|
Plagegeister aller Art und deren Bekämpfung: Prozess csrss.exe läuft zwei malWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.11.2012, 14:55 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei mal adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2012, 15:40 | #17 |
| Prozess csrss.exe läuft zwei mal [Dritter Versuch zu antworten.. Die Nachricht scheint irgendwie zu lang zu sein]
__________________Hallo, adwcleaner hat anscheinend die Apps von meinem Google Chrome gelöscht. Das waren aber alles Programme die ich brauchte. Was genau hat der adwCleaner noch gelöscht? Hier das OTL Log: Code:
ATTFilter OTL logfile created on: 08.11.2012 15:11:29 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Torben\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 73,28% Memory free 15,73 Gb Paging File | 13,35 Gb Available in Paging File | 84,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 584,35 Gb Total Space | 186,94 Gb Free Space | 31,99% Space Free | Partition Type: NTFS Computer Name: TORBEN-PC | User Name: Torben | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Torben\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe () MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios) SRV - (CLKMSVC10_DB37F995) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\NavFilter\kmsvc.exe (CyberLink) SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia) DRV:64bit: - (nmwcdcmx64) -- C:\Windows\SysNative\drivers\nmwcdcmx64.sys (Nokia) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org) DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360310d506l0408z115t7441c071 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360310d506l0408z115t7441c071 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Torben\Desktop IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360310d506l0408z115t7441c071 IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.de/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE370 IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\SearchScopes\{871C1DC4-6C58-4719-B685-77B3E4DE6564}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Torben\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Torben\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 12:48:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 12:48:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 12:48:32 | 000,000,000 | ---D | M] [2012.10.29 23:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\956io89w.default\extensions [2012.10.29 23:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben\AppData\Roaming\mozilla\Firefox\Profiles\956io89w.default\extensions\ich@maltegoetz.de ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Anti-Banner = C:\Users\Torben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Torben\AppData\Roaming\Mozilla\Firefox\Profiles\3awf6g1l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.94.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Torben\AppData\Roaming\Mozilla\Firefox\Profiles\3awf6g1l.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.94.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\TrayServer.exe (MAGIX AG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000..\Run: [Akamai NetSession Interface] "C:\Users\Torben\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Torben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4146755390-1899032672-475610802-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF81FE2-0DF3-44C0-92A4-54D87E4A4F6F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2A3F480-A982-40E4-807B-D345A657D6DB}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 14:10:56 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\logs [2012.11.08 14:10:56 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\.techniclauncher [2012.11.08 14:10:35 | 000,059,392 | ---- | C] (Technic) -- C:\Users\Torben\Desktop\TechnicLauncher.exe [2012.11.08 12:11:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Torben\Desktop\tdsskiller.exe [2012.11.08 12:00:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Torben\Desktop\aswMBR.exe [2012.11.07 16:11:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Torben\Desktop\OTL.exe [2012.11.04 18:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.11.04 18:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.11.04 18:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2012.11.04 18:28:40 | 000,000,000 | ---D | C] -- C:\PCWELT [2012.11.04 18:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TaskManager [2012.10.31 20:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buka [2012.10.31 20:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buka [2012.10.28 13:34:01 | 000,000,000 | ---D | C] -- C:\Users\Torben\Desktop\lol [2012.10.27 20:28:00 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\PictureConverter [2012.10.25 16:23:17 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Local\{427A6921-ACDF-4090-AAF3-2384EFF7A21C} [2012.10.24 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\Torben\Documents\CraftBukkit [2012.10.24 17:11:38 | 000,000,000 | ---D | C] -- C:\Users\Torben\AppData\Roaming\.minecraft [2012.10.21 10:03:03 | 000,000,000 | ---D | C] -- C:\Users\Torben\Desktop\Bitte löschen [2012.10.19 22:57:35 | 000,000,000 | R--D | C] -- C:\Users\Torben\Desktop\Schule [2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.08 15:12:49 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.08 15:12:49 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.08 15:11:48 | 001,541,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.08 15:11:48 | 000,669,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.08 15:11:48 | 000,629,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.08 15:11:48 | 000,137,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.08 15:11:48 | 000,112,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.08 15:05:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.08 15:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.08 15:04:40 | 