|
Plagegeister aller Art und deren Bekämpfung: Polizei VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.08.2012, 14:17 | #1 |
| Polizei Virus Hallo liebes Team... Habe mir heute Vormittag den "Polizei-Virus" eingefangen. Sobald der Pc eine Internetverbindung aufbaut wird der Bildschirm weiß und es kommt die bekannte Seite + Webcam von mir... Ich habe OTL schon mal wie beschrieben benutzt...OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 8/31/2012 3:06:21 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mano\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.48 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.95% Memory free 6.96 Gb Paging File | 5.59 Gb Available in Paging File | 80.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 53.36 Gb Free Space | 37.71% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 140.91 Gb Free Space | 99.59% Space Free | Partition Type: NTFS Drive F: | 477.11 Mb Total Space | 476.45 Mb Free Space | 99.86% Space Free | Partition Type: FAT Computer Name: MT | User Name: Mano | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mano\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe () PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () PRC - C:\Program Files\Logitech\SetPoint II\SetpointII.exe (Logitech Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Windows\System32\Rezip.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Mano\AppData\Roaming\BAcroIEHelpe205.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={48F6A216-23B1-4211-9927-3F2385AAE65E}&mid=a016ff37fffb193b7463f4f350f1c4d1-8a2325216bd74743ebe55d84b2c4faf227962e55&lang=de&ds=AVG&pr=fr&d=2012-05-31 19:58:49&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 16:24:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/08/29 16:56:36 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [Userinit] C:\Users\Mano\AppData\Roaming\appConf32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.33.216.3 193.33.216.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FA2DFDC-D610-43F2-A0F6-461FC7CCBA84}: DhcpNameServer = 193.33.216.3 193.33.216.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5FFB13-942A-4BFE-8062-4E8F59AD1F02}: DhcpNameServer = 193.33.216.3 193.33.216.4 78.46.105.56 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c3de0f4-3048-11df-9b32-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{1c3de0f4-3048-11df-9b32-0024545f8488}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{40f3abb5-2dfb-11df-b380-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{40f3abb5-2dfb-11df-b380-0024545f8488}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{40f3abbc-2dfb-11df-b380-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{40f3abbc-2dfb-11df-b380-0024545f8488}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5c463b88-3d51-11df-b0a4-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{5c463b88-3d51-11df-b0a4-0024545f8488}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/31 15:04:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mano\Desktop\OTL.exe [2012/08/29 16:56:19 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012/08/29 16:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012/08/29 16:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2012/08/29 16:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [1 C:\Users\Mano\AppData\Roaming\*.tmp files -> C:\Users\Mano\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/31 15:02:24 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mano\Desktop\OTL.exe [2012/08/31 14:21:46 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/31 14:21:46 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/31 14:14:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/31 14:14:34 | 2804,121,600 | -HS- | M] () -- C:\hiberfil.sys [2012/08/31 13:03:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012/08/31 13:03:48 | 000,198,200 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\AcroIEHelpe205.dll [2012/08/31 13:03:48 | 000,007,424 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe205.dll [2012/08/31 13:03:37 | 000,000,017 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\blckdom.res [2012/08/31 07:11:07 | 105,388,475 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm [2012/08/31 07:05:02 | 000,001,893 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/08/30 17:01:09 | 000,198,288 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\AcroIEHelpe204.dll [2012/08/30 06:55:12 | 000,007,600 | ---- | M] () -- C:\Users\Mano\AppData\Local\Resmon.ResmonCfg [2012/08/29 17:09:29 | 000,246,932 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm [2012/08/29 17:08:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/08/29 16:56:19 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys [2012/08/29 16:39:55 | 000,000,600 | ---- | M] () -- C:\Users\Mano\AppData\Local\PUTTY.RND [2012/08/20 12:09:05 | 000,006,400 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe195.dll [2012/08/17 17:15:12 | 000,006,400 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe193.dll [2012/08/14 09:36:25 | 000,000,437 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\urhtps.dat [2012/08/12 09:34:54 | 000,027,520 | ---- | M] () -- C:\Users\Mano\AppData\Local\dt.dat [1 C:\Users\Mano\AppData\Roaming\*.tmp files -> C:\Users\Mano\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/31 13:03:48 | 000,198,200 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\AcroIEHelpe205.dll [2012/08/31 13:03:48 | 000,007,424 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe205.dll [2012/08/31 07:05:02 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012/08/31 07:05:02 | 000,001,893 