B3BA-198016C747F4}" = protocol=17 | dir=in | app=d:\games\the secret world\clientpatcher.exe | "{B0C741A6-5748-456E-A50F-4CFCD5B9B598}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{B3021AE1-8316-4926-8335-36C1CF25F11A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | "{B3A135B5-30D7-4161-901D-EFFD2E846FF3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B41B17B0-70A0-4848-85CD-02E5C3BBEB4C}" = protocol=17 | dir=in | app=d:\games\sacrifice\sacrifice.exe | "{B524B600-9555-488F-8C76-569C40D7B690}" = protocol=6 | dir=in | app=d:\games\league of legends\air\lolclient.exe | "{B63B73CE-EBD8-4474-8E63-53C1E2B3E979}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dota 2 test\dota.exe | "{B657C087-D0AA-4E89-803C-285E8F2C09EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{B70F4A99-89E8-443F-B2F7-474BEDEAA7F2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | "{B99EB0C7-FD27-4CA4-8FE8-784438FCB532}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe | "{BA9D9EFA-C1C0-43C0-8505-4852690FAA19}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BB7CB6E4-BE14-43A1-B391-76FBB16759FB}" = protocol=6 | dir=out | app=system | "{BC49F983-794B-492F-99BF-A087D5EC118E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | "{BFFAC7B9-73B4-4AE6-AAF5-70384B179746}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampionsloader.exe | "{C2A08AE6-85C8-4922-866A-D5FF603D270C}" = protocol=17 | dir=in | app=d:\games\assassin's creed ii\assassinscreedii.exe | "{C3771204-D3E5-4411-9E45-C03AE62B249B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{C72F99DF-9E38-450F-9923-78D1A27ECDF9}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | "{C85CD130-B05E-4802-89A3-1F5ECE0519AE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | "{CA3605BA-0CDD-4CEA-83C4-70FBF3CFCBE0}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | "{CA4C6ABF-913D-44CA-AECF-2BB10229E164}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\steelstorm.exe | "{D0DDCA49-0AD5-4BE0-A0F4-A15DA763194A}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\srcds.exe | "{D29500CC-0D90-4DAA-9782-EAFF3AD7230C}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | "{D2B6E0C7-61CE-4E07-A480-0237AE5459DD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\shank\bin\shank.exe | "{D494F98B-7C56-4CAE-83F9-8037283030C2}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe | "{D935CE7F-043F-42EB-B1FC-AD900A38F194}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{DB6CE2FA-27EB-450B-A298-42C7E3927BBE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | "{DC80928D-FB89-47E3-95D4-AAFF197EB2E6}" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | "{DD14D57D-BD54-4EDE-9803-C2DDD731E6DB}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\crayon physics deluxe\launcher.exe | "{DF200A6D-989E-499D-AF68-11E62233FB31}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\half-life\hl.exe | "{E1DD98E7-0908-4B1E-AC56-E267AD59A907}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\alien swarm\swarm.exe | "{E3079A38-1790-434A-80B5-1DEDCAB41D0E}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | "{E332382C-8806-42D6-88CA-6D173DFBBB50}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | "{E54C7659-547B-4953-AD70-51C7F80E342E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\hammerfight\hammerfight.exe | "{E5550310-307B-40EF-BB07-CEC2C78F21B4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\natural selection 2\ns2.exe | "{E626F377-682B-4411-A8AD-1E268023B7B1}" = protocol=6 | dir=in | app=d:\coding\eclipse\eclipse.exe | "{E9756B91-1486-4AE4-9F3B-E4264A29001E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{EC35BC12-95E5-4270-8C2C-B7EBC2406082}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike\hl.exe | "{ED0EACC7-C9B3-4713-9295-1E59E0D406B0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | "{EEE04416-C6EA-4E24-90FF-3AD300F60276}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | "{EF2B887B-93E1-4D1D-BF35-296B22F5093A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{F1027DD5-2FBD-4522-9207-618CAC3E1475}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\cogs\cogs.exe | "{F1D1E671-A3FC-49EE-BB61-51AD7ED3418E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F25BC10D-360D-4D6A-9DFE-47381CD5E718}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F387DB4B-065A-4248-A590-0ED7143E1DC0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | "{F3AC8BCD-799A-41C0-B259-18B7E175DC6D}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\machinarium\machinarium.exe | "{F4F6777A-3B71-4D0F-923B-80DA9F6BA660}" = protocol=17 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | "{F60362E8-B3BA-47C7-9CE7-A3FF40CE4E10}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | "{F65634FB-3788-49EC-B068-D2E976B40EDB}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{F7845306-19F4-4534-B524-29C095C24412}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{F8E6EBEC-B162-47F1-8B6A-94721B0F2C6E}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe | "{F913725D-F665-48EC-A4E9-004DB75FD7AF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{FB8CD308-D71D-4DB1-A297-234DFC4FA0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | "{FC761459-468A-4E9B-B8F3-030820F60EE6}" = protocol=17 | dir=in | app=d:\games\might & magic heroes vi - public closed beta\might & magic heroes vi.exe | "{FD050AF4-17A8-421D-A016-DFB954CEB24D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FFC1B0DE-D38E-4B84-A847-C495F4CCC4B5}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\heller0210@aol.com\counter-strike