| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.01.2013, 15:12
| #1 |
 |  Computer gesperrt GVU Trojaner Hier die dateien, hoffenlich bekomme ich schnelle hilfe  Schritt 1 ausgeführt hier Schritt 2-3 Schritt 2 : OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.01.2013 14:36:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\DATA\Downloads 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free 31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.10 14:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\DATA\Downloads\OTL.exe PRC - [2012.12.12 16:36:15 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.08.30 20:22:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\firefox.exe PRC - [2012.08.30 20:22:30 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\plugin-container.exe ========== Modules (No Company Name) ========== MOD - [2012.12.12 16:36:14 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.08.30 20:22:30 | 002,242,528 | ---- | M] () -- C:\DATA\Progamme\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 14:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.09 03:39:34 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.19 20:17:25 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.30 20:22:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.09.02 16:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01) DRV:64bit: - [2012.10.13 20:56:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 18:08:02 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2012.04.24 22:28:28 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.05.10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.10.19 13:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 9F C9 A7 34 EF CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{DCC4C677-CE06-41d8-811B-BA49DA2D36CF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=logo" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3.1 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\DATA\Progamme\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\DATA\Progamme\components [2012.08.30 20:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\DATA\Progamme\plugins [2012.04.24 22:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2012.12.12 17:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions [2012.09.20 21:50:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\battlefieldplay4free@ea.com [2012.12.12 17:52:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de [2012.12.08 21:39:45 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SmartViewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToUcamVProperty] C:\PROGRA~2\PHILIP~1\VProperty.exe File not found O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [Steam] C:\DATA\Progamme\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [zASRockInstantBoot] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BB66921-147F-41AE-9B7A-825D2BD2F90D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell - "" = AutoRun O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell\AutoRun\command - "" = E:\SETUP.EXE -autorun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 14:19:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs [2013.01.09 03:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool [2013.01.07 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.07 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.24 11:00:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64 [2012.12.16 22:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2012.12.16 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\rigonauts [2012.12.12 17:49:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.12 16:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.12 16:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.12.12 16:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\HP [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.10 14:36:05 | 000,000,168 | ---- | M] () -- C:\Users\Lukas\defogger_reenable [2013.01.10 14:19:10 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 14:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.10 14:18:12 | 4278,960,126 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 14:16:08 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 08:46:48 | 000,001,412 | ---- | M] () -- C:\Users\Lukas\Desktop\Games.lnk [2013.01.09 03:25:46 | 000,000,997 | ---- | M] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk [2013.01.07 10:43:16 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.03 16:55:42 | 008,538,422 | ---- | M] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3 [2012.12.26 10:19:20 | 000,065,024 | ---- | M] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe [2012.12.20 16:42:34 | 001,642,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 16:42:34 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 16:42:34 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 16:42:34 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 16:42:34 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 16:57:45 | 000,272,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.12 