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/08/30 17:01:09 | 000,198,288 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\AcroIEHelpe204.dll [2012/08/29 16:40:39 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/08/24 12:47:21 | 000,000,017 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\blckdom.res [2012/08/20 12:09:05 | 000,006,400 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe195.dll [2012/08/17 17:15:12 | 000,006,400 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe193.dll [2012/08/12 09:34:54 | 000,027,520 | ---- | C] () -- C:\Users\Mano\AppData\Local\dt.dat [2012/06/24 16:57:00 | 000,007,224 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe148.dll [2012/06/22 13:24:48 | 000,007,224 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe147.dll [2012/06/14 17:23:39 | 000,000,437 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\urhtps.dat [2012/05/19 18:14:06 | 000,007,600 | ---- | C] () -- C:\Users\Mano\AppData\Local\Resmon.ResmonCfg [2011/08/05 18:35:07 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi [2011/06/14 08:52:36 | 000,164,864 | ---- | C] () -- C:\windows\System32\UNWISE32.EXE [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat [2011/03/07 08:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/02/11 14:52:28 | 000,000,092 | ---- | C] () -- C:\Users\Mano\AppData\Local\fusioncache.dat [2010/12/06 11:09:34 | 000,000,021 | ---- | C] () -- C:\windows\NP_WSNMP.INI [2010/09/19 09:27:41 | 000,069,632 | ---- | C] () -- C:\windows\System32\xmltok.dll [2010/09/19 09:27:41 | 000,036,864 | ---- | C] () -- C:\windows\System32\xmlparse.dll [2010/09/12 13:15:23 | 000,000,600 | ---- | C] () -- C:\Users\Mano\AppData\Local\PUTTY.RND [2010/03/08 20:38:51 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2008/12/09 17:23:13 | 000,050,640 | RHS- | C] () -- C:\Users\Mano\AppData\Roaming\appConf32.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > --- --- ---OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 8/31/2012 3:06:21 PM - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mano\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.48 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.95% Memory free 6.96 Gb Paging File | 5.59 Gb Available in Paging File | 80.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 53.36 Gb Free Space | 37.71% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 140.91 Gb Free Space | 99.59% Space Free | Partition Type: NTFS Drive F: | 477.11 Mb Total Space | 476.45 Mb Free Space | 99.86% Space Free | Partition Type: FAT Computer Name: MT | User Name: Mano | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B177F20-CE4F-441A-A0F4-CCF05A4D4759}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0C8E486C-9C2A-4A77-BD46-539FBDA22073}" = rport=139 | protocol=6 | dir=out | app=system | "{1156CA09-7C9C-47BE-882C-29F228C90FF4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{16675751-CA47-4AFC-B953-E704E17060A9}" = lport=139 | protocol=6 | dir=in | app=system | "{1843E06E-9E8E-436C-88BD-71544FF85B57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19F56E30-3C5A-4F05-8C86-D40AC14CE5AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{253792DD-E9B0-453C-ABEA-BDBB0E5E5939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2F2B17C3-26DF-46EE-B281-FEE8B12244ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{355A8CD2-A7DB-4CED-AD95-BA3D57D3BC2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{41B4E18D-50C1-488B-BA07-A1E1BD0DB0B1}" = rport=138 | protocol=17 | dir=out | app=system | "{4F76720F-902B-483D-B5D5-135275C88298}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5E5F6BC7-4F52-4A49-9951-7FEB7DC71BAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{603AD2C4-51D2-4BB6-ACB1-C96C7D79A001}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6878F091-C627-4810-BC2F-661B31F1EC89}" = lport=138 | protocol=17 | dir=in | app=system | "{861B7333-3EA5-4EE3-8185-534BBA08ABA8}" = lport=2869 | protocol=6 | dir=in | app=system | "{8661D5A4-6BD1-4B8C-9E3C-157C8BCFA0F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9642B528-7F33-48F9-AB59-0D77BE57CA66}" = lport=10243 | protocol=6 | dir=in | app=system | "{9719780F-68EC-43EE-AFE2-336E92928E11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98121565-74F0-4844-88CE-9ABE38B6C541}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9B010BB7-348B-4D62-8D47-51EEAEBA9357}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A311DEF6-2A45-4486-BEC2-AD54D6EF8386}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A73D542D-83B9-42CD-A3FB-66912C4EB25C}" = lport=137 | protocol=17 | dir=in | app=system | "{AD995203-00B5-45E8-A048-3FAD9B2E6E6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AFF46CB4-3ABC-4A38-85D6-38038164D7B1}" = lport=445 | protocol=6 | dir=in | app=system | "{BBFB6EAC-ACAA-4BB0-B470-9A657A80C8E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BF308638-DFFF-4F18-B0AF-80FE1804B9E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CC18C3CD-B951-42A0-AD04-5D2A77660C27}" = lport=2869 | protocol=6 | dir=in | app=system | "{D2D46A13-940E-4528-B282-054F5366087F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DB36E0FB-32A9-4594-BD5E-0457C9F2A190}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E7AA3BDC-F00C-481A-9951-59C4334E612F}" = rport=137 | protocol=17 | dir=out | app=system | "{FD522306-EC50-4012-BC1C-E78F4B5E9A52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FD919DB6-D9AA-4E66-8F60-F35919167BD5}" = rport=10243 | protocol=6 | dir=out | app=system | "{FDB0FF1B-98C5-48BE-9D95-0326EB7566C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FFB7C89B-1025-4A85-9E65-F1EAB125B96A}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06AA7F40-7EEA-4933-BE49-897B7044C56E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{0AB41913-F339-4F95-82C1-8ED8F9001C6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0AD9BAB0-B42E-47E7-8336-0700868E8452}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{12F4A2D0-C0C6-46C7-9F7E-064D380E5A1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{13DB1F5C-528A-4CAD-96AD-2F9179C1AD03}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{15530102-1E9B-4D89-A156-5F39FE2DB576}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{156DB0DA-BFBB-4302-90DE-748B308DEFB0}" = protocol=6 | dir=out | app=system | "{1598A42B-853B-4835-B12A-98664CFF42B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{15E7C24C-3A65-4C73-90E5-F1672F9CF8F7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{173EC77C-4C36-473E-B850-9B4E7BA7964F}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{1781821E-4A40-4321-8F06-A69498B6B294}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{19998555-CEE3-4EE3-8920-7EBF8C0C72C1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{19F7F675-CBFB-45E8-A750-DF890BF61D6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{25961FEB-1F9D-4560-8AA2-84783AEFB646}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{28234ADB-BCB7-498B-AAF8-2C26C6B893DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2B8E2521-5337-4024-A1D7-983EAB902AD3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{2C496415-2025-4A35-8D3B-C9E64629EBDE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2DF8C9A4-D2A7-4AFB-B08E-A643E67E1CA9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{311F057B-AE0C-4B21-AFD1-9EABFCE1F7E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{322A756C-36EA-4AFA-A881-C7A727790CD3}" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.exe | "{35ADF4A4-AA19-45D9-B26B-54E46F7D0012}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{36037549-E306-43D4-9CF2-46821AAE5807}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{3ADE7E31-F885-4646-B16E-2AF027B58CD1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{40BFE9AE-7053-4676-8E85-DFD47137B007}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{44B8A8A1-F107-4A68-8025-250C450F32A3}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | "{452BD140-A35F-4223-9C75-58447AB47DF8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4622D736-CE1F-4612-A073-172BEE4A4DEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{46F99C3B-70FC-4C95-A1CF-D0E6E0F991DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{492B79A4-6747-4F66-B6C7-358890A51575}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{4E7F0EE7-7F2F-4D4C-A5E6-123A43CB170A}" = protocol=17 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{4F22453F-4329-4EC3-812E-B64D5BD03102}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | "{549ACCA2-1EF0-406E-9F3F-22CA0D0A0EE4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{54ECB8E5-2A31-4299-98B7-F7781574306B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{55116B90-3269-4773-815E-B6EEF26CDEC2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{5DA0426B-571B-43F9-99E9-CD1A4BFF3D6C}" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.exe | "{5F0E149C-36C9-4B23-9806-A4AC0DF1E076}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{5F12DE26-74CB-420B-98AA-9A3B9EAD6CEA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{60681A24-D375-4DE2-88B3-6E93B0B36DDB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{61BC4060-2AD9-4EBD-BB5F-FB8E769DA461}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{63F1C0A3-73C1-4460-997B-3C02559FA60B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{64606CCC-5BF4-47FB-86DD-A0C3552DA641}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{680B71FE-CFED-4A8B-BE09-46BAC6817974}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6A47EBCA-3517-44C5-83CD-0D4DD5DDF682}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6D88003B-487B-4258-8805-1B183E1C58A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{806A04CA-B5B5-46AD-80B4-549F069DE125}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{816E28F7-9E3D-4A38-9A77-1ABD716BB74E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{84173137-6164-4C3D-B7CF-5D44E645262B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8F9DB655-2476-442F-8C21-3D9BBF49DC61}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{96338F80-9FFB-49F1-A247-85F464C4A83C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96D3D80F-43B6-42D2-8E48-023003A52D07}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{97AC277F-A562-47E2-B754-1E7456B6B2F1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{9F09090A-94BF-48D7-97DC-4861F94DB4F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A24B36EC-8021-4BE7-8B0F-64F33DDB00AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{A588480F-5486-4941-A565-79F9F4695CBE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{A5E89039-9ED8-4775-8F55-FD126C0F8748}" = protocol=6 | dir=in | app=c:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | "{A72E64D4-A417-4C65-9844-6062109CD4A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{A730AF9E-69A5-4FA2-AE7C-B5167E60FACE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{AC9A0804-4F3E-42FD-9944-FBBC49A0DF91}" = protocol=17 | dir=in | app=c:\program files\bob\bob internet zugangssoftware\bob_mobile_installer.exe | "{AD495218-8767-4419-8981-6F35BCD7A0ED}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{AD719E50-78E8-4E44-B4ED-E1BF02300621}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B415FC0C-B4D1-4BAC-A6E7-D8C8E66378B8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{B4E77D6C-EAE0-4AE9-B1B5-AC3F339C1EFC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{BA8676E3-5366-46AC-9927-A1F4A572024C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{BADBDD9D-6661-41C1-9EFE-4FC484E52DED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BD81D972-BAA7-4623-A521-F2C19C4459B3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{C18DE0C6-263B-411F-811F-BD063088861C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{C3ADE3DD-6E9A-4EAF-AF1B-AEF4B22B79E0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{C5555445-609E-4F03-A256-428FB98E9D32}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{C6E51408-C4B7-4346-BDFC-9BC33D65041C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{C9F73088-E29F-44B5-9F2B-A1F19272B702}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD124D17-0791-405E-8352-AD32026A54A5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CDB915F8-9652-4F78-89DA-CA82E279D1A9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{CF4B27E3-D367-4C76-8AAB-ED73EF1DAD73}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{D46E50F7-B078-4978-B935-E6A4913F957F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{D67C0338-1F11-4EEF-AFA3-2AAC7445DC45}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{DA28D3BB-09E6-43F8-8193-FD49DCEB31E7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{DA3D304B-0C99-498C-8A97-0E5A74054D9D}" = protocol=6 | dir=in | app=c:\program files\bob\bob internet zugangssoftware\bob_mobile_installer.exe | "{DC84AC89-D39B-43A3-AC83-0C4F65ADCCFC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{DEDAE390-F568-4D2C-BE39-777F8BC51C34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E1067D43-6534-49D1-B406-A0B7480DD97D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E30DB952-C163-48FA-8125-CCAC1F5DEB7D}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | "{F4D65990-29E5-4018-A843-52FDE7AC9B8C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | "{F9A0EC24-58F4-42E0-8A50-85FB808E4999}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{FA9FC128-ADFD-4FB9-8A57-411E418D0F5F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{FEC2D295-AFCB-4CDF-B9E4-AB1BF861F96F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{0B2887BE-51FB-4C38-863E-A50093E9A4A4}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | "TCP Query User{1492EE8A-FE11-4371-A16C-C2F5AED4B5EF}C:\users\mano\desktop\manuel\firma\catv\stormwatch-ii\stormwatch_ii.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\firma\catv\stormwatch-ii\stormwatch_ii.exe | "TCP Query User{18C265B0-02D0-4ADC-8510-A041107EB9A3}C:\users\mano\desktop\world of warcraft original\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "TCP Query User{1D3DF479-ED71-42E7-8EAD-C1250EBDA052}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{1D8127B6-D9AC-4CBF-97A3-133878D09629}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{30276F48-1B11-4F76-A4D0-B70538B0CDCA}C:\program files\3com\cable management system\camgr.exe" = protocol=6 | dir=in | app=c:\program files\3com\cable management system\camgr.exe | "TCP Query User{3C249382-77A6-4556-A11F-B14C6D43D394}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{3D489E41-B2AF-4162-8789-28D027636847}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{42B6C5D2-C270-4BA5-95A7-1E7D0D9639BD}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | "TCP Query User{51F8CD7C-F710-4812-B97F-27FED9017908}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{53CDCD7D-755E-47DC-BA29-E6089A88F468}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "TCP Query User{5494A950-019F-4F19-931E-A53617FB1DDC}C:\users\mano\desktop\manuel\world of warcraft original\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\launcher.patch.exe | "TCP Query User{54FB0080-94C4-44B6-8A59-E9293903B945}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "TCP Query User{5C4B192B-E161-480F-98C0-323B4D2A3421}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | "TCP Query User{6B25D714-90E3-4DE5-80AD-025BC6C4D1F1}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe | "TCP Query User{7124A7C0-69EE-49DD-8547-2DD6538FBB69}C:\users\mano\desktop\manuel\world of warcraft original\launcher.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\launcher.exe | "TCP Query User{76695CD8-B9D1-4737-9085-4B7386FF0A84}C:\program files\3com\cable management system\camgr.exe" = protocol=6 | dir=in | app=c:\program files\3com\cable management system\camgr.exe | "TCP Query User{7CFE63DE-CD0A-46A3-BF69-2A810F56C2B3}C:\program files\loxone\loxplan\loxplan.exe" = protocol=6 | dir=in | app=c:\program files\loxone\loxplan\loxplan.exe | "TCP Query User{894DC13A-7442-423E-9572-867CBDBFEAED}C:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "TCP Query User{9AAFE5C0-F9A2-40F1-A4AE-FD17F8845BE0}C:\users\mano\desktop\world of warcraft original\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.patch.exe | "TCP Query User{9EB08299-C913-4648-A201-F271D2981E05}C:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe | "TCP Query User{A3AA06F7-5EBA-4850-B320-30073197128E}I:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=i:\spiele\dragon age\bin_ship\daorigins.exe | "TCP Query User{A645B2BD-EF6B-471E-85D0-A990B1549428}C:\users\mano\desktop\manuel\world of warcraft original\launcher.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\launcher.exe | "TCP Query User{A8E70533-A550-462B-A52B-119E25CF719B}C:\users\mano\desktop\world of warcraft original\launcher.