source\hl2.exe | "TCP Query User{013339BC-F7F8-4CE4-AB78-4AC8B420226A}D:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{0F63EBD8-636F-476A-8037-BBDE03EF2381}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | "TCP Query User{11A7B548-976A-4B93-9B28-AA962E03B1CA}C:\users\loken\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\loken\appdata\local\akamai\netsession_win.exe | "TCP Query User{19181477-3BA6-4326-91A5-39FFD6D32C2C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{1F922A05-353F-4E74-B9A7-EE7AD6DF175D}D:\games\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\games\borderlands\binaries\borderlands.exe | "TCP Query User{2273B53D-3563-495E-9A83-45A734AAC597}D:\games\lost planet 2\lp2dx11.exe" = protocol=6 | dir=in | app=d:\games\lost planet 2\lp2dx11.exe | "TCP Query User{294D2051-E584-42DE-BDC7-CB80FD2B8495}D:\downloads\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_diablo2_lord_of_destruction_engb.exe | "TCP Query User{2BA0AFD2-72FA-417B-B472-007548DA9325}D:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe | "TCP Query User{2E6DB3FD-A1C5-4F33-B3FE-16496773A624}D:\games\hunted the demons forge\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=d:\games\hunted the demons forge\binaries\win32\p4dftre.dll | "TCP Query User{30030A19-0505-4A95-9049-51E637CC35B8}D:\games\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | "TCP Query User{314B0585-A8FC-434B-BF0D-8F4ACD8C3629}D:\downloads\downloader_diablo2_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_diablo2_engb.exe | "TCP Query User{356627FE-AAB3-4003-9AB1-A8BA03CE9C96}D:\games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe | "TCP Query User{3705862B-C9C3-4348-A3D4-AAE459A42DF0}C:\users\loken\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\loken\appdata\local\temp\dsoclient\app.n3app | "TCP Query User{39CBED72-321F-4772-9A50-2CE5DBBF33C2}D:\games\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=d:\games\vindictus\en-us\nmservice.exe | "TCP Query User{3BF8F489-EFF8-4C34-ADB3-18D6ED1CEB1D}E:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "TCP Query User{3D1167B0-D554-4282-A1CE-B5B557323F8E}C:\program files\java\jdk1.6.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\javaw.exe | "TCP Query User{3EB41B75-F516-45B7-9E82-05F6529F306F}D:\games\hon\hon.exe" = protocol=6 | dir=in | app=d:\games\hon\hon.exe | "TCP Query User{4D4BEA9E-E46D-4ABE-8551-BC4C5A413F2F}D:\coding\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\coding\eclipse\eclipse.exe | "TCP Query User{53425D78-8066-492D-9001-A73AA7BA55BA}D:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | "TCP Query User{552CEEF3-38EC-440D-8609-85340403BECE}D:\games\front mission evolved\frontmissionevolved.exe" = protocol=6 | dir=in | app=d:\games\front mission evolved\frontmissionevolved.exe | "TCP Query User{5DE5C34C-F0F0-446D-925E-9F46FEA0ACD7}D:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | "TCP Query User{614E8855-A3C3-40D0-A2A2-1BB925FFA68A}D:\games\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\games\the witcher 2\bin\witcher2.exe | "TCP Query User{6204093E-8A7E-4E64-A14B-2531BFC90C39}D:\games\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base18574\sc2.exe | "TCP Query User{78673474-1DC5-4E95-9849-2AD2D7A2108C}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | "TCP Query User{7BEEE351-9729-46E8-BEAE-74DFB285B841}D:\games\mortal online\mortal online launcher.exe" = protocol=6 | dir=in | app=d:\games\mortal online\mortal online launcher.exe | "TCP Query User{7F92FC75-CC56-4546-8DFC-931A9C764BFF}D:\games\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\games\soldat\soldat.exe | "TCP Query User{81F60E9F-5923-4539-BAD1-7734C89CF042}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{8216A721-F04A-4A9E-9CAB-1503F26F746C}D:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{83CE7BDE-BE4A-4A53-B5C7-9B6B5AF7CC89}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe | "TCP Query User{896501C9-C7BC-4EA6-BB47-E25B0077C05D}D:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base19132\sc2.exe | "TCP Query User{8D292B67-FF9A-410B-8140-3CE80C44AD4F}E:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | "TCP Query User{961BF505-2284-49D4-8BD5-F671FF512DEA}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{9FCD3E7E-2A85-4047-B4C1-F9870CCF8EB0}D:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe" = protocol=6 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | "TCP Query User{A32197D6-1CE9-4410-87C4-673D86CBB7F2}D:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe" = protocol=6 | dir=in | app=d:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe | "TCP Query User{A985C51F-9C5B-478D-B8A0-E105B745684A}D:\games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=d:\games\league of legends\lol.launcher.exe | "TCP Query User{AB8C9696-3822-43CC-8D1E-143D29995600}D:\games\sacrifice\sacrifice.exe" = protocol=6 | dir=in | app=d:\games\sacrifice\sacrifice.exe | "TCP Query User{B78B9675-D94B-41BB-AE65-D723EAF415E2}D:\games\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2demo.exe | "TCP Query User{C062DD20-2B57-4867-B720-B43F4A091749}D:\coding\aptana studio 3\aptanastudio3.exe" = protocol=6 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | "TCP Query User{C46B2A90-1CB1-40D8-BD6B-C204CAB2946D}D:\coding\eclipseseam\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\coding\eclipseseam\eclipse\eclipse.exe | "TCP Query User{C782D710-6216-49C6-9D3C-ABF719845643}E:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | "TCP