2037,772,287 | -HS- | M] () -- C:\hiberfil.sys [2012.11.08 14:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.08 14:57:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4146755390-1899032672-475610802-1000UA.job [2012.11.08 14:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.08 14:11:01 | 000,579,274 | ---- | M] () -- C:\Users\Torben\AppData\Roaming\technic-launcher.jar [2012.11.08 14:10:36 | 000,059,392 | ---- | M] (Technic) -- C:\Users\Torben\Desktop\TechnicLauncher.exe [2012.11.08 13:59:20 | 000,541,569 | ---- | M] () -- C:\Users\Torben\Desktop\adwcleaner.exe [2012.11.08 13:57:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4146755390-1899032672-475610802-1000Core.job [2012.11.08 12:11:27 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Torben\Desktop\tdsskiller.exe [2012.11.08 12:00:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Torben\Desktop\aswMBR.exe [2012.11.07 16:11:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Torben\Desktop\OTL.exe [2012.11.03 16:31:09 | 001,341,859 | ---- | M] () -- C:\Users\Torben\AppData\Local\Tempmusic.ogg [2012.11.01 20:54:38 | 1131,343,592 | ---- | M] () -- C:\Users\Torben\Desktop\javaw 2012-11-01 20-53-48-34.avi [2012.10.31 12:48:31 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.10.28 18:13:22 | 000,047,852 | ---- | M] () -- C:\Users\Torben\AppData\Local\recently-used.xbel [2012.10.28 16:48:37 | 000,282,312 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.10.28 16:48:37 | 000,282,312 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.28 16:44:02 | 000,283,312 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.10.28 11:38:15 | 000,001,306 | ---- | M] () -- C:\Users\Torben\Desktop\Free YouTube Download.lnk [2012.10.21 21:03:53 | 006,475,528 | ---- | M] () -- C:\Users\Torben\Desktop\Trololo Sing Along!.mp3 [2012.10.19 18:45:30 | 000,012,598 | ---- | M] () -- C:\Users\Torben\Desktop\Computer.lnk [2012.10.19 18:43:35 | 000,432,704 | ---- | M] () -- C:\Users\Torben\Desktop\Desktop geil.jpg [2012.10.13 21:42:07 | 001,071,091 | ---- | M] () -- C:\Users\Torben\Desktop\img004.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.08 14:10:56 | 000,579,274 | ---- | C] () -- C:\Users\Torben\AppData\Roaming\technic-launcher.jar [2012.11.08 13:59:13 | 000,541,569 | ---- | C] () -- C:\Users\Torben\Desktop\adwcleaner.exe [2012.11.02 13:13:34 | 001,341,859 | ---- | C] () -- C:\Users\Torben\AppData\Local\Tempmusic.ogg [2012.11.01 20:53:48 | 1131,343,592 | ---- | C] () -- C:\Users\Torben\Desktop\javaw 2012-11-01 20-53-48-34.avi [2012.10.28 18:13:22 | 000,047,852 | ---- | C] () -- C:\Users\Torben\AppData\Local\recently-used.xbel [2012.10.28 11:38:15 | 000,001,306 | ---- | C] () -- C:\Users\Torben\Desktop\Free YouTube Download.lnk [2012.10.21 21:03:37 | 006,475,528 | ---- | C] () -- C:\Users\Torben\Desktop\Trololo Sing Along!.mp3 [2012.10.19 18:45:13 | 000,012,598 | ---- | C] () -- C:\Users\Torben\Desktop\Computer.lnk [2012.10.19 18:43:32 | 000,432,704 | ---- | C] () -- C:\Users\Torben\Desktop\Desktop geil.jpg [2012.10.13 21:42:07 | 001,071,091 | ---- | C] () -- C:\Users\Torben\Desktop\img004.jpg [2012.08.21 17:37:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2012.07.03 21:43:08 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.08 14:07:36 | 000,282,312 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.08 14:07:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.05.08 14:07:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.18 14:15:09 | 000,007,605 | ---- | C] () -- C:\Users\Torben\AppData\Local\Resmon.ResmonCfg [2012.03.26 14:20:10 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012.02.11 19:25:17 | 000,000,680 | RHS- | C] () -- C:\Users\Torben\ntuser.pol [2012.01.29 17:20:20 | 000,000,382 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.27 15:33:22 | 000,000,660 | ---- | C] () -- C:\Windows\eReg.dat [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.08.20 12:23:40 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.08.18 16:53:23 | 000,017,408 | ---- | C] () -- C:\Users\Torben\AppData\Local\WebpageIcons.db [2011.08.18 16:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.07.07 13:38:24 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.04.04 20:18:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.24 23:15:02 | 000,174,768 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.08.01 12:41:51 | 000,000,094 | ---- | C] () -- C:\Users\Torben\AppData\Local\fusioncache.dat [2010.03.30 10:47:12 | 000,038,400 | ---- | C] () -- C:\Users\Torben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.20 11:22:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2011.08.22 16:00:20 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4146755390-1899032672-475610802-1000\$RPH3DVD.minecraft\saves\jae1000j's Minecraft Note Block Song World Save (02.21.2011)\World5\n [2011.08.22 16:00:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4146755390-1899032672-475610802-1000\$RPH3DVD.minecraft\saves\jae1000j's Minecraft Note Block Song World Save (02.21.2011)\World5\u [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.18 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\.minecraft [2012.03.10 21:29:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\AnvSoft [2012.03.03 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Epson [2012.03.18 13:32:51 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Orbit [2012.03.03 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ProgSense ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D20FFA63 < End of report > |
08.11.2012, 15:41 | #18 |
| Prozess csrss.exe läuft zwei mal EXTRAS