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.exe | "TCP Query User{ACBA0F0E-BD5A-466D-A77D-120D54C43B93}C:\users\mano\desktop\manuel\world of warcraft original\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\backgrounddownloader.exe | "TCP Query User{ACE299A0-3579-469C-A215-FF648346876E}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{B4119D20-ED33-4F71-80CA-0C0A29A33D79}I:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=i:\spiele\anno 1404\tools\anno4web.exe | "TCP Query User{B589E429-C81B-4629-9DCB-AE10A3CCA0FC}C:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe | "TCP Query User{B5ECF582-0F35-4E6B-AA62-3113D8DC68C2}C:\users\mano\desktop\manuel\spiele\counter-strike 1.6 v35\hl.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\spiele\counter-strike 1.6 v35\hl.exe | "TCP Query User{BA1F02CE-E61D-46CD-9C60-4D0A26474387}C:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "TCP Query User{BB4D74DF-801A-4096-B810-FEA16856F1FF}C:\users\mano\desktop\manuel\firma\stormwatch-ii\stormwatch_ii.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\firma\stormwatch-ii\stormwatch_ii.exe | "TCP Query User{C6F187FF-96AD-40AA-A740-5A7308EFDD6E}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{CC260E19-F5BA-4A91-A47D-A89C63AF7035}C:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2317-enus-tools-downloader.exe | "TCP Query User{CEC75B6F-40DF-4A67-8AD3-A09C2D3C8940}C:\users\mano\desktop\world of warcraft original\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.patch.exe | "TCP Query User{D300014B-BEBD-4060-AC9A-31B5AF221AFF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D62BFF9D-7FE4-4D29-8D60-C09B787A663B}C:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "TCP Query User{D973CA0E-3076-4DAB-9615-8A201F5A9A4E}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{EC374A3D-8AB9-4251-A2AB-C0164F707831}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe | "TCP Query User{F8F5E9E1-1C50-41B4-9E11-24C875383AEB}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "TCP Query User{FA38C9AB-2EC0-47FF-85D3-73E9B2CF546E}I:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=i:\spiele\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{0CB84179-358B-4DCE-BB2B-C4CFE1044C28}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{0E30C8E5-B9A6-4D17-ABAB-81336A22BDB5}C:\program files\loxone\loxplan\loxplan.exe" = protocol=17 | dir=in | app=c:\program files\loxone\loxplan\loxplan.exe | "UDP Query User{16CB2727-3479-400D-BC73-7F0C58DF0C44}C:\users\mano\desktop\manuel\world of warcraft original\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\backgrounddownloader.exe | "UDP Query User{1DD6A5A6-2612-47AE-8032-4095C158E408}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | "UDP Query User{1E2D7EE3-3EE9-4890-BC36-8100B866D7D3}C:\users\mano\desktop\manuel\world of warcraft original\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\launcher.patch.exe | "UDP Query User{24C8FFCA-4B1C-450F-B8CD-C2C795A7DBBF}C:\users\mano\desktop\manuel\firma\stormwatch-ii\stormwatch_ii.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\firma\stormwatch-ii\stormwatch_ii.exe | "UDP Query User{2761F93C-1F97-42AB-BF6A-348674C7AB6D}C:\users\mano\desktop\world of warcraft original\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.patch.exe | "UDP Query User{2D375A07-FE18-48D3-A920-2AFB68B2C380}C:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe | "UDP Query User{2EAA2744-1270-4AFB-AA0A-C48035181480}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{45DBE427-4CF1-41A0-82FB-8021417D3671}C:\users\mano\desktop\world of warcraft original\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "UDP Query User{486B953B-AF86-444E-805E-459EAD76BC5E}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{48ECBA98-E2FB-4CE6-BB03-3082B58ABCBB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{4D608D77-8CA8-4026-864E-A8F04747E2FC}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{51643AB6-213D-4859-A61A-6E6F741167E3}C:\users\mano\desktop\manuel\firma\catv\stormwatch-ii\stormwatch_ii.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\firma\catv\stormwatch-ii\stormwatch_ii.exe | "UDP Query User{55C4BCF3-7C3C-4AAB-A644-44409B9DB24F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{59F8F501-2C2A-4182-8C3B-EEB1B27681ED}C:\users\mano\desktop\manuel\world of warcraft original\launcher.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\launcher.exe | "UDP Query User{6035EE26-221E-41DE-B46C-1E17094F64E5}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "UDP Query User{7481357F-7B06-44D5-ADE8-1176793391B4}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | "UDP Query User{77C0EF74-9948-492C-8C74-F94B5761EE9F}C:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "UDP Query User{782C4274-C03D-4D2F-BA8B-AE67B0FCB51D}C:\program files\3com\cable management system\camgr.exe" = protocol=17 | dir=in | app=c:\program files\3com\cable management system\camgr.exe | "UDP Query User{79B10DB6-6248-4B68-A488-797F65B7B8F0}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | "UDP Query User{84A8F41F-F1C3-48E9-8E9A-8F8E03A7EF01}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{8EB6A658-2106-42BF-8C52-55F4EC9B988E}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{99882702-AF97-4A5A-8B5E-2A6824300C5D}C:\users\mano\desktop\world of warcraft original\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.patch.exe | "UDP Query User{A33FF4B7-BDAD-486E-AAFF-448AB6BFFA0A}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "UDP Query User{AFB99FFB-5F95-467E-A801-064FE5BFA97F}I:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=i:\spiele\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{BAA67BB4-D69C-4472-9568-968301E9B01B}C:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\backgrounddownloader.exe | "UDP Query User{D3627676-6726-42DC-ADB0-F73D05BF767E}C:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "UDP Query User{D8410846-A92A-48E2-BFFB-44EFC0D3559C}C:\users\mano\desktop\manuel\spiele\counter-strike 1.6 v35\hl.