Query User{C7959C5B-AF63-4E34-A21D-1FBFC77AF21E}D:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=d:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe | "TCP Query User{CA29E3C1-39A7-4300-8FE2-18BC0BCF4E5C}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "TCP Query User{CC008960-00FD-4CC6-92F3-63836BC8972F}D:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe" = protocol=6 | dir=in | app=d:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe | "TCP Query User{CEC1C65E-1894-4EEC-86D5-29652F19E914}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{D65A88F5-73B9-4BF3-B0D2-211AB46DD79C}D:\downloads\openlierox\openlierox\openlierox.exe" = protocol=6 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | "TCP Query User{DCB01605-C840-4199-A545-D7075C7D91C2}C:\program files\java\jdk1.6.0_25\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | "TCP Query User{E429E59F-9ACE-4224-8B65-6D12574A3863}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{EA8771CD-1C4D-4DEC-9525-EFCBBB1ADCAD}D:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\games\tera\tera-launcher.exe | "TCP Query User{EE9FB2E1-151B-411D-A770-B99E7886CC09}D:\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=d:\downloads\starcraft_2_eu_en-gb.exe | "TCP Query User{F043913B-A034-45DE-9479-CFEFF2F87B4A}D:\games\sacrifice\sacpro.exe" = protocol=6 | dir=in | app=d:\games\sacrifice\sacpro.exe | "TCP Query User{F14C7EA9-3DE8-486B-81B7-9F6564C767B5}C:\program files (x86)\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe | "TCP Query User{F52A0C92-7FCC-4B65-9237-9300F0CFFF29}D:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe" = protocol=6 | dir=in | app=d:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe | "TCP Query User{F80A31F9-07A6-4E82-A35E-A3A09D8F8A15}D:\games\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=d:\games\orcs must die!\build\release\orcsmustdie.exe | "TCP Query User{FF89F680-EB72-4AC8-BA68-D9E1AA4A8C0B}D:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe" = protocol=6 | dir=in | app=d:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe | "UDP Query User{198ED09A-F3E0-462D-92E3-9A5DEBCCF3F7}D:\games\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=d:\games\maniaplanet\maniaplanet.exe | "UDP Query User{1B389EB3-5947-4B4B-B621-6BC51BB9720D}D:\games\front mission evolved\frontmissionevolved.exe" = protocol=17 | dir=in | app=d:\games\front mission evolved\frontmissionevolved.exe | "UDP Query User{1C045350-01E1-4C65-8076-83A426DC088A}D:\coding\aptana studio 3\aptanastudio3.exe" = protocol=17 | dir=in | app=d:\coding\aptana studio 3\aptanastudio3.exe | "UDP Query User{25C2F7D9-0519-47C5-8DF0-8D9A8F5B7ED6}D:\games\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=d:\games\vindictus\en-us\nmservice.exe | "UDP Query User{270D290B-AFA0-43D4-AF0E-5E4810DBF6E0}D:\games\hunted the demons forge\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=d:\games\hunted the demons forge\binaries\win32\p4dftre.dll | "UDP Query User{2E5FA2BB-EC72-44D3-8C68-74F376C1B4A8}D:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe" = protocol=17 | dir=in | app=d:\games\squareenix\final fantasy xiv beta version\ffxivboot.exe | "UDP Query User{311B7059-0571-4FB8-B5DC-4D6DD3D6F344}D:\games\lost planet 2\lp2dx11.exe" = protocol=17 | dir=in | app=d:\games\lost planet 2\lp2dx11.exe | "UDP Query User{31930926-832F-433E-B9DC-815CA97B0CA8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{3714CADF-E59D-42C0-8412-BBD72FDB5A95}D:\games\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base18574\sc2.exe | "UDP Query User{3BAC0325-4112-4289-B484-9FFA9B8AF218}D:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-2.0.1\bin\mongod.exe | "UDP Query User{45661AEA-257B-4E50-AB15-5FCF297CD130}D:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=d:\games\bloodline champions beta\binary\bloodlinechampionsloader.exe | "UDP Query User{46C720C3-B021-4A67-9610-7EE2FF32B6FC}E:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe | "UDP Query User{474DDA0F-D259-4E91-B406-8AB813BA8E86}E:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "UDP Query User{4E0B46E5-1546-443E-B1DB-54DD7A0079E6}D:\games\hon\hon.exe" = protocol=17 | dir=in | app=d:\games\hon\hon.exe | "UDP Query User{4F30FE56-6701-4C49-B542-176652A9211A}D:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_warcraft3_reign_of_chaos_engb.exe | "UDP Query User{54092864-EF7C-4012-9971-79BF81C8ED7A}D:\games\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\games\borderlands\binaries\borderlands.exe | "UDP Query User{5E37F377-BA31-4E42-A9BD-B1D42F384DFA}D:\games\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\games\the witcher 2\bin\witcher2.exe | "UDP Query User{6129EE90-5E77-4B91-8E11-3B6B9B47299A}D:\downloads\downloader_diablo2_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_diablo2_engb.exe | "UDP Query User{61C35726-06A8-4710-B16F-C14FB06782F8}D:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe" = protocol=17 | dir=in | app=d:\coding\mongodb-win32-x86_64-1.8.1\bin\mongod.exe | "UDP Query User{65BB4002-D673-457B-ABE4-653D4412C19F}D:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_warcraft3_the_frozen_throne_engb.exe | "UDP Query User{6E686BFC-CB93-4DAC-982C-C981DE0E01FF}D:\games\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=d:\games\crysis 2 demo\bin32\crysis2demo.exe | "UDP Query User{73AB3E65-4CF2-4F35-ACF6-29E99D51727F}D:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\games\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe | "UDP Query User{751BE26D-70F6-4C96-9F39-FCD28B8B8861}D:\coding\eclipseseam\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\coding\eclipseseam\eclipse\eclipse.exe | "UDP Query User{752007F8-4BD9-45B6-A15E-0A1D1E49A626}D:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe" = protocol=17 | dir=in | app=d:\coding\eclipseseam\jdk1.6.0_22_32bit\bin\javaw.exe | "UDP Query User{7C97F23E-98A6-4610-9B9C-B7EF7B0B8B61}D:\coding\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\coding\eclipse\eclipse.exe | "UDP Query User{7FD64A98-F14D-4650-A2A3-82328F27F35D}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | "UDP Query User{8338FA5C-F223-4DE1-94F4-5833B82E4251}D:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{849DFA84-5432-4582-8EC2-25125301645C}D:\games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=d:\games\league of legends\lol.launcher.exe | "UDP Query User{8741742E-1088-4669-86E3-B84FA8241C0E}D:\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=d:\downloads\starcraft_2_eu_en-gb.exe | "UDP Query User{935207B0-36AF-42D3-8E4A-7F81DADE359B}C:\program files (x86)\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2010\qip.exe | "UDP Query User{9EACC4DE-3909-47BF-AAD5-9910AD63147C}D:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe" = protocol=17 | dir=in | app=d:\games\mortal online\mortalonline\unrealengine3\binaries\win32\mortalonline.exe | "UDP Query User{A238CEAE-3209-444F-B6E7-2E271094D35C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{A2D0ED4D-E17C-46B1-BE58-7406BDE23366}D:\downloads\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=17 | dir=in | app=d:\downloads\downloader_diablo2_lord_of_destruction_engb.exe | "UDP Query User{A55A172E-F796-404C-AB2E-80DC9F40CEA2}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{AA631CE5-E6BF-4425-9CDC-5E093D6B9C41}D:\games\sacrifice\sacpro.exe" = protocol=17 | dir=in | app=d:\games\sacrifice\sacpro.exe | "UDP Query User{AB29208F-3DD7-4289-9CEC-B3D356097122}C:\users\loken\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\loken\appdata\local\akamai\netsession_win.exe | "UDP Query User{AFA98850-2751-492E-B8EB-5CCA2B258533}E:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | "UDP Query User{B3B3FE6C-BDFB-4D52-9F31-2059A427275D}C:\users\loken\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\loken\appdata\local\temp\dsoclient\app.n3app | "UDP Query User{B4303567-3A16-467D-8DEB-D35D1FEF56DF}C:\program files\java\jdk1.6.0_25\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\java.exe | "UDP Query User{B617320E-5197-499F-8157-562175808E4D}D:\games\sacrifice\sacrifice.exe" = protocol=17 | dir=in | app=d:\games\sacrifice\sacrifice.exe | "UDP Query User{B6AE0348-6498-4B72-AA3D-556DC63E0106}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{C5655CED-49CC-443A-8170-9104EBD393C3}D:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\games\tera\tera-launcher.exe | "UDP Query User{CE9B9F14-0570-429A-8002-B61FA3C30D05}D:\games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe | "UDP Query User{CF040B27-8A36-4513-94A8-6C83E8DA73BF}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe | "UDP Query User{D02C10E6-47B1-4AAB-9E8F-B896A61D9D8F}D:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{D70AEAD7-9830-484F-907A-79E34466C768}D:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base19132\sc2.exe | "UDP Query User{DD65DA4B-5980-4D24-A3B3-E8B8BC80B7BF}D:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2game.exe | "UDP Query User{DF26936E-C23D-4BC4-A125-43095194F725}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{E32A5DDA-8286-49A1-AF92-2EC6AD2F5DD8}C:\program files\java\jdk1.6.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_25\bin\javaw.exe | "UDP Query User{F311BF6F-4A2A-411F-997C-569C8A3AB299}D:\games\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\games\soldat\soldat.exe | "UDP Query User{FC1A83B4-5EA3-49C9-BC8B-142CC07699DF}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{FC7CB17A-7E55-41F1-8F81-9EBB8AABB9DE}D:\downloads\openlierox\openlierox\openlierox.exe" = protocol=17 | dir=in | app=d:\downloads\openlierox\openlierox\openlierox.exe | "UDP Query User{FE8B8D1C-C42E-4EC1-B1AA-F06066BC0CEE}D:\games\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=d:\games\orcs must die!\build\release\orcsmustdie.exe | "UDP Query User{FF83AAB8-F97A-4F7A-93DE-9E10C67EA747}D:\games\mortal online\mortal online launcher.exe" = protocol=17 | dir=in | app=d:\games\mortal online\mortal online launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager "{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel "{23170F69-40C1-2702-0917-000001000000}" = 7-Zip 9.17 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35 "{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders "{5C770DFD-6F38-4915-8FF5-C7C7555039A9}" = MySQL Server 5.5 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit) "{6DC8FF97-A9CF-02F2-8FC1-F5E1B69A34E3}" = AMD AVIVO64 Codecs "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E1EC311E-EB1A-461E-A0BE-FA796852436D}" = O&O DiskRecovery "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CPUID HWMonitor_is1" = CPUID HWMonitor 1.16 "LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{19F59AB5-B1F6-4276-A40B-09472318BCFF}" = Star Wars Galaxies: Complete Online Adventures "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1C78514A-5E5A-E653-1271-DAC1744206E3}" = HydraVision "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive "{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All "{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5 "{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus "{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish "{2DDC57D4-594D-4F30-8D81-27FDB2243644}_is1" = Deus EX Human Revolution version v1.1 "{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012 "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta "{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service "{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm "{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard "{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish "{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German "{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver "{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy "{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™ "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2 "{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese "{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{951D4810-1C32-47D1-A5BD-7A1BFB526D94}" = DAoC Portal "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common "{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced "{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3 "{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek "{C4AE43CF-02E1-4896-B64A-A07E033B8920}" = Atlassian Bonfire Internet Explorer Extension 1.8.5.0 "{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese "{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian "{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.3 "{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface Service "ALchemy" = Creative ALchemy "Aptana Studio 3" = Aptana Studio 3 "Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7 "AudioCS" = Creative Audio-Systemsteuerung "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7 "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battlelog Web Plugins" = Battlelog Web Plugins "Borderlands Gold_is1" = Borderlands Gold "CDisplayEx_is1" = CDisplayEx 1.8 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Dark Age of Camelot" = Dark Age of Camelot "Darksiders_is1" = Darksiders "Diablo II" = Diablo II "Diablo III" = Diablo III "DivX Setup.divx.com" = DivX-Setup "Downloader" = Downloader "DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt "ESN Sonar-0.70.0" = ESN Sonar "ESN Sonar-0.70.4" = ESN Sonar "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "FileZilla Client" = FileZilla Client 3.3.5.1 "foobar2000" = foobar2000 v1.1.1 "Foxit Reader" = Foxit Reader "Front Mission Evolved_is1" = Front Mission Evolved "GOM Player" = GOM Player "GomTVStreamer" = GOMTV Streamer "HD Tune Pro_is1" = HD Tune Pro 5.00 "HeidiSQL_is1" = HeidiSQL 6.0 "hon" = Heroes of Newerth "Hunted The Demons Forge_is1" = Hunted The Demons Forge "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full) "LastFM_is1" = Last.fm 1.5.4.27091 "Lexmark X1100 Series" = Lexmark X1100 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "ManiaPlanet_is1" = ManiaPlanet "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "OpenAL" = OpenAL "Orcs Must Die!_is1" = Orcs Must Die! "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Puzzle Quest 2_is1" = Puzzle Quest 2 "RAGE LEAKED PATCH CRASHFIX 1.00" = RAGE LEAKED PATCH CRASHFIX 1.00 "Rockstar Games Social Club" = Rockstar Games Social Club "Sacrifice_is1" = Sacrifice "Star Wars The Force Unleashed_is1" = Star Wars The Force Unleashed "StarCraft II" = StarCraft II "Steam App 18700" = And Yet It Moves "Steam App 22350" = Brink "Steam App 26500" = Cogs "Steam App 26800" = Braid "Steam App 26900" = Crayon Physics Deluxe "Steam App 29180" = Osmos "Steam App 33460" = From Dust "Steam App 35130" = Lara Croft and the Guardian of Light "Steam App 40700" = Machinarium "Steam App 41000" = Serious Sam HD: The First Encounter "Steam App 41010" = Serious Sam HD: The Second Encounter "Steam App 41100" = Hammerfight "Steam App 41800" = Gratuitous Space Battles "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 4920" = Natural Selection 2 "Steam App 55040" = Atom Zombie Smasher "Steam App 55150" = Warhammer 40,000 Space Marine "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retributionâ„¢ "Steam App 570" = Dota 2 "Steam App 6120" = Shank "Steam App 630" = Alien Swarm "Steam App 6370" = Bloodline Champions "Steam App 65800" = Dungeon Defenders "Steam App 70300" = VVVVVV "Steam App 93200" = Revenge of the Titans "Steam App 94200" = Jamestown "Steam App 96200" = Steel Storm: Burning Retribution "The Secret World_is1" = The Secret World "Time Doctor_is1" = Time Doctor 1.3.31 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.7 "VMware_Workstation" = VMware Workstation "Warcraft III" = Warcraft III "winscp3_is1" = WinSCP 4.3.4 "ZumoDrive" = ZumoDrive ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "JoinMe" = join.me "QIP 2010" = QIP 2010 10.8.12.4000 "SOE-Vanguard" = Vanguard "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.07.2012 05:18:10 | Computer Name = Loken-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Smite.exe, Version: 0.1.954.0, Zeitstempel: 0x4ff72be3 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e211319 Ausnahmecode: 0x00000001 Fehleroffset: 0x0000b9bc ID des fehlerhaften Prozesses: 0x10e8 Startzeit der fehlerhaften Anwendung: 0x01cd5ce99f11ab91 Pfad der fehlerhaften Anwendung: D:\games\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: d5cb4707-c8dd-11e1-9672-005056c00008 Error - 08.07.2012 05:18:15 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002 Description = Programm Smite.exe, Version 0.1.954.