__________________Code:
ATTFilter OTL Extras logfile created on: 08.11.2012 15:11:29 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Torben\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 73,28% Memory free 15,73 Gb Paging File | 13,35 Gb Available in Paging File | 84,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 584,35 Gb Total Space | 186,94 Gb Free Space | 31,99% Space Free | Partition Type: NTFS Computer Name: TORBEN-PC | User Name: Torben | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe "C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F81EE5-0306-46DE-BAFC-4BDB1B89EE13}" = lport=6985 | protocol=6 | dir=in | name=league of legends launcher | "{0475DCCA-8866-4270-AB1B-1FC2EA36FA97}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{0494A6FA-28D6-4A26-9D11-02D91C25D678}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher | "{0572FC80-6BE5-4A52-A7EB-C7556488C952}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | "{0711612F-A75F-48D1-869A-BBE7161EBFA6}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher | "{09920223-DC28-45FA-AEA4-9E0941CAF4ED}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher | "{1086B795-C7F2-431A-B4D4-62DDE35D535C}" = lport=2869 | protocol=6 | dir=in | app=system | "{113E79CF-15F6-4D16-9213-AF875C540CFC}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{12D3592D-1330-4C58-BCBD-A14B93B07552}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{13BC555D-FE27-4F5F-BDDD-B929FF4F1160}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher | "{170B4A7B-C450-4EAC-BB03-2DCDC614FC51}" = lport=10243 | protocol=6 | dir=in | app=system | "{194EC8A4-8226-4F6D-B4CB-67898F408D05}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher | "{2B3F4259-BE53-408C-98FB-39308247BEC5}" = rport=139 | protocol=6 | dir=out | app=system | "{36B94C92-0C9B-4D9E-9E60-A91075C5CD28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{36E67F46-4C95-45D9-B283-56E24A01F5D5}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | "{370CA181-7A35-427F-B3A9-B00B2204AF8F}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher | "{384C139D-05A9-4A68-BAD3-948BA8AA9E0F}" = lport=6985 | protocol=17 | dir=in | name=league of legends launcher | "{3ED93D33-63BB-4536-AC02-38C0200DEDDD}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{3FD8C513-4C1A-4CBD-81D8-C3C967E24687}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{41CE62D0-0598-428C-9DE3-69F37A438F20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{47FABDB8-15B4-476E-B13C-DBD8CFEC7362}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher | "{4F908997-8EC3-4F4F-ADF4-6BEE12E61983}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | "{5162926A-F190-4749-9F2D-A69757722887}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher | "{51C8AE57-D7C9-4648-AA46-31228DC557FB}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher | "{53ADC085-EDE4-40D4-A324-E7E34D8C99DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5530A52D-8056-41A7-A491-3FB43CE46853}" = lport=6911 | protocol=6 | dir=in | name=league of legends launcher | "{55F0FF83-A8C0-4E82-B866-97D1C2C13BA1}" = lport=6911 | protocol=17 | dir=in | name=league of legends launcher | "{562B6ECF-C5A3-48C1-8F79-E6345D832276}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{56D6CBA2-4681-418C-88CC-FDBA62752F25}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{57C23CE8-4107-4351-A388-D938E7D4F2C7}" = lport=6919 | protocol=6 | dir=in | name=league of legends launcher | "{58D8140F-8DFA-4088-AEF5-19FF9607A5CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5E3B83A8-EB39-4F9E-AC60-F12F6B642939}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{62BC52A5-EFDB-4A12-9330-F91DBCECD9D8}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{66891AC5-4B62-49E9-BD0D-083B7850E2ED}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{705399DB-047A-4243-BB6F-7ED0BB63CE07}" = rport=10243 | protocol=6 | dir=out | app=system | "{72BAA241-2CBF-4A68-8587-314397B745CA}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{7368DCFB-163C-47F0-A848-77EB2C9C62EB}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher | "{75DE4B4F-C827-49EA-9DC5-D34DD4EB8BDF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{798017FD-412F-4852-8566-131EE9B75B23}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | "{7A748C61-33B6-47EF-B7DB-34BFF34FD2B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7CF7D652-1331-4148-A48A-743DE38766B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{802652E9-0148-43B0-A02D-EA94508C6D76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{802C3225-93AF-4A1A-B236-A1EF5059993B}" = rport=445 | protocol=6 | dir=out | app=system | "{8086B93C-6BEA-49E7-BFDE-75EFB2DB4370}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{82EE1501-6465-4830-9375-58077A5CA6DE}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher | "{85351885-5208-4108-BC31-7F79A6F6E4CE}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{87C99802-A59F-4717-8E60-B371592D3DCA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{88E056F2-CD43-4D59-8DBD-39B807C912A9}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{8D99A945-9D6F-4F7A-BC76-4D33EED6BFE4}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher | "{8EA00350-1538-4211-A160-ACA75A42C754}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | "{944F949C-54FD-48A3-8529-A32568972843}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{9595C365-84EE-449D-999E-C8C9586522D0}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{9659F4D8-E026-4427-AD69-BEEA86AAA25E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9BD0056D-9873-40D7-98AC-116A48ABC305}" = rport=138 | protocol=17 | dir=out | app=system | "{A3813B63-B9BC-4FEE-87FE-DB6E9D5C25CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A41EB07F-D442-4B08-9846-54E0CD9394BD}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | "{A72BBC25-A4A2-4FE6-BF52-3D63D7C9D782}" = rport=137 | protocol=17 | dir=out | app=system | "{A9D9EBE1-6985-4187-8FDE-A0039C487BED}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | "{AFF79188-F52D-4584-B6F7-4DF680505601}" = lport=138 | protocol=17 | dir=in | app=system | "{B182A9F4-EE73-4F73-8192-489D7409F49D}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | "{B1C216F1-2181-40FB-A270-807C785B0C4A}" = lport=6919 | protocol=17 | dir=in | name=league of legends launcher | "{B550B3E8-312E-4DF7-984F-0421907A0423}" = lport=139 | protocol=6 | dir=in | app=system | "{BC6608AF-F68E-4075-ABB1-8E526E8FEA8D}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{C253CD20-6D79-441D-81C5-A6952D2C0F4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{C3E03E13-59C3-42DD-AEE1-6D9B47D35579}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C440D906-F9CF-45CD-AEE0-D850C858F6C3}" = lport=2869 | protocol=6 | dir=in | app=system | "{C8DF8069-594C-4C76-9B44-CE64CAC60DC9}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | "{CF5F1886-61C4-4187-A9F6-26B37E8E2A54}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{D3161E26-F0E5-468F-A4C4-A4096B4187AB}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | "{D9CADBB0-8C62-49EA-9B10-E3BC088474E8}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{DDBC4981-83AF-4ED6-B5B8-7943CFEFA9F2}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | "{E1C75A9E-933F-4D4A-A356-05EC48E44A24}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "{E2758237-3CE1-41FD-A0E9-63F0351ED026}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher | "{E2F690AE-A517-4F45-A046-446A7FF9E9A1}" = lport=445 | protocol=6 | dir=in | app=system | "{E592BF62-841C-4661-AF3D-510C87B31FAB}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher | "{E62F4F50-2461-40BC-A95C-A333689E6221}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{EBF48773-2BE8-4386-9B9A-40A4725F1D49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE91A145-696F-47D4-AC8B-114562F62441}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{F30BCE3B-38D4-40EE-9972-6A642D149F27}" = lport=137 | protocol=17 | dir=in | app=system | "{F31C165D-B12D-4DED-835E-F4ADF0F1A4FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9873599-AB96-4239-AA50-C580CA949F1D}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | "{FF7DD0FA-EE0C-4215-A733-47750901003C}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CE9F62-8F21-477C-8DD9-2F13076C7E89}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | "{0501B4BE-D0B7-4B12-B894-3784D6624047}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{050DFEF8-DE65-4F08-82F7-0EA870CBA7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bullet run\launchpad.exe | "{05DA680E-D6CD-4A49-820C-320A99B7D5FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0795292B-9D03-4C30-A11C-528724910F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{0D68B11C-C8A2-4A1A-941A-DD4772E0352B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{104D575B-E16F-4A49-863A-4267E674154A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{1060964F-A81E-45FF-A4DE-D7A49CB5603E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{11E7CF78-0D76-4267-9A7E-93CC8D2FAC19}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{1784E630-BC49-4A9A-AC2F-079BC3FE378E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1939B3CC-6B20-441F-B449-12EC56F93BFD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{1ABA5C6B-9016-45E9-8B68-4A55256B6AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{1B89B5F2-EC6B-45E7-B78A-7AF4FB0910E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{1BAAC1FA-50E4-49A0-90BC-1514F4E3B64B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{1C3A1180-6858-4013-9A63-B62B92D4D746}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bullet run\launchpad.exe | "{1FF7950D-2F60-4BD6-9A92-D5CFE3C5B06A}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{242A0055-1DFA-4203-BBEA-793F92395C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{24797358-A6A4-495D-94DB-AA5C4F3EA8FC}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{25B65603-FBF5-4A2F-B365-F0A528F63F91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{27ED5A51-9735-4F94-9133-510B27755ABE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{28963599-C5D6-42A9-8BE2-A31E062F8C89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2BD1C1E5-2200-48FE-BDAD-1A5D9DD2AD75}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | "{315B66BC-2C47-48EC-B8EB-46BDBD3C8423}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{31A389AA-F1A4-4767-8B1E-BA40D045172B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{33F1602A-F726-4836-97A9-FE026D119B8C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{3497AD8B-B89E-4524-A365-95F7EF7DB961}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{36CB8E5B-AA35-4659-A508-F4F1F814AF75}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{3855313D-A5E1-49E2-BEDD-71A6B430D5B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3C761C60-2383-44AC-8395-4AAA272F1FDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3D543720-D068-454C-BCCD-691044483A33}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{3D7EFC27-A062-411B-AF94-354E8A6CC057}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | "{40C5AFE2-492E-48A1-A1E9-BE71FE079AE7}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{49E773CE-59CF-4DD7-A1D2-DD52182C263B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe | "{4A6EDC29-DE54-42EE-8B92-ECEED0D98B2B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4EFEFDA6-02E6-4F64-A9BF-9215F6AF17F4}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{4F27898D-F96F-48FF-BB99-7C9872F9B3E9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{4FE6A47A-7399-4E9C-BCA3-F58E361EAE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{52164FC6-CBE3-427F-B4F8-FBF0608386C3}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{57393DA3-FE53-491F-B234-3311699FF39E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{57926FE9-BA39-498D-B4B2-08C44B1CF92A}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{597B8CD7-64A4-43C9-8E67-9BB0EF0C2855}" = protocol=17 | dir=in | app=c:\users\torben\appdata\local\temp\dsoclient\dlcache\app.n3app | "{597F0474-BA20-41D2-8A62-F5D7F6B83040}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{5A80A6CF-E995-4157-9053-1748062EB420}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{63133D4D-5CC3-4D37-BEC7-7413B0507FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{64E5E696-2A58-4013-A4CC-90C38AC21EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{68789345-4319-4203-99BF-59635931A7AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6889F153-5516-4764-B227-1C85B3C3E83C}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{68BF4AA2-1E6E-4A34-88CA-7A46C502241F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{696549A3-88D7-40A7-8DCD-09846FD82CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{6AC2E378-9AA1-4888-8CD0-715F175400FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{70ED8950-62DE-4D31-9FB6-74C521FA8D23}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{7161B04F-D5F8-4FC6-AF1F-7C09190DF2DF}" = protocol=6 | dir=in | app=c:\users\torben\appdata\local\akamai\netsession_win.exe | "{718A8C92-1919-4D51-B86A-D3C85706A491}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{73CD368C-4B76-4447-84B9-AE5114629BE9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{74BF69AA-73E8-48C8-AA70-055B4AF769C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{753BD24F-2EFC-48DF-A379-AFC742AB10CE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{7547687C-4451-421B-90C1-F05BACA0A480}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{773C7D17-8012-41A2-B765-00C421BDFD9B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7854D711-79CB-45B2-B9EC-92C4BF00B5EF}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | "{7DA3E4D5-A551-4F57-8917-DCF7C78026F9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{805A44F7-3CE2-49FE-929A-F8710968D515}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | "{80616713-BDDB-4EF3-B6FF-81D6CE40FCBA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{8247C900-2345-4947-B2AB-44A3A0E43EEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe | "{83D64BC9-0D51-4FF1-AEB2-EE2E9166827E}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{8697C832-640C-4633-AE47-BFFED310FB25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{86EF19E6-E150-4071-A769-0E9A44375BD2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8AACD64C-F619-440D-A7F3-018241EBD3E3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8BB0EC09-BE9D-4511-B8A4-888A19F6965F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{8DFE1010-0A44-40D6-87AF-C793350968B1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe | "{8FFBED1B-8D61-4D08-9D42-C5897D2E21DC}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{9277E971-CB42-4908-A5B0-E52EDB4F6310}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{956030B7-A514-488F-9767-593A03006E22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9750FD30-92A1-495C-8027-83048CEDE7F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9DCF6BE8-6473-4AAF-B742-B7BD2A51F62A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A6F7608A-5CF8-413D-92A9-0A7C25AE1D84}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{A9B8B711-5E0C-4EB0-B9C3-15625C1948A4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{AD55CAC3-AF5E-4C1C-BB4E-B133B1AFFEF0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{B2656BF4-7156-470F-9361-A844FF651B93}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | "{B30DDDDD-CC9D-45E5-8672-0D7B70E87BAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B396C143-DDA3-4C72-AB5E-97B7880FF0CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B605EF6D-1012-4621-905E-9EE7C721BD98}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | "{B779DEB5-DEAC-4613-8F4E-B4F0BAA48F14}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{BAC55FA5-4DAC-4F38-AC9F-5A036D9E4C19}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BC4CC9D6-90FF-4EB6-A679-604FF0B0A7E6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{BDB59922-D653-4384-B0E1-CA8FA7EDC2AC}" = protocol=6 | dir=out | app=system | "{C1B8ED49-E4B6-4289-852E-A0E2E6310859}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C5608C48-99B3-49F1-9D31-24EEC0BEAF7E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C80AB867-A94A-45A1-AF73-C4099C08A10C}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | "{C8CD2CD2-0F58-4A45-AFDB-30EB26737894}" = protocol=17 | dir=in | app=c:\users\torben\appdata\local\akamai\netsession_win.exe | "{C9488741-7C88-4F78-9565-61F82ECE6690}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe | "{C9B83DD1-CF06-445B-9903-18091D3A631E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{C9D88F28-B063-464C-8767-89249131CA13}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{CA0FAEDE-3530-4F8D-BD90-7C9D945FA55E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CD48E4D2-21DC-4B1C-92F3-BF399FEDA924}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{D21F1DE8-8C88-4158-BB38-E211389EBDB8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D2E80A6F-84B3-4875-8E87-F38C6A817103}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D50DE0FA-5629-4990-8342-6F7E471123BE}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{D79E15BC-C53B-43F4-9F36-5504F51973B5}" = protocol=17 | dir=in | app=c:\users\torben\desktop\neuer ordner (3)\crossfire0212downloader.exe | "{D7C52228-2583-43FF-A4EC-9876E772AB2F}" = protocol=6 | dir=in | app=c:\users\torben\appdata\local\temp\dsoclient\dlcache\app.n3app | "{D88ABBEE-533B-40A2-8D06-47A14780DDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{DA780C7C-45A9-42AB-AEE2-11FFEE60B7A4}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{DCFD0158-AECB-45AE-BCFB-BFE78E3A3237}" = protocol=6 | dir=in | app=c:\users\torben\desktop\neuer ordner (3)\crossfire0212downloader.exe | "{DDCEBF27-3A3A-4C46-9C05-5A9CD089924B}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{DF0AFC34-3122-4BB4-88E4-A770A7757978}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | "{E0A51E6D-D0A5-4296-84D4-006A1421CD4E}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{E4844C78-6ADB-44F4-A4E1-193066203B86}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142 deluxe edition\bf2142.exe | "{E6DC6377-8A18-439B-8566-EC034D5A7736}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | "{E9B4BF86-F737-4AC9-982A-C2B0006B091C}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | "{EA713467-DB4B-4E49-BA1B-5B5130E05525}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | "{EA9C0D59-0F85-4B08-B035-E71D32EDFDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{EC3EE6EC-212E-490E-A644-0C855D89604B}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | "{EE8C36DF-0DD5-43FC-AAAE-23B234E68AD3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F00CC597-B528-436E-BAD5-EFF52D34F12E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F0B159E1-6461-407D-B41D-3774E57C26AE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{F575D914-635F-4506-94F2-ED0ADBDA9F5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FC29932C-C447-49BA-A83A-9C6E90245DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | "{FD1CEC41-06FF-4E57-91CF-A9669A6742BC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{FE224720-8A63-47F3-AA00-B2BE267D27EC}" = protocol=58 | dir=in | app=system | "TCP Query User{013BD469-296C-4999-A301-18F674E14B6C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{071BDCE3-897E-430E-B740-88AFCF52EF66}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{12F77557-9780-4CC8-A598-1C826669F7C0}C:\users\torben\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\torben\appdata\local\akamai\netsession_win.exe | "TCP Query User{1C6355E4-CC74-486D-A057-4CAF6E8FBD65}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{215715ED-32EF-4FE6-B9EA-BE0FADCC3502}C:\program files (x86)\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "TCP Query User{32B9916E-B8DD-4776-A214-1C6C2B37CB6C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{439BFE98-04EC-498E-9BC4-BE3D738567BF}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | "TCP Query User{48F7BE26-A1BE-49C6-9794-CF07E89F4420}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{4926DE7A-83A2-41AC-B4BF-64A3266BD5FD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{60360D32-A0B9-4133-B394-E5D977108424}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{7508825E-8D3D-41E9-8612-422E3449EB00}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{80230FDF-ABB6-461A-B32E-852B09AF53DA}C:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe | "TCP Query User{8780FD61-871D-450E-BCE5-8099F55E4D1E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{9EA9BD35-2C27-44C3-9819-76B3DDB7E545}C:\program files (x86)\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\loco\system\loco.exe | "TCP Query User{A086B318-49BB-4941-8C5E-B92A9A4388CA}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "TCP Query User{ACF70296-80B8-49C2-A586-C19CFDF1104E}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | "TCP Query User{B957EF92-F9BE-477F-9613-9BF49BEFB616}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{E4592E34-F26C-46CE-9E83-C2794C5C1572}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "TCP Query User{F692D229-C9CB-4F6D-BCC7-4D33B9350862}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "UDP Query User{00B94BF5-2078-4572-AC35-E48658676CAE}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "UDP Query User{0326ED2D-EFCC-44F3-8ABE-4B0CA991D817}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{0648C508-40C9-4872-A169-189E8F8AAFC1}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | "UDP Query User{26EF5361-E150-4DEF-BA08-D91E66097120}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{315BAA19-9EBC-48EC-9711-30CC3725DF2E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{3C2CBD05-0EEF-417F-9B27-241441CBD82D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{3D9587C8-757C-45AB-8C2D-285D1B942184}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{5B0746FF-9A97-4036-97D0-3A40D14E2BA5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{6A6713CC-EBB7-4797-8220-1876E2630B6C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7036E19B-3AD6-4679-9AF5-9C5CD0544908}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{735F0758-9319-4E86-8347-27DDF780ABBE}C:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe | "UDP Query User{8AF6851F-C798-4599-8F33-2AB4AC046053}C:\program files (x86)\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | "UDP Query User{9411B73D-C08A-463A-A82E-746B6FFC9ADD}C:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | "UDP Query User{9D9B1490-44EE-4667-A65F-2FBB6D04DA68}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | "UDP Query User{9EAFFFF2-255F-4B25-A811-5219E9C3CCF7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{BC66C354-15B3-4582-9EC5-B84E067EFB90}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{CD091CAC-2AC8-4088-AF93-5880F39F3C0E}C:\program files (x86)\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\loco\system\loco.exe | "UDP Query User{CE7C713C-EC7E-4008-8F50-E4AA875CB2DD}C:\users\torben\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\torben\appdata\local\akamai\netsession_win.exe | "UDP Query User{FF9CB116-D5A5-4AFC-B609-94A52FD9B301}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D237D67F-E77C-4D9E-AA66-8B7A821C215F}" = MFC RunTime files x64 "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall "GIMP-2_is1" = GIMP 2.8.0 "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = HALO 2 FÜR WINDOWS VISTA "{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942 "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E9ADAB4-74DE-4362-8DB9-E2E86176C73B}_is1" = Mod Installer 1.1 Risugami ohen beta Kanten Version 1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista "{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{525E2229-6693-40E6-8FBE-FF4E5F8D7AF7}_is1" = Modinstaller für Minecraft 1.3.2 Version 2.0 "{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor "{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese "{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian "{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{765AD336-1219-478F-97E8-2D23FBE70981}" = MAGIX Video deluxe 16 Plus Sonderedition Download-Version "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish "{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German "{7E079E23-77CB-4AA4-A335-5D6DF9143720}" = FireArc Arcade "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit "{85725958-E3A1-4D0F-862B-4CE4EDC71A5E}_is1" = Minecraft Note Block Studio version 3.1.3 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard "{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = Ontrack EasyRecovery DataRecovery Trial "{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All "{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi "{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian "{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light "{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek "{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DAC69A3A-89E6-4B70-B486-B974C2C95BE9}" = HD Writer AE 4.0 "{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian "{DB318841-F512-49DF-999B-2A6AEDA9E13A}" = Samorost 2 "{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "AbiWord2" = AbiWord 2.9.2 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "Any Video Converter_is1" = Any Video Converter 3.2.7 "Audacity_is1" = Audacity 2.0 "Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit "dlancockpit" = devolo dLAN Cockpit "dlanconf" = devolo dLAN-Konfigurationsassistent "Drakensang Online" = Drakensang Online "dslmon" = devolo Informer "EPSON BX525WD Series Network Guide" = EPSON BX525WD Series Netzwerk-Handbuch "Finale 2011 Demo" = Finale 2011 Demo "FL Studio 10" = FL Studio 10 "Fraps" = Fraps (remove only) "Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228 "Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015 "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.32.918 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918 "Game Booster_is1" = Game Booster 3 "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "Halo 2" = HALO 2 FÜR WINDOWS VISTA "Hard Truck Apocalypse_is1" = Hard Truck Apocalypse "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "IL Download Manager" = IL Download Manager "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012 "League of Legends_is1" = League of Legends "LManager" = Launch Manager "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX_MSI_Videodeluxe16_plus" = MAGIX Video deluxe 16 Plus Sonderedition Download-Version "MediaCoder" = MediaCoder 0.7.5.4720 "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Postal 2_is1" = Portal 2 "PunkBusterSvc" = PunkBuster Services "RocketDock_is1" = RocketDock 1.3.5 "Security Task Manager" = Security Task Manager 1.8d "Steam App 17050" = Global Agenda - Demo "Steam App 211880" = Bullet Run "Steam App 400" = Portal "Steam App 72850" = The Elder Scrolls V: Skyrim "Uninstall_is1" = Uninstall 1.0.0.1 "Usenet.nl_is1" = Usenet.nl "uTorrent" = µTorrent "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4146755390-1899032672-475610802-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.09.2011 09:37:47 | Computer Name = Torben-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 16.09.2011 09:37:47 | Computer Name = Torben-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 16.09.2011 13:05:46 | Computer Name = Torben-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 16.09.2011 13:05:46 | Computer Name = Torben-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 17.09.2011 08:59:36 | Computer Name = Torben-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 17.09.2011 08:59:36 | Computer Name = Torben-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 17.09.2011 09:43:05 | Computer Name = Torben-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Oblivion.exe, Version: 1.2.0.416, Zeitstempel: 0x462392c7 Name des fehlerhaften Moduls: Oblivion.exe, Version: 1.2.0.416, Zeitstempel: 0x462392c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0033a5e8 ID des fehlerhaften Prozesses: 0x1bd0 Startzeit der fehlerhaften Anwendung: 0x01cc753a6e9339ee Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe Berichtskennung: f81aa74e-e132-11e0-a401-00262d8796ce Error - 17.09.2011 09:43:09 | Computer Name = Torben-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Oblivion.exe, Version: 1.2.0.416, Zeitstempel: 0x462392c7 Name des fehlerhaften Moduls: Oblivion.exe, Version: 1.2.0.416, Zeitstempel: 0x462392c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0033a5e8 ID des fehlerhaften Prozesses: 0x1bd0 Startzeit der fehlerhaften Anwendung: 0x01cc753a6e9339ee Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe Berichtskennung: fa87dfd7-e132-11e0-a401-00262d8796ce Error - 17.09.2011 13:48:11 | Computer Name = Torben-PC | Source = Application Hang | ID = 1002 Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1e00 Startzeit: 01cc7561f104f95f Endzeit: 0 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 332c46fa-e155-11e0-a401-00262d8796ce Error - 17.09.2011 13:48:37 | Computer Name = Torben-PC | Source = Application Hang | ID = 1002 Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1194 Startzeit: 01cc7562006ac85a Endzeit: 10 Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE Berichts-ID: 4387c0b2-e155-11e0-a401-00262d8796ce [ Media Center Events ] Error - 21.04.2012 11:53:55 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 17:53:55 - Fehler beim Herstellen der Internetverbindung. 17:53:55 - Serververbindung konnte nicht hergestellt werden.. Error - 21.04.2012 11:54:14 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 17:54:01 - Fehler beim Herstellen der Internetverbindung. 17:54:01 - Serververbindung konnte nicht hergestellt werden.. Error - 21.04.2012 12:54:21 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 18:54:21 - Fehler beim Herstellen der Internetverbindung. 18:54:21 - Serververbindung konnte nicht hergestellt werden.. Error - 21.04.2012 12:54:27 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 18:54:27 - Fehler beim Herstellen der Internetverbindung. 18:54:27 - Serververbindung konnte nicht hergestellt werden.. Error - 24.04.2012 09:41:31 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 15:41:31 - Fehler beim Herstellen der Internetverbindung. 