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\spiele\counter-strike 1.6 v35\hl.exe | "UDP Query User{DB5F268F-3A62-4283-B64A-8A3195BD8B55}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{E28BC0A0-0EFD-48DB-9D50-562EF6A87DDE}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe | "UDP Query User{E28E6165-A7D1-42A2-8B74-A52C8352180E}I:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=i:\spiele\anno 1404\tools\anno4web.exe | "UDP Query User{EC62F5BD-6388-4672-8A71-7D472A9A1457}C:\users\mano\desktop\manuel\world of warcraft original\launcher.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\launcher.exe | "UDP Query User{ECE29540-7CE9-4226-862E-7BFB20EAD25D}C:\program files\3com\cable management system\camgr.exe" = protocol=17 | dir=in | app=c:\program files\3com\cable management system\camgr.exe | "UDP Query User{EEB009AF-F249-47BE-A238-BC1F69FE5144}C:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\manuel\world of warcraft original\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{F9BB2FE5-33FB-4C6F-8D0A-E8180BA892A9}I:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=i:\spiele\dragon age\bin_ship\daorigins.exe | "UDP Query User{FA6B5988-6CCF-42B4-8ECF-2DE1F3C6405F}C:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.1.0.2317-enus-tools-downloader.exe | "UDP Query User{FB4DF65C-327D-4F20-A3CB-FCE386BB791D}C:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "UDP Query User{FBEB93FD-3DBF-4259-AEAB-3794ED480E01}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe | "UDP Query User{FC4B3A14-6DE4-4028-AFDE-F9016F33DF93}C:\users\mano\desktop\world of warcraft original\launcher.exe" = protocol=17 | dir=in | app=c:\users\mano\desktop\world of warcraft original\launcher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{44BC30A3-B5F1-4CAF-8B06-BB7D26991FDC}" = Falk Navi-Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B39C475A-77A7-446D-B423-8051E976D910}" = USB CDC Device Driver "{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center "{D0EB6586-8330-11D4-AE23-00C04FA30170}" = Cable Management System "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20 "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F868BD32-1CD0-42A8-A813-A53CEA8882CD}" = Falk Navi-Manager "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AVG" = AVG 2012 "EAGLE 6.2.0" = EAGLE 6.2.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "HTPE3" = HyperTerminal Private Edition v7.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "LoxPLAN_is1" = LoxPLAN 1.7 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PSW1000_is1" = PSW1000 V.42 "Software Informer_is1" = Software Informer 1.0 BETA "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 72850" = The Elder Scrolls V: Skyrim "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/13/2012 6:07:00 AM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/13/2012 10:48:16 AM | Computer Name = MT | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8ba4 Startzeit: 01cd79628eec8205 Endzeit: 10 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 8/13/2012 10:49:54 AM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/13/2012 11:01:31 AM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/13/2012 12:12:59 PM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/13/2012 1:06:58 PM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/13/2012 2:09:08 PM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/14/2012 3:23:05 AM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 8/14/2012 3:26:48 AM | Computer Name = MT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.158, Zeitstempel: 0x4f4de709 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften Prozesses: 0x24a0 Startzeit der fehlerhaften Anwendung: 0x01cd72e1b6348a42 Pfad der fehlerhaften Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 682b7f03-e5e1-11e1-9944-c8f108209363 Error - 8/14/2012 4:12:38 AM | Computer Name = MT | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ OSession Events ] Error - 12/7/2010 2:10:57 PM | Computer Name = MT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash. Error - 6/17/2011 1:44:41 AM | Computer Name = MT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1140 seconds with 720 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 8/31/2012 7:46:54 AM | Computer Name = MT | Source = Service Control Manager | ID = 7001 Description = Der Dienst "TCP/IP Registry Compatibility" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error - 8/31/2012 7:46:55 AM | Computer Name = MT | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SABI spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf < End of report > bitte euch um Hilfe Geändert von alakhil (31.08.2012 um 14:36 Uhr) |
31.08.2012, 15:25 | #2 |
/// Helfer-Team | Polizei VirusFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL MOD - C:\Users\Mano\AppData\Roaming\BAcroIEHelpe205.dll () SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={48F6A216-23B1-4211-9927-3F2385AAE65E}&mid=a016ff37fffb193b7463f4f350f1c4d1-8a2325216bd74743ebe55d84b2c4faf227962e55&lang=de&ds=AVG&pr=fr&d=2012-05-31 19:58:49&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Userinit] C:\Users\Mano\AppData\Roaming\appConf32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c3de0f4-3048-11df-9b32-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{1c3de0f4-3048-11df-9b32-0024545f8488}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{40f3abb5-2dfb-11df-b380-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{40f3abb5-2dfb-11df-b380-0024545f8488}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{40f3abbc-2dfb-11df-b380-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{40f3abbc-2dfb-11df-b380-0024545f8488}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5c463b88-3d51-11df-b0a4-0024545f8488}\Shell - "" = AutoRun O33 - MountPoints2\{5c463b88-3d51-11df-b0a4-0024545f8488}\Shell\AutoRun\command - "" = G:\AutoRun.exe [2012/08/31 07:05:02 | 000,001,893 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2008/12/09 17:23:13 | 000,050,640 | RHS- | C] () -- C:\Users\Mano\AppData\Roaming\appConf32.exe @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D [2012/08/31 13:03:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012/08/31 13:03:48 | 000,198,200 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\AcroIEHelpe205.dll [2012/08/31 13:03:48 | 000,007,424 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe205.dll [2012/08/31 13:03:37 | 000,000,017 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\blckdom.res [2012/08/30 17:01:09 | 000,198,288 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\AcroIEHelpe204.dll [2012/08/20 12:09:05 | 000,006,400 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe195.dll [2012/08/17 17:15:12 | 000,006,400 | ---- | M] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe193.dll [2012/06/24 16:57:00 | 000,007,224 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe148.dll [2012/06/22 13:24:48 | 000,007,224 | ---- | C] () -- C:\Users\Mano\AppData\Roaming\BAcroIEHelpe147.dll [2011/03/07 08:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat :Files C:\Users\Mano\AppData\Roaming\*croIEHelp*.* C:\Users\Mano\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Mano\AppData\Local\Temp\*.exe C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk %SystemRoot%\System32\*.tmp %SystemRoot%\SysWOW64\*.tmp ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
31.08.2012, 15:59 | #3 |
| Polizei Virus Habe das alles gemacht, OTL hat dann einen Neustart des Systems verlangt, welchen ich auch durchgeführt habe....
__________________Danach war am Desktop folgendes All processes killed ========== OTL ========== Error: Unable to stop service Rezip! Service Rezip deleted successfully! C:\Windows\System32\Rezip.exe moved successfully. Service hwdatacard stopped successfully! Service hwdatacard deleted successfully! File system32\DRIVERS\ewusbmdm.sys File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully. C:\Program Files\Pando Networks\Media Booster\PMB.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully. File move failed. C:\Users\Mano\AppData\Roaming\appConf32.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c3de0f4-3048-11df-9b32-0024545f8488}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c3de0f4-3048-11df-9b32-0024545f8488}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c3de0f4-3048-11df-9b32-0024545f8488}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c3de0f4-3048-11df-9b32-0024545f8488}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40f3abb5-2dfb-11df-b380-0024545f8488}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f3abb5-2dfb-11df-b380-0024545f8488}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40f3abb5-2dfb-11df-b380-0024545f8488}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f3abb5-2dfb-11df-b380-0024545f8488}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40f3abbc-2dfb-11df-b380-0024545f8488}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f3abbc-2dfb-11df-b380-0024545f8488}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40f3abbc-2dfb-11df-b380-0024545f8488}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f3abbc-2dfb-11df-b380-0024545f8488}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c463b88-3d51-11df-b0a4-0024545f8488}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c463b88-3d51-11df-b0a4-0024545f8488}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c463b88-3d51-11df-b0a4-0024545f8488}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c463b88-3d51-11df-b0a4-0024545f8488}\ not found. File G:\AutoRun.exe not found. C:\Users\Mano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully. File move failed. C:\Users\Mano\AppData\Roaming\appConf32.exe scheduled to be moved on reboot. ADS C:\ProgramData\Temp:A42A9F39 deleted successfully. ADS C:\ProgramData\Temp:4CF61E54 deleted successfully. ADS C:\ProgramData\Temp:ABE89FFE deleted successfully. ADS C:\ProgramData\Temp:E1F04E8D deleted successfully. C:\ProgramData\ism_0_llatsni.pad moved successfully. C:\Users\Mano\AppData\Roaming\AcroIEHelpe205.dll moved successfully. C:\Users\Mano\AppData\Roaming\BAcroIEHelpe205.dll moved successfully. C:\Users\Mano\AppData\Roaming\blckdom.res moved successfully. C:\Users\Mano\AppData\Roaming\AcroIEHelpe204.dll moved successfully. C:\Users\Mano\AppData\Roaming\BAcroIEHelpe195.dll moved successfully. C:\Users\Mano\AppData\Roaming\BAcroIEHelpe193.dll moved successfully. C:\Users\Mano\AppData\Roaming\BAcroIEHelpe148.dll moved successfully. C:\Users\Mano\AppData\Roaming\BAcroIEHelpe147.dll moved successfully. C:\ProgramData\ezsidmv.dat moved successfully. ========== FILES ========== C:\Users\Mano\AppData\Roaming\AcroIEHelpe.txt moved successfully. File\Folder C:\Users\Mano\AppData\Local\{*} not found. C:\ProgramData\FullRemove.exe moved successfully. C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully. C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully. C:\ProgramData\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861} folder moved successfully. C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully. C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully. C:\ProgramData\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} folder moved successfully. C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully. C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully. C:\ProgramData\Temp\AVG folder moved successfully. C:\ProgramData\Temp folder moved successfully. C:\Users\Mano\AppData\Local\Temp\AutoRun.