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10e8 Startzeit: 01cd5ce99f11ab91 Endzeit: 360 Anwendungspfad: D:\games\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe Berichts-ID: Error - 10.07.2012 12:13:50 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002 Description = Programm javaw.exe, Version 6.0.250.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1824 Startzeit: 01cd5e8086ed5d0b Endzeit: 44 Anwendungspfad: C:\Program Files\Java\jre6\bin\javaw.exe Berichts-ID: Error - 10.07.2012 15:12:49 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002 Description = Programm TheSecretWorldDX11.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1774 Startzeit: 01cd5eb72195a5e5 Endzeit: 1537 Anwendungspfad: D:\games\The Secret World\TheSecretWorldDX11.exe Berichts-ID: Error - 13.07.2012 08:44:55 | Computer Name = Loken-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 17.07.2012 11:54:55 | Computer Name = Loken-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 17.07.2012 12:45:47 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002 Description = Programm taskmgr.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bfc Startzeit: 01cd643b7fa6f242 Endzeit: 4 Anwendungspfad: C:\Windows\system32\taskmgr.exe Berichts-ID: d785ddbf-d02e-11e1-a0d4-005056c00008 Error - 17.07.2012 19:41:07 | Computer Name = Loken-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MaxPayne3.exe, Version: 1.0.0.17, Zeitstempel: 0x4fc81bbe Name des fehlerhaften Moduls: MaxPayne3.exe, Version: 1.0.0.17, Zeitstempel: 0x4fc81bbe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00ae65cb ID des fehlerhaften Prozesses: 0x218c Startzeit der fehlerhaften Anwendung: 0x01cd645fe483fd12 Pfad der fehlerhaften Anwendung: E:\Games\Max Payne 3\MaxPayne3.exe Pfad des fehlerhaften Moduls: E:\Games\Max Payne 3\MaxPayne3.exe Berichtskennung: e0d5ce8e-d068-11e1-a0d4-005056c00008 Error - 19.07.2012 07:47:19 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002 Description = Programm WinSCP.exe, Version 4.3.4.1428 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ca0 Startzeit: 01cd65a3e34dd36b Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\WinSCP\WinSCP.exe Berichts-ID: 7c405437-d197-11e1-b46f-005056c00008 Error - 19.07.2012 12:27:28 | Computer Name = Loken-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.54.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17a4 Startzeit: 01cd65c9dd782b57 Endzeit: 2 Anwendungspfad: C:\Users\Loken\Desktop\OTL.exe Berichts-ID: 9ee2959f-d1be-11e1-8f94-005056c00008 [ System Events ] Error - 12.07.2012 12:31:16 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12.07.2012 12:31:23 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.07.2012 03:44:24 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 15.07.2012 13:54:39 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 16.07.2012 16:11:37 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 17.07.2012 03:21:09 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.07.2012 02:04:06 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.07.2012 05:42:39 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 19.07.2012 10:33:04 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 20.07.2012 12:01:04 | Computer Name = Loken-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Grüße Chris |
25.07.2012, 19:59 | #4 | |
/// Malware-holic | Trojaner der Webseitenaufruf verhindert? sorry für die wartezeit Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.07.2012, 14:32 | #5 |
| Trojaner der Webseitenaufruf verhindert? hey, gar kein problem! hier die logfile von combofix! [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-27.01 - Loken 26.07.2012 15:22:09.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8190.6301 [GMT 2:00] ausgeführt von:: c:\users\Loken\Desktop\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\kikin c:\program files (x86)\kikin\default_settings.xml c:\program files (x86)\kikin\file_list.txt c:\program files (x86)\kikin\ie_kikin.dll c:\program files (x86)\kikin\KikinBroker.exe c:\program files (x86)\kikin\KikinCrashReporter.exe c:\program files (x86)\kikin\uninst.exe c:\users\Loken\ace_uninstaller.exe c:\users\Loken\AppData\Roaming\inst.exe c:\users\Loken\AppData\Roaming\kikin c:\users\Loken\AppData\Roaming\kikin\ff_configuration.xml c:\users\Loken\AppData\Roaming\kikin\ff_kkes.xml c:\users\Loken\AppData\Roaming\kikin\ff_settings.xml c:\users\Loken\AppData\Roaming\kikin\ie_configuration.xml c:\users\Loken\AppData\Roaming\kikin\ie_kkes.xml c:\users\Loken\AppData\Roaming\kikin\ie_settings.xml c:\users\Loken\AppData\Roaming\kikin\kikin_updater_2.4.15.exe c:\users\Loken\AppData\Roaming\kikin\kikin_updater_2.9.1.exe D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-26 bis 2012-07-26 )))))))))))))))))))))))))))))) . . 2012-07-26 13:27 . 2012-07-26 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-25 20:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C8F0597-64EF-4543-92B2-B56CE8F7EBB0}\mpengine.dll 2012-07-24 08:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-23 16:42 . 2012-07-23 16:42 -------- d-----w- c:\users\Loken\AppData\Local\FalloutNV 2012-07-21 11:03 . 2012-07-21 11:03 -------- d-----w- c:\programdata\ATI 2012-07-21 11:00 . 2012-07-21 11:00 -------- d-----w- c:\program files (x86)\AMD AVT 2012-07-21 11:00 . 2012-07-21 11:00 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-21 11:00 . 2012-07-21 11:00 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-07-21 11:00 . 