15:41:31 - Serververbindung konnte nicht hergestellt werden.. Error - 24.04.2012 09:41:54 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 15:41:36 - Fehler beim Herstellen der Internetverbindung. 15:41:36 - Serververbindung konnte nicht hergestellt werden.. Error - 16.05.2012 09:10:05 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 15:10:05 - Fehler beim Herstellen der Internetverbindung. 15:10:05 - Serververbindung konnte nicht hergestellt werden.. Error - 16.05.2012 09:10:16 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 15:10:11 - Fehler beim Herstellen der Internetverbindung. 15:10:11 - Serververbindung konnte nicht hergestellt werden.. Error - 17.05.2012 09:02:38 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 15:02:38 - Fehler beim Herstellen der Internetverbindung. 15:02:38 - Serververbindung konnte nicht hergestellt werden.. Error - 17.05.2012 09:03:31 | Computer Name = Torben-PC | Source = MCUpdate | ID = 0 Description = 15:03:25 - Fehler beim Herstellen der Internetverbindung. 15:03:25 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 08.11.2012 08:33:29 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 08:43:29 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 08:53:29 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 09:11:59 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 09:21:59 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 09:31:59 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 09:41:59 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 09:51:59 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 10:01:59 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = Error - 08.11.2012 10:06:08 | Computer Name = Torben-PC | Source = DCOM | ID = 10016 Description = < End of report > EDIT: Google Chrome ist wiederhergestellt Geändert von Schnitzelfre (08.11.2012 um 15:46 Uhr) |
08.11.2012, 16:40 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei mal Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2012, 18:20 | #20 |
| Prozess csrss.exe läuft zwei mal Was hat der Cleaner denn jetzt gelöscht? EsetScan läuft noch. Malwarebytes hat nichts gefunden. Kaspersky auch nicht. |
08.11.2012, 20:28 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei mal Bitte beide Logs posten
__________________ --> Prozess csrss.exe läuft zwei mal |
08.11.2012, 21:31 | #22 |
| Prozess csrss.exe läuft zwei mal ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=34fc086d9254304fb89436b0875e72aa # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-08 08:15:59 # local_time=2012-11-08 09:15:59 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1280 16777215 100 0 19631782 19631782 0 0 # compatibility_mode=5893 16776573 100 94 344114 104020254 0 0 # compatibility_mode=8192 67108863 100 0 3725 3725 0 0 # scanned=396599 # found=3 # cleaned=0 # scan_time=15355 C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\102ac9ea-72c9e694 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Torben\Desktop\SetUps\installer_scp-087.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I C:\Users\Torben\Desktop\SetUps\SoftonicDownloader_fuer_gimp.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I Welche beide ? Und was hat der Cleaner nun alles gelöscht? Wenn Malwarebyte gemeint ist hier Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.08.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Torben :: TORBEN-PC [Administrator] Schutz: Aktiviert 08.11.2012 16:52:52 mbam-log-2012-11-08 (16-52-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 298471 Laufzeit: 32 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
08.11.2012, 22:15 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei mal Wiesoll ich sagen was der gelöscht hat wenn du das Log dazu nicht postest?
__________________ Logfiles bitte immer in CODE-Tags posten |
08.11.2012, 22:18 | #24 |
| Prozess csrss.exe läuft zwei mal Wusste doch nicht welchen Log du meinst. Habe mittlerweile 10 von denen. Wo wurde der Log gespeichert? |
09.11.2012, 16:32 | #25 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei malZitat:
Und wo der adwCleaner seine Logs ablegt wurde gepostet, muss ich das x Mal posten nur weil du die Anleitung nicht nochmal lesen willst?!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.11.2012, 17:33 | #26 | |
| Prozess csrss.exe läuft zwei mal Nein das geht nicht aus dem Kontext herraus! Du hattest mir gesagt ich soll 2 Tests machen. Hab ich gemacht. Da du schon einmal die Frage nicht beantwortest hast, habe ich gedacht du tust es wieder nicht. Zitat:
(Ich weiß natürlich, dass du viel Arbeit hast. 98.000 Beiträge ) |
09.11.2012, 20:07 | #27 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei malZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
09.11.2012, 20:13 | #28 |
| Prozess csrss.exe läuft zwei mal Ich hab den Log aber nicht mehr. Müssen wir uns darum streiten? Ich würde viel lieber wissen, was mit dem ESET Scan ist. Der hat nämlich etwas gefunden.. Gruß Schnitzelfre |
09.11.2012, 21:53 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Prozess csrss.exe läuft zwei mal Wieso hast du das Log nicht mehr? Hast du es selbst gelöscht? Ohne das Log kann ich dir ja schlecht sagen was gelöscht wurde und somit ist deine Frage auch nicht richtig zu beantworten ESET hat nur was im JavaCache gefunden und dämliche installer, die mit Toolbars gespickt sind. Die installer löschen, den JavaCache Ordner einfach leeren
__________________ Logfiles bitte immer in CODE-Tags posten |
09.11.2012, 22:12 | #30 |
| Prozess csrss.exe läuft zwei mal Nadann ist mein Computer ja sauber. ZU MALBYTE: Mittlerweile ist es mir auch egal. Alles geht alles super. Danke für deine Hilfe. Für jemanden, der was umsonst macht ist das richtig nett ;D |
Themen zu Prozess csrss.exe läuft zwei mal |
acrobat update, akamai, bho, bonjour, converter, csrss.exe doppelt, desktop, excel, firefox, flash player, hijack, hijackthis, internet, internet explorer, kaspersky, launch, logfile, mozilla, mp3, mywinlocker, plug-in, prozess, prozesse, scan, security, software, symantec, system, tastatur, windows |