16:39:42 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.10 14:36:05 | 000,000,168 | ---- | C] () -- C:\Users\Lukas\defogger_reenable [2013.01.10 14:19:10 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 14:16:08 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 03:25:46 | 000,000,997 | ---- | C] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk [2013.01.07 10:43:16 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.03 18:23:31 | 008,538,422 | ---- | C] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3 [2012.12.28 02:50:54 | 000,065,024 | ---- | C] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe [2012.12.16 16:40:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.16 16:38:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 15:42:46 | 000,001,412 | ---- | C] () -- C:\Users\Lukas\Desktop\Games.lnk [2012.12.13 06:33:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.12.12 16:39:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.12.10 23:03:10 | 000,010,113 | ---- | C] () -- C:\Users\Lukas\AppData\Local\recently-used.xbel [2012.10.13 20:58:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.10.11 13:21:55 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2012.09.07 05:16:49 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat [2012.09.07 05:13:48 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.08.01 19:26:03 | 000,004,906 | ---- | C] () -- C:\ProgramData\gvpgdylr.gft [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.30 06:09:43 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.30 06:09:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.30 06:09:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.04.29 03:19:35 | 000,007,601 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg [2012.04.25 17:31:21 | 001,668,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.24 22:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.24 22:17:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.16 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2012.08.24 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Awesomium [2012.10.13 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite [2012.04.24 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DeviceVm [2012.04.26 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Hi-Rez Studios [2012.08.17 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Kalypso Media [2012.04.26 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient [2012.05.25 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient2 [2012.07.10 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World [2012.12.02 02:20:49 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin [2012.12.16 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\rigonauts [2012.07.31 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\RotMG.Production [2013.01.03 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer [2012.04.25 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay [2012.12.24 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64 [2012.05.22 03:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net [2012.09.04 21:21:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Waveform [2012.10.13 00:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\xrecode2 ========== Purity Check ========== < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.01.2013 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\DATA\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free
31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\DATA\Progamme\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE2040-34F0-40BE-A349-D2304DF8F93A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EC3EC63-5C89-4522-AD64-33DA747225EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4853EA97-BA25-41DD-BECA-71AF0E6C6119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB5EE3E-F1A2-4D2D-8885-3A6627CD50A0}" = lport=56905 | protocol=17 | dir=in | name=pando media booster |
"{68339B0E-C363-46FF-9A76-3ACA3033DDCA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84FD3E62-84F9-4768-A392-76DC02843D8E}" = lport=56905 | protocol=6 | dir=in | name=pando media booster |
"{85D01122-E2D1-456A-9AE0-D871164FAE0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91A24CB9-9C3F-4F6E-9331-7458F3122C5B}" = lport=56905 | protocol=6 | dir=in | name=pando media booster |
"{C96E5E2B-6DA5-42B9-BE4D-27732E98519A}" = lport=56905 | protocol=17 | dir=in | name=pando media booster |
"{D9723B78-A2D7-4FA3-AFB3-F202CC595CCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F127044F-B0D5-4C17-A222-B9DF56439FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3AAB98C-7AD3-4FFE-A9B8-6C8A03701480}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCF8AEA3-F82E-4C02-8AC3-DD010F7803AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0190B8F2-ECF6-49F0-A62E-87878CEF3EA7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{0203D484-2278-4668-9108-40394BD7C1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{02BFE566-5BA0-43C3-B257-EEB4EECE265B}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe |