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\CommonInstaller.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\DataCard_Setup.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\EAD3F60.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\EADBCA9.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\EADBCB9.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\EADD6ED.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\EADF160.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\eauninstall.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\install_0_msi.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\jinstaller142.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\MachineIdCreator.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\NaviMgrInstaller.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\oi_{5642E15A-BDD7-4E6F-BCF4-123B28358690}.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\ose00001.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\ResetDevice.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\SkypeSetup.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\tmpF980.tmp.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\ToolbarInstaller.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\Uninstall.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\xmlUpdater.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\_is2A34.exe moved successfully. C:\Users\Mano\AppData\Local\Temp\_is84A9.exe moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Mano\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. C:\Users\Mano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully. File/Folder C:\windows\System32\*.tmp not found. File/Folder C:\windows\SysWOW64\*.tmp not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Mano\Desktop\cmd.bat deleted successfully. C:\Users\Mano\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Mano ->Temp folder emptied: 496180968 bytes ->Temporary Internet Files folder emptied: 817930089 bytes ->Flash cache emptied: 2016715 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 136018079 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 561296 bytes RecycleBin emptied: 1250 bytes Total Files Cleaned = 1,385.00 mb OTL by OldTimer - Version 3.2.59.1 log created on 08312012_165043 Files\Folders moved on Reboot... C:\Users\Mano\AppData\Roaming\appConf32.exe moved successfully. C:\Users\Mano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
31.08.2012, 23:44 | #4 |
/// Helfer-Team | Polizei Virus Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
01.09.2012, 06:46 | #5 |
| Polizei Virus PC läuft wieder der Suchlauf mit der Malware hat 3 infizierte Dateien ausgespuckt, die waren aber allesamt von OTL, diese dann gelöscht und nochmal Suachlauf gemacht-> alles sauber.... hier noch der cleaner-log # AdwCleaner v2.000 - Datei am 09/01/2012 um 07:44:46 erstellt # Aktualisiert am 30/08/2012 von Xplode # Betriebssystem : Windows 7 Home Premium (32 bits) # Benutzer : Mano - MT # Normaler Modus : Normal # Ausgeführt unter : C:\Users\Mano\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files\AVG Secure Search Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search Ordner Gefunden : C:\ProgramData\AVG Secure Search Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\Users\Mano\AppData\Local\AVG Secure Search Ordner Gefunden : C:\Users\Mano\AppData\LocalLow\AVG Secure Search ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AVG Secure Search Schlüssel Gefunden : HKCU\Software\IGearSettings Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\AVG Secure Search Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Schlüssel Gefunden : HKLM\Software\Informer Technologies, Inc.\OpenCandy Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [4525 octets] - [01/09/2012 07:44:46] ########## EOF - C:\AdwCleaner[R1].txt - [4585 octets] ########## |
02.09.2012, 06:03 | #6 |
/// Helfer-Team | Polizei Virus Bitte das Malwarebytes Logfile posten! (Reiter Logberichte)
__________________ --> Polizei Virus |
02.09.2012, 11:26 | #7 |
| Polizei Virus das ist der Log vom 2ten Suchlauf.... alwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Mano :: MT [Administrator] 31.08.2012 19:07:34 mbam-log-2012-08-31 (19-07-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 194236 Laufzeit: 5 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
02.09.2012, 14:46 | #8 | |
/// Helfer-Team | Polizei VirusZitat:
Wo ist der mit den Funden? |
03.09.2012, 16:07 | #9 |
| Polizei Virus ok, hier der Log vom ersten Suchlauf... Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Mano :: MT [Administrator] 31.08.2012 18:02:45 mbam-log-2012-08-31 (18-02-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 344045 Laufzeit: 55 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\_OTL\MovedFiles\08312012_165043\C_Users\Mano\AppData\Local\Temp\install_0_msi.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08312012_165043\C_Users\Mano\AppData\Roaming\BAcroIEHelpe147.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\08312012_165043\C_Users\Mano\AppData\Roaming\BAcroIEHelpe148.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) mfg |
04.09.2012, 15:54 | #10 |
/// Helfer-Team | Polizei Virus Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
24.10.2012, 08:42 | #11 |
/// Helfer-Team | Polizei Virus Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |