| |
| |||||||
Log-Analyse und Auswertung: Infizierung mit Sirefef.AHWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.01.2013, 00:38
| #1 |
 |  Infizierung mit Sirefef.AH Hallo Trojaner-Board hab heute ne Meldung von Avira bekommen Sirefef gefunden ... auf entfernen geklickt danach hing der Desktop ne Weile und danach ging ein Fenster der Benutzerkontensteuerung auf und wollte ein Flashplayer update installieren hab denn laut Anleitung den defogger gestartet ... der Restart danach dauerte ne gefühlte Ewigkeit denn OTL durchlaufen lassen gmer ist mir abgestürzt danach ging Firefox nicht mehr mbam läuft noch OTL.TXT Code:
ATTFilter OTL logfile created on: 1/13/2013 11:10:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cak\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.41% Memory free 8.17 Gb Paging File | 5.98 Gb Available in Paging File | 73.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97.66 Gb Total Space | 21.94 Gb Free Space | 22.47% Space Free | Partition Type: NTFS Drive D: | 195.31 Gb Total Space | 101.32 Gb Free Space | 51.88% Space Free | Partition Type: NTFS Drive E: | 638.54 Gb Total Space | 317.08 Gb Free Space | 49.66% Space Free | Partition Type: NTFS Computer Name: CAK-PC | User Name: Cak | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cak\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Windows\VM302Snap.exe (Vimicro) PRC - C:\Windows\Domino.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\Domino.exe () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (RT73) -- C:\Windows\SysNative\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (ZSMC301b) -- C:\Windows\SysNative\Drivers\usbVM302.sys (Vimicro Corporation) DRV:64bit: - (vvftav302) -- C:\Windows\SysNative\drivers\vvftav302.sys (Vimicro Corporation) DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys (Realtek) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (PzWDM) -- C:\Windows\SysWOW64\drivers\PzWDM.sys (Prassi Technology) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (ZSMC301b) -- C:\Windows\SysWOW64\drivers\usbVM302.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3rc1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 09:33:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 09:33:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 09:33:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 09:33:14 | 000,000,000 | ---D | M] [2012/06/01 19:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Extensions [2012/06/01 19:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013/01/05 15:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions [2010/04/29 20:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/01/05 15:34:08 | 000,533,130 | ---- | M] () (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012/11/23 15:21:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010/01/25 11:56:02 | 000,002,055 | ---- | M] () -- C:\Users\Cak\AppData\Roaming\Mozilla\Firefox\Profiles\l1avjl08.default\searchplugins\daemon-search.xml [2013/01/11 09:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/11 09:33:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/01/11 09:33:17 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/02/07 12:09:39 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011/10/12 19:18:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/31 20:24:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/12 19:18:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/12 19:18:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/12 19:18:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/12 19:18:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKU\S-1-5-21-1530812510-795291264-2146227399-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro) O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [Akamai NetSession Interface] "C:\Users\Cak\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-1530812510-795291264-2146227399-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E8056BD-A92B-46D3-93D1-A3EFAFCB861B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA4FB6C2-A7B0-4980-9E77-7E071EAEDA5C}: NameServer = 192.168.2.100 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14dadbc2-b4eb-11e0-a5d7-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{14dadbc2-b4eb-11e0-a5d7-001fd09b957d}\Shell\AutoRun\command - "" = I:\iStudio.exe O33 - MountPoints2\{7604eb40-fd5b-11e0-b31d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7604eb40-fd5b-11e0-b31d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{b04fe360-3c0f-11e0-99db-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{b04fe360-3c0f-11e0-99db-001fd09b957d}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{be4f4128-10b8-11de-b4fd-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{be4f4128-10b8-11de-b4fd-001fd09b957d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{f7b85888-d8cc-11e0-a762-001fd09b957d}\Shell - "" = AutoRun O33 - MountPoints2\{f7b85888-d8cc-11e0-a762-001fd09b957d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.html O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/13 22:55:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cak\Desktop\OTL.exe [2013/01/13 13:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/01/11 09:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/09 14:33:35 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Roaming\Apple Computer [2013/01/09 13:55:05 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 13:54:29 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll [2013/01/06 14:41:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013/01/04 23:35:18 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\Apple Computer [2013/01/04 23:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013/01/04 23:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013/01/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\Apple [2013/01/04 23:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013/01/04 23:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/12/30 22:45:22 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/12/30 22:45:22 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/12/30 22:45:22 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/12/20 20:34:23 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/20 20:34:23 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/20 20:34:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/20 20:34:22 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/18 20:02:10 | 000,000,000 | ---D | C] -- C:\Users\Cak\AppData\Local\ESN [2012/04/15 12:23:55 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Comdlg32.ocx ========== Files - Modified Within 30 Days ========== [2013/01/13 23:13:31 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/13 23:13:31 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/13 23:13:31 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/13 23:07:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/13 23:07:11 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 23:07:11 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/13 23:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/13 23:06:25 | 001,187,610 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2013/01/13 23:04:28 | 000,000,188 | ---- | M] () -- C:\Users\Cak\defogger_reenable [2013/01/13 23:02:33 | 000,365,568 | ---- | M] () -- C:\Users\Cak\Desktop\gmer-2.0.18444.exe [2013/01/13 23:00:50 | 000,050,477 | ---- | M] () -- C:\Users\Cak\Desktop\Defogger.exe [2013/01/13 22:55:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cak\Desktop\OTL.exe [2013/01/13 22:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/13 13:37:10 | 000,000,985 | ---- | M] () -- C:\Users\Cak\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/01/13 13:37:10 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/01/09 20:05:13 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001A67.LCS [2013/01/09 14:31:31 | 000,255,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/06 14:35:33 | 000,021,490 | ---- | M] () -- C:\Users\Cak\Desktop\PB_Überweisung_KtoNr0515339101_06-01-2013_1435.pdf [2012/12/30 21:51:44 | 000,001,837 | ---- | M] () -- C:\Users\Cak\Desktop\Samsung Kies (Lite).lnk [2012/12/30 21:25:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/30 21:25:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/30 20:52:56 | 000,000,972 | ---- | M] () -- C:\Users\Cak\Application Data\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk [2012/12/30 15:58:18 | 006,696,960 | ---- | M] () -- C:\Users\Cak\Desktop\RMB-Deep_Down_Below_Kodex_Remix.mp3 [2012/12/20 19:43:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/12/20 19:43:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/19 19:52:57 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/12/17 18:31:46 | 000,003,701 | ---- | M] () -- C:\Users\Cak\Desktop\BW-Ber..zip [2012/12/16 14:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/16 12:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll ========== Files Created - No Company Name ========== [2013/01/13 23:04:28 | 000,000,188 | ---- | C] () -- C:\Users\Cak\defogger_reenable [2013/01/13 23:02:30 | 000,365,568 | ---- | C] () -- C:\Users\Cak\Desktop\gmer-2.0.18444.exe [2013/01/13 23:00:50 | 000,050,477 | ---- | C] () -- C:\Users\Cak\Desktop\Defogger.exe [2013/01/06 14:35:32 | 000,021,490 | ---- | C] () -- C:\Users\Cak\Desktop\PB_Überweisung_KtoNr0515339101_06-01-2013_1435.pdf [2013/01/04 23:30:45 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/12/30 21:51:44 | 000,001,837 | ---- | C] () -- C:\Users\Cak\Desktop\Samsung Kies (Lite).lnk [2012/12/30 15:58:16 | 006,696,960 | ---- | C] () -- C:\Users\Cak\Desktop\RMB-Deep_Down_Below_Kodex_Remix.mp3 [2012/12/17 18:31:45 | 000,003,701 | ---- | C] () -- C:\Users\Cak\Desktop\BW-Ber..zip [2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012/04/22 12:48:01 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2011/12/01 11:45:50 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/12/01 11:45:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/01/09 18:02:27 | 059,398,824 | ---- | C] () -- C:\Users\Cak\avira_antivir_personal_de.exe [2010/04/28 20:59:18 | 000,000,680 | ---- | C] () -- C:\Users\Cak\AppData\Local\d3d9caps.dat [2009/03/14 23:47:31 | 000,175,104 | ---- | C] () -- C:\Users\Cak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/14 18:06:13 | 000,001,460 | ---- | C] () -- C:\Users\Cak\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006/11/02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1530812510-795291264-2146227399-1000\$9cc73127a19f09126a7981bccfb11a47\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1530812510-795291264-2146227399-1000\$9cc73127a19f09126a7981bccfb11a47\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/19 00:04:28 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/11/20 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Canneverbe Limited [2009/04/11 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\DAEMON Tools [2012/05/05 