"{038AB480-DA16-4110-B38D-F76788B9C69C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{03D2A100-FA27-4C92-BD6F-B8B392EBF675}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0417E220-12F9-4232-AC3B-621EE77E5994}" = dir=in | app=c:\data\progamme\itunes\itunes.exe |
"{054CB269-90BE-45B7-8060-8466987D5D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{067879F2-A7CC-488A-8B6F-00D28B21D4EA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe |
"{08D27C94-92CF-4330-8FB9-B82126EB0BEE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{0ADB434F-19E4-40E1-838E-E012C673E109}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E6308B6-2B2A-4DC9-9C0C-7F5DFE26ECFC}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe |
"{0EF77934-BE18-40E4-AF70-B71DF45E4C8E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{0F035D16-99B3-4C8C-B635-097FD84FE069}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{10749F9E-6C86-47AE-98BE-F057F52055C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1131B5A3-3D4D-425A-956D-994979141F7E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steam.exe |
"{12557F05-063E-4650-91F0-FFDE27DB96B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{137C95E6-0315-4DAA-889A-AFCACD9D9242}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{147F09DA-8F37-4994-8E5E-C40D865B8234}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{180DC147-ED24-46BC-9593-364FA9A1F979}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{19DE4522-2F79-4066-9C9D-AA5206E564F2}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe |
"{1B3124DA-3C20-456D-9883-A3AA3E46AA40}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B643765-5A40-4B2D-BCCF-9D60F30CBF80}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe |
"{1DDF788D-D6B6-41C9-A41F-2D109E584F39}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{20681CEA-7C2F-4983-9C6F-C24DC303FFDA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{24116389-180C-4F2B-836A-ADBA00ABAE9A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{28248E69-2246-4A45-890F-06D359FAFD05}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{2A45CFE2-3CC4-4CC7-9743-029064974F0A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe |
"{2AC7AC05-005F-4106-989A-6BB679A3771F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe |
"{2E155F36-DBD8-4E3F-A597-471F9C4ED2E9}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe |
"{30169DE0-C222-4E60-BA97-58851833FF3D}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{3299061F-F72A-4736-9491-6B833C673B71}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe |
"{3418DB52-C718-426D-A61F-D4A560231DD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E2D0B5-84D8-464A-8A01-DB6C83CB9699}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe |
"{3C79D155-5252-4A06-9EC8-380925769A39}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{3DCE2C08-3C37-4CF8-86A1-C34C65485A58}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe |
"{40E7A826-61A8-41F6-A3F8-422F000498CE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe |
"{41A8163C-2015-4731-A78A-2C44CE1FA73D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe |
"{45C51373-81BC-467F-9ABA-3F46429619E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C0A4C31-1FB6-406D-80AE-34E78B0DE7F0}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe |
"{4D32492B-85F0-419F-98EF-3CED400EE134}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4D414EC4-2917-48C7-B4B1-D29A35350AEC}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe |
"{4EF4BC53-C732-4424-9880-6C6A414F159F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{51979352-BB4F-4D05-8381-7E1F773C49D2}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{53A62015-A753-44FA-8DF9-BD14CDBE854C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{54DB65B3-B6D5-4B08-9F7F-4D2784AA0261}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{59644C8C-284A-4CE6-BE2C-F3403281095B}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{5B81157B-186C-4B20-ABB8-40B2A8BE4FAB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{5C425B7A-7ED4-4286-A5B1-2C90BC2C7088}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5CED1244-9D9B-4647-A008-9175C1383296}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{5E6FB4E9-D0F5-4B1A-9AC2-9D7EC5C0550E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe |
"{60CCCB52-274E-4246-B7B3-01E4995F2EE5}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{6357F36D-D6BE-41FF-BBE6-C833B3B749F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{65A09951-2877-40EE-AB34-13DB08EC8EA8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{67149AB3-EC03-4BB4-8AFE-2887498BA979}" = protocol=6 | dir=out | app=system |
"{6EA5A4FB-1833-45E7-A5FF-E304BAD43C4A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{6F792640-08EB-4F5C-A195-C5B981F4D879}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71446CB9-715F-47B1-84D7-0BA6FF18357C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe |
"{7334230A-9E98-40D6-944C-2B87A3140A0F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steam.exe |
"{78151A80-57E3-4CED-8B08-F07F3082EFCA}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe |
"{7AEE5DD1-D1B8-460B-B48A-50F8A724EEEE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe |
"{7E1FD1AB-BE88-4487-872B-FF2238DCD253}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{8E669FBA-0840-466A-8F81-776E9C66A280}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{9132ACDF-4439-4353-9E31-ECCCFB4D7BE1}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe |
"{9564CCBD-D838-41BB-8FDA-41190B6032E3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{96A05312-06E3-4CCC-85D9-3A7E30A2B9B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C8D6F85-0ABF-43AF-9E77-5000B9FC12E8}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{9D43AFAE-E749-4A88-A059-39D5FAB2A77D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{A0AD4644-E593-4F5C-A68A-B55E64061EFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A205872A-79F9-4122-89CF-8C3138D67903}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe |
"{A3C546A1-9207-431D-8605-BABC8DDA09E4}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
"{A517AB83-E68C-4C0B-B4E4-2FADB9F31202}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A8097684-8BB1-44A8-9264-D041F27E54C0}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{A852320D-D3E9-46D0-B8CA-BD5F6AA1A406}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
"{A9B67152-2068-43EF-844C-21FA52FEF823}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9F205D2-2667-47A7-A337-C70EDA5D83B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE565B2-B43F-4ED2-BD75-60563BA73C62}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe |
"{AB7E949A-865C-45F1-BFA7-A0026E550E4C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe |
"{AF4E6237-6174-49D4-AB84-00A1F00E9751}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe |
"{AFFF83BA-18B9-423C-BDC8-45AAAA4B8B2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1D270FD-7C67-49F1-8786-559713DBA08B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2639FBF-8E3C-470F-BFFF-26E7E68E25A3}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B4F60EED-E4E8-4FC7-8AE9-5BA0079EBA63}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B63C5DD4-4D47-42EA-940B-8A5B5E5A49D3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{B6DAA123-779C-4814-86A4-1CAF3D326293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B86D52AF-1113-4E8C-8B57-475161515252}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB972050-0565-40DF-B99D-8302EC06660F}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe |
"{BC64734E-FA47-4E67-9F1F-F5DEBB53A39A}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{BC75740F-B164-4F46-8A23-3AC881B7307C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA063AC-45DC-48FD-852D-446503AF3645}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{C013A593-30F0-436C-9518-B03047118751}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe |
"{C3462BFA-0E31-4D16-A97B-E39D1742F6AF}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe |
"{C4234DE6-1929-4E60-8D21-3ECBA76CD9D1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe |
"{C523D03E-8B25-431A-A625-367DF02A29A7}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{C56CEA91-0C44-45CD-97AA-EAAD93FEAB49}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C5E36664-0A48-419D-9A1F-7E4648459085}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6432406-826D-4BDB-B4F0-8A9544AFB8AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9B0AE29-6707-4088-850B-99A8D87F5A84}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe |
"{CA93C3D4-3D5D-4B07-B913-7700F8403613}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe |
"{CBDB54C0-192D-46AB-9C24-15A5A8924C74}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe |
"{CDDAC86D-365A-4085-AB49-EB0380A238E8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe |
"{D27EDAF2-F702-424A-883D-7565FE729812}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe |
"{D3663536-245E-4BD0-886B-44C7955122A0}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe |
"{D79F4617-D2E4-4F69-B322-2E6601FE5C20}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{DBCAC44A-F05E-4861-A3F5-3BE1E3619D36}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe |
"{DE2D95BA-6690-4B60-8090-606288D49D14}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe |
"{E1A1BF54-9009-4296-AEBB-02A190D3555F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe |
"{E22CB3E4-CCAD-48BD-84CC-BCA94A994B73}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E4ACAEF2-CA5D-4C61-B8F6-07D666E2A9AB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe |
"{E54A591E-AD3C-4F04-8F6E-49829A43A02E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E6A5DFB0-703E-47BF-A640-633A3B277E31}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{E765D956-AD38-4AA3-970A-1A7141E3E688}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E87DF3A5-37B2-4913-9CDC-0A8D45ED24DE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{E8DF7E13-06ED-4EBA-9F00-2FC504A61F10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9442BAF-FB3A-46DB-933E-E6ACF91C5B64}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{EADAA737-9A9F-4CEC-A66F-0F7573FB7E78}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe |
"{EBBFE10F-47AB-4961-97DE-FBF094143189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC7ECCD9-DAB8-4B58-9C49-786259809554}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{ECAD743F-F842-441E-A030-84F91364F9F3}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe |
"{EE3AC968-C025-4F85-BE63-029BC4B92EE1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe |
"{EE6F1269-3EEA-4512-A15A-9A76A73FE16B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EFBB2FB6-50C2-4535-9764-ED3785BF5F37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F509185C-4520-427A-BCDC-E05084AEB8C3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe |
"{F8FCF343-04A1-4587-80A4-B05ED07D9238}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{FBFEDCE2-5162-4489-A1EF-5D3869884339}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe |
"{FD0636D0-317A-4E11-BD50-4868A7DFCCD7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe |
"{FF347AF1-B9BC-4AB1-B2E0-551D4F1CD649}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe |
"TCP Query User{089F8B7B-F6ED-484B-8369-DA1B28DE2FF3}C:\data\progamme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe |
"TCP Query User{0A408394-58E4-46A2-8564-4FD1B8CA8713}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=6 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe |
"TCP Query User{2F5883D6-1A81-4DBE-AB75-AD648BF9DE6A}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe |
"TCP Query User{3D67F211-2568-4898-8D25-272284E2FB6A}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=6 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe |
"TCP Query User{40831D31-4DB7-4BAC-B7D8-9B0D58F99C7A}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"TCP Query User{63C74B8C-FD23-482B-B509-D56A7AEFDEA2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{6400BBF9-0FE9-4774-9AFA-93A0374B3F47}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{6E48422A-9680-4E80-9FB8-D6CE6987B421}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{706A6F1E-4B2B-4F1B-84EA-5EA36F241A73}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{74BE9F20-4675-4F01-AF90-140A10FD3A0B}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll |
"TCP Query User{89782CF8-015D-4147-9241-BB3ADE8B5994}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe |
"TCP Query User{8E5467FA-6F31-4CE6-98DC-B3DD2A8CBED7}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe |
"TCP Query User{AF218AB9-D336-45FC-B52F-9D9F86A6FD54}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{B6BB53DB-AD48-43E0-8135-C9FC5C45BF62}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe |
"TCP Query User{BA959F43-76EC-475B-A32D-5345647848CF}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"TCP Query User{D07BA925-C062-43FC-A835-2B8160A3D3A1}C:\users\lukas\desktop\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe |
"TCP Query User{D685C2B6-C8EB-4748-BA47-EECD7372D4C0}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{D8D4A8A1-0B1C-4C72-8884-313DA74C25C9}C:\data\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\data\downloads\gw2.exe |
"TCP Query User{FEA8B25D-8682-47C4-AC62-A346D5E5475B}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{01E22073-96A3-4A3C-9A5B-25F73D425BAF}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=17 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe |
"UDP Query User{02E6F9EE-7D7A-44EB-A34D-CC4579A23116}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe |
"UDP Query User{0BA2A206-C4E5-413D-B690-4BC66CD376E0}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll |
"UDP Query User{0D7E25BD-54B4-4EFE-9891-CB96E7B23825}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"UDP Query User{188DEA46-6328-4664-8E15-3D4DB841E66F}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe |
"UDP Query User{29DBB655-DDB1-4DD1-9C91-2D49B831D625}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{3C12D5CB-E89C-47C2-A140-FAD9DA97E53F}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{591D5530-2393-450E-836B-3F3384242485}C:\users\lukas\desktop\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe |
"UDP Query User{5ECBE185-8628-434B-BEB3-A8E26ED8C778}C:\data\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\data\downloads\gw2.exe |
"UDP Query User{68F1F29B-8317-4FAE-99C2-89EEA5B56602}C:\data\progamme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe |
"UDP Query User{6FFC0810-98DD-4A47-BCCF-06ABF3947BCC}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{83DDCCBF-51D2-4362-AA4E-FBDCF0D33C64}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe |
"UDP Query User{93B69857-7F1C-4EFF-8424-5707512427D8}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"UDP Query User{950998F5-55B3-4F34-8872-31AA7A6CEE50}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"UDP Query User{A641D2E8-473B-400D-AD66-A5231BF119F2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{A6EA7BA9-FD03-40B9-BA62-0728FE4BD863}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=17 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe |
"UDP Query User{AF18B27F-765C-44F1-90A9-D780991977C4}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{CCF00E5C-89D4-437D-8CA5-E90EDAFB6B1C}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{E3455D83-A002-4C2D-9370-C35F0079B7ED}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF37555F-0259-43DA-B60C-47106FA14AA3}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1A5F9CA096C1264148686D01FA64ECB1852A1E78" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (05/20/2009 1.0.5.12)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"762FBE60B6E852506898A9D54562361A617C7E54" = Windows-Treiberpaket - Philips (spc999) Image (12/14/2009 1.00.0.0000)
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"D14E3E22BA930CC9B10285B356F09450E31F774E" = Windows-Treiberpaket - Philips (VM20d7) Image (08/02/2010 300.2000.4001.07)
"E019BCB59D66D62DD242667429C00BE4DE496F93" = Windows-Treiberpaket - Philips USB (12/14/2009 1.00.0.0000)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.195
"{C448EA30-BB7F-4D42-83BC-385EBA140AF2}" = SmartView for IE
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC32F34C-9DF6-4468-B53A-BAEBE4CD9F22}" = Philips SPZ3000 Webcam
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E933F71E-E82C-4E65-81FF-C6FC07E5DB4E}" = Philips ToUcam Fun Camera
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDAC90A7-D34A-47D2-A644-BE5356C5F409}" = Philips ToUcam Pro Camera
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.28
"Battlelog Web Plugins" = Battlelog Web Plugins
"BOSS" = BOSS
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Hitman: Contracts" = Hitman: Contracts
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Steam App 10" = Counter-Strike
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 111400" = Bunch Of Heroes
"Steam App 113200" = The Binding of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 17020" = Global Agenda
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17410" = Mirror's Edge
"Steam App 200210" = Realm of the Mad God
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 200710" = Torchlight II
"Steam App 204180" = Waveform
"Steam App 204360" = Castle Crashers
"Steam App 214100" = Rigonauts
"Steam App 22350" = BRINK
"Steam App 22380" = Fallout: New Vegas
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 240" = Counter-Strike: Source
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 39500" = Gothic 3
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 39690" = ArcaniA – Gothic 4
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 55100" = Homefront
"Steam App 570" = Dota 2
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 65540" = Gothic
"Steam App 65610" = Arcania: Fall of Setarrif
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 92000" = Hydrophobia: Prophecy
"Steam App 96800" = Nexuiz
"XFastUsb" = XFastUsb
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Lukas)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2012 12:05:18 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SoftwareUpdate.exe, Version: 2.1.3.127,
Zeitstempel: 0x4de6dd5a Name des fehlerhaften Moduls: ts3overlay_hook_win32.dll,
Version: 3.7.8.0, Zeitstempel: 0x5075d352 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000289d6 ID des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung:
0x01cde1f076f90852 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Apple
Software Update\SoftwareUpdate.exe Pfad des fehlerhaften Moduls: C:\DATA\Progamme\TS3\plugins\ts3overlay\ts3overlay_hook_win32.dll
Berichtskennung:
b5b06003-4de3-11e2-b748-bc5ff41ef57a
Error - 24.12.2012 21:19:19 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
0x50d8f591 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x3768fd24 ID des fehlerhaften Prozesses:
0x1208 Startzeit der fehlerhaften Anwendung: 0x01cde23dd6a1b0bb Pfad der fehlerhaften
Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
1acb8167-4e31-11e2-b748-bc5ff41ef57a
Error - 24.12.2012 21:19:35 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
0x50d8f591 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x377cfd24 ID des fehlerhaften Prozesses:
0x17c0 Startzeit der fehlerhaften Anwendung: 0x01cde23de1af32df Pfad der fehlerhaften
Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
241bfb49-4e31-11e2-b748-bc5ff41ef57a
Error - 26.12.2012 12:40:46 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.12.2012 15:09:44 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1595.686 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd4 Startzeit:
01cde39bade6ac89 Endzeit: 12 Anwendungspfad: C:\DATA\Progamme\Steam\Steam.exe Berichts-ID:
cd2754e4-4f8f-11e2-9fe5-bc5ff41ef57a
Error - 27.12.2012 22:50:00 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: b80 Startzeit: 01cde4a08e468afb Endzeit: 4 Anwendungspfad: C:\DATA\Progamme\Leage
Of legends\RADS\projects\lol_air_client\releases\0.0.0.229\deploy\LolClient.exe
Berichts-ID:
435d7716-5099-11e2-abe7-bc5ff41ef57a
Error - 28.12.2012 12:24:58 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.12.2012 22:23:48 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.01.2013 16:24:06 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.01.2013 11:29:14 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.152,
Zeitstempel: 0x50d067ea Name des fehlerhaften Moduls: League of Legends.exe, Version:
1.0.0.152, Zeitstempel: 0x50d067ea Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a553a
ID
des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0x01cdea90267e7440
Pfad
der fehlerhaften Anwendung: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
of Legends.exe Pfad des fehlerhaften Moduls: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
of Legends.exe Berichtskennung: 7e5b3cd3-5683-11e2-92d8-bc5ff41ef57a
[ System Events ]
Error - 23.12.2012 15:52:23 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 24.12.2012 05:53:46 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 25.12.2012 07:02:11 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 26.12.2012 06:41:55 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 27.12.2012 09:27:35 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 28.12.2012 10:20:09 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 28.12.2012 19:12:37 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.12.2012 07:30:20 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 30.12.2012 07:42:56 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.12.2012 09:07:22 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
< End of report >
Log vom GMER GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-10 15:05:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fxroquow.sys ---- Threads - GMER 2.0 ---- Thread C:\Windows\System32\svchost.exe [1408:2020] 000007fef609239c Thread C:\Windows\System32\svchost.exe [1408:1696] 000007fef8339688 Thread C:\DATA\Progamme\firefox.exe [1084:1344] 0000000070ab0519 Thread C:\DATA\Progamme\firefox.exe [1084:716] 0000000077932e25 Thread C:\DATA\Progamme\firefox.exe [1084:1112] 0000000070aaf186 Thread C:\DATA\Progamme\firefox.exe [1084:1564] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:880] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1176] 00000000739062ee Thread C:\DATA\Progamme\firefox.exe [1084:1640] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1420] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1424] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1872] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1868] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1256] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1492] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1500] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1836] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2032] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1576] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1824] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1652] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:756] 0000000077933e45 Thread C:\DATA\Progamme\firefox.exe [1084:824] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1364] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1340] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1996] 0000000073fd32fb Thread C:\DATA\Progamme\firefox.exe [1084:1348] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2632] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2060] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1264] 0000000077933e45 Thread C:\DATA\Progamme\firefox.exe [1084:2204] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2388] 0000000076c0d864 Thread C:\DATA\Progamme\firefox.exe [1084:2416] 0000000077933e45 Thread C:\DATA\Progamme\firefox.exe [1084:2472] 0000000071bf27c1 Thread C:\DATA\Progamme\plugin-container.exe [528:1560] 0000000070aaf186 Thread C:\DATA\Progamme\plugin-container.exe [528:1080] 000000006f36ea20 Thread C:\DATA\Progamme\plugin-container.exe [528:1148] 000000006f36ea20 Thread C:\DATA\Progamme\plugin-container.exe [528:1552] 0000000077932e25 Thread C:\DATA\Progamme\plugin-container.exe [528:124] 0000000077933e45 Thread C:\DATA\Progamme\plugin-container.exe [528:428] 000000006f36ea20 Thread C:\DATA\Progamme\plugin-container.exe [528:584] 000000006f36ea20 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1408] 000007feff3b0000 ---- EOF - GMER 2.0 ---- ^ HATTE firefox zu , process war noch da! hoffe das macht keine probleme Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Lukas :: LUKASTOWER [Administrator] 10.01.2013 14:19:57 mbam-log-2013-01-10 (14-19-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205913 Laufzeit: 3 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Lukas\Desktop\asdasdasd.exe (Trojan.Agent.PS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lukas\wgsdgsdgdsgsd.exe (Trojan.Fakesig) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ^Malware bytes Geändert von craphere (10.01.2013 um 15:22 Uhr) Grund: auf ansage |
| Themen zu Computer gesperrt GVU Trojaner |
| adobe, bho, bonjour, computer, defender, error, explorer, flash player, format, gesperrt, grand theft auto, helper, install.exe, launch, logfile, malware bytes, mozilla, nexus, pando media booster, plug-in, programm, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, teamspeak, udp, wgsdgsdgdsgsd.exe, windows |
Baum-Darstellung