2012-07-21 11:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-07-21 10:57 . 2012-07-21 10:57 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-07-21 10:57 . 2012-07-21 10:57 -------- d-----w- c:\program files\ATI 2012-07-21 00:48 . 2012-07-21 00:48 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-07-19 15:22 . 2012-07-19 15:22 -------- d-----w- c:\users\Loken\AppData\Roaming\Malwarebytes 2012-07-19 15:21 . 2012-07-19 15:21 -------- d-----w- c:\programdata\Malwarebytes 2012-07-19 15:21 . 2012-07-19 15:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-19 15:21 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-19 14:49 . 2012-07-19 15:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-19 14:49 . 2012-07-19 15:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-07-19 13:36 . 2012-07-19 13:36 -------- d-----w- c:\users\Loken\AppData\Local\Apps 2012-07-19 09:38 . 2011-12-19 10:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-07-19 09:38 . 2011-12-19 11:21 45936 ----a-w- c:\windows\system32\sbbd.exe 2012-07-19 09:38 . 2011-10-26 12:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys 2012-07-19 09:38 . 2012-07-19 09:38 -------- d-----w- c:\programdata\Lavasoft 2012-07-19 09:37 . 2012-07-19 09:43 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2012-07-19 09:37 . 2012-07-19 09:37 -------- d-----w- c:\users\Loken\AppData\Local\adawarebp 2012-07-19 09:34 . 2012-07-19 16:15 -------- d-----w- c:\users\Loken\AppData\Roaming\Ad-Aware Antivirus 2012-07-17 20:24 . 2012-07-17 20:24 -------- d-----w- c:\programdata\Rockstar Games 2012-07-12 00:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 17:16 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-06 10:19 . 2012-07-19 06:11 -------- d-----w- c:\users\Loken\AppData\Local\Thunderbird 2012-07-06 10:19 . 2012-07-06 10:19 -------- d-----w- c:\users\Loken\AppData\Roaming\Thunderbird 2012-07-06 10:18 . 2012-07-19 11:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2012-07-05 15:57 . 2012-07-05 15:57 -------- d-----w- c:\program files (x86)\Oracle 2012-07-03 20:50 . 2012-02-11 09:37 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6FDC9AF-B7F6-46E3-B2E4-087CA3DF3DC0}\gapaengine.dll 2012-07-03 10:12 . 2012-07-03 10:12 -------- d-----w- c:\users\Loken\AppData\Local\Funcom 2012-07-03 10:12 . 2012-07-03 10:12 -------- d-----w- c:\programdata\media center programs 2012-06-28 12:59 . 2012-07-19 09:23 -------- d-----w- c:\users\Loken\AppData\Local\Spoon 2012-06-28 12:59 . 2012-06-28 12:59 -------- d-----w- c:\users\Loken\AppData\Local\Xenocode . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 00:53 . 2010-08-14 16:56 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-12 18:09 . 2012-06-12 18:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-12 18:09 . 2011-05-21 14:46 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-10-12 20:13 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-10-12 19:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2010-07-07 01:15 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-02 22:19 . 2012-06-24 11:55 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-24 11:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-24 11:55 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-24 11:55 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-24 11:55 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-24 11:55 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-24 11:55 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-24 11:55 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-24 11:55 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-10 14:35 . 2012-05-10 14:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll 2012-05-10 14:35 . 2012-05-10 14:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll 2012-05-04 17:29 . 2012-05-31 18:09 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-04 17:29 . 2010-08-15 13:34 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-13 23:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 23:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 23:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 19:52 . 2010-10-05 13:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-05-01 19:52 . 2010-10-05 13:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-01 19:52 . 2010-10-05 13:05 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-05-01 05:40 . 2012-06-13 23:59 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 05:32 . 2012-06-13 23:59 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-04-28 03:55 . 2012-06-13 23:59 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9ab12757-bdaf-4f9a-8de8-413c3615590c}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Loken\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-07 9919104] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-10-19 1807360] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976] R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952] R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176] R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-11 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-11 79360] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-03-04 82816] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-11-13 11839488] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 834544] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs64.sys [2010-09-08 191960] S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-05-11 20968] S2 lxbk_device;lxbk_device;c:\windows\SysWOW64\lxbkcoms.exe [2008-02-19 565928] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168] S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 21:21] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 21:21] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000Core.job - c:\users\Loken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 13:15] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1970983249-3038457689-1220004006-1000UA.job - c:\users\Loken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-04 13:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-08 03:16 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-08 03:16 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-08 03:16 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-08 03:16 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-08 03:16 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll LSP: %SystemRoot%\system32\vsocklib.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Loken\AppData\Roaming\Mozilla\Firefox\Profiles\b7hssp2t.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 5a7f0fd200000000000000ff0fd4309c FF - user.js: extensions.BabylonToolbar_i.hardId - 5a7f0fd200000000000000ff0fd4309c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15448 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:12 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-RAGE LEAKED PATCH CRASHFIX 1.00 - d:\downloads\RAGE\Rage.LEAKED.GOLD.MASTER-iND\Rage\Uninstall.exe AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL5] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1970983249-3038457689-1220004006-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:99,3c,9a,ca,ef,01,b4,2c,b9,ce,0d,dd,6d,1a,50,09,b5,c0,7e,ae,46,54,58, d4,c2,f8,8b,c0,e8,b5,83,fa,27,35,4f,c2,1f,f6,68,23,9d,40,8e,36,bf,39,4f,2e,\ "??"=hex:7d,15,45,7b,78,d6,2a,92,1c,6a,31,7b,ae,12,63,a4 . [HKEY_USERS\S-1-5-21-1970983249-3038457689-1220004006-1000\Software\SecuROM\License information*] "datasecu"=hex:53,df,6a,9b,f4,a9,11,0f,86,63,6e,08,e8,2c,71,78,b9,22,29,d3,a2, 65,94,72,13,17,90,30,cb,14,b7,2d,d3,0b,d6,ba,db,f4,91,2e,3c,08,90,4c,1a,52,\ "rkeysecu"=hex:b2,d4,dd,60,2f,2e,9c,01,fa,09,9e,87,00,69,61,cb . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-07-26 15:29:25 ComboFix-quarantined-files.txt 2012-07-26 13:29 . Vor Suchlauf: 18 Verzeichnis(se), 34.954.100.736 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 34.726.756.352 Bytes frei . - - End Of File - - C9BCBFC8FD064E7E0DA8EA48A0D3CA10 lg chris |
26.07.2012, 16:50 | #6 |
/// Malware-holic | Trojaner der Webseitenaufruf verhindert? dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [resethosts] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ --> Trojaner der Webseitenaufruf verhindert? |
26.07.2012, 21:25 | #7 |
| Trojaner der Webseitenaufruf verhindert? Hey, Code:
ATTFilter ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Loken ->Flash cache emptied: 5256 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Loken ->Temp folder emptied: 8528199 bytes ->Temporary Internet Files folder emptied: 38614370 bytes ->Java cache emptied: 11600558 bytes ->FireFox cache emptied: 74428319 bytes ->Google Chrome cache emptied: 209342643 bytes ->Apple Safari cache emptied: 20407296 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 602112 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15891 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 347,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.54.0 log created on 07262012_221804 Files\Folders moved on Reboot... C:\Users\Loken\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SYSTEM-2441655442\vmauthd.log moved successfully. C:\Windows\temp\vmware-SYSTEM-2441655442\vmware-usbarb-SYSTEM-2148.log moved successfully. PendingFileRenameOperations files... File C:\Users\Loken\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Windows\temp\vmware-SYSTEM-2441655442\vmauthd.log not found! File C:\Windows\temp\vmware-SYSTEM-2441655442\vmware-usbarb-SYSTEM-2148.log not found! Registry entries deleted on Reboot... |
27.07.2012, 21:49 | #8 |
/// Malware-holic | Trojaner der Webseitenaufruf verhindert? was ist mit dem webseiten aufruf, möglich?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.07.2012, 20:51 | #9 |
| Trojaner der Webseitenaufruf verhindert? hey, ja komme wieder drauf! Danke dir! kann man sagen an was es lag? lg chris |
30.07.2012, 17:53 | #10 |
| Trojaner der Webseitenaufruf verhindert? Hey, es ging nur eine gewisse zeit lang. Seite scheint nur sporadisch erreichbar zu sein. |
30.07.2012, 18:24 | #11 |
/// Malware-holic | Trojaner der Webseitenaufruf verhindert? tritt das problem bei allen browsern auf?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2012, 19:02 | #12 |
| Trojaner der Webseitenaufruf verhindert? jep tut es! |
30.07.2012, 19:37 | #13 |
/// Malware-holic | Trojaner der Webseitenaufruf verhindert? dann machen wir das teil neu. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2012, 20:21 | #14 |
| Trojaner der Webseitenaufruf verhindert? Hm habs befürchtet naja trotzdem danke für diene mühen ich werde mir dann aber erst ne SSD zulegen und dann neu aufsetzen |
Themen zu Trojaner der Webseitenaufruf verhindert? |
andere, anderen, antivirus, aufruf, aufrufe, aufrufen, eintrag, firewall, folge, folgendes, hallo zusammen, hosts, mögliche, möglichen, nicht mehr, nichts, seite, seiten, software, troja, trojaner, verhindert, versucht, webseite, win, zusammen |