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\DAEMON Tools Lite [2012/03/25 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\FileZilla [2012/10/10 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\FOG Downloader [2012/10/30 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Foxit Software [2009/04/11 20:47:46 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\InfraRecorder [2013/01/12 00:16:00 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\IrfanView [2010/08/10 06:25:29 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\LolClient [2012/05/28 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\LolClient2 [2012/09/08 17:03:35 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\LucasArts [2009/03/15 01:57:22 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\OpenOffice.org [2012/12/18 19:53:13 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Origin [2011/02/18 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\ProtectDISC [2012/01/09 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\RavensburgerTipToi [2012/02/27 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\rosutec [2012/12/09 12:16:22 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Samsung [2009/06/01 19:34:50 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\SystemRequirementsLab [2012/08/05 10:45:19 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Temp [2012/06/01 19:55:56 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\TomTom [2012/02/22 18:59:22 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\Ubisoft [2013/01/09 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Cak\AppData\Roaming\WinTrack [2012/07/22 08:05:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp [2012/07/22 08:05:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/13/2013 11:10:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cak\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.41% Memory free
8.17 Gb Paging File | 5.98 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 21.94 Gb Free Space | 22.47% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 101.32 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive E: | 638.54 Gb Total Space | 317.08 Gb Free Space | 49.66% Space Free | Partition Type: NTFS
Computer Name: CAK-PC | User Name: Cak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 76 08 C7 F3 C5 A4 C9 01 [binary data]
"VistaSp2" = F1 2B 2F 6E E9 E1 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059B9E5F-0458-4352-8D7B-C2C5F0D94A2A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{08188ED9-EBA2-4C8F-BB8B-2863B4872591}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{103BA2FE-0BF1-4A9D-9659-23229244350B}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher |
"{16A3CA95-0999-4FDD-8C9F-FC09CD3972B5}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{16DE800F-FA5B-44C3-AC58-5B65679B7BB4}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{1B442D22-B920-443E-8760-8E5CB8521CA5}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher |
"{1BE8624B-8CF8-48CD-961A-AF4266F61C8D}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher |
"{29C9A4BB-B053-441E-B7D8-9D4BED5EB5B8}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher |
"{2A9C90CA-BCD8-46FC-AE46-1371B39FBE88}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
"{2EE4FD3B-A41E-4D48-89D6-60846FB7F44E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{32949B98-CAAE-450F-855C-D5DFAF7D0F91}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher |
"{35650932-B218-4D8B-BE3F-66D8DA38D455}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher |
"{398E9AA0-FABA-4CAB-8C7B-620705CFCE1B}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3DA51F33-1A0D-4367-9285-A79C5BD6BED6}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{54A02AF8-FBB5-4FED-A630-25F9020C5A39}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{56ACFBEA-A11D-4302-A8C4-F093FF4E6AD6}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher |
"{62E76AC4-9CCC-4015-802C-E6AF510B5F4D}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{64FFAD97-7949-44CE-9122-04548F338709}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher |
"{662F3E4F-6648-4E28-A596-C891D23550A0}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |
"{6AFF2DE8-E2D6-4140-9768-C34F719C3A59}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{7424ADDD-AC6D-4199-A82B-7EC682D5AC37}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{746BC5DD-88EF-48FC-8D54-0C60CF89C6E1}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{7D618C44-BFCF-487A-9BC1-22B4E92A6F87}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{7EC8E5D8-F58D-464E-BE0E-4176F51DB44F}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{81B4DC9A-FB88-4C21-A937-01EABA5A7EBD}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{83D33BCD-0072-429E-88A6-DE9F6C0CCDD1}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{85A7F939-EE91-471C-8061-C1CF61500468}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{8609534B-954F-4470-9C45-D72E67F59580}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{8F4A74EF-F3B6-4FD8-A3B1-2CEDDF406CF7}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher |
"{97566BF3-215D-4485-BC07-57738BBFDA75}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{9836EEAC-B78A-441D-B1BA-1D9D3140C654}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{9B01DC72-466B-4A89-9F0E-3D2CCB6AED60}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{A61EDF1D-71D3-422C-93F1-D50E4AEE9431}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher |
"{A986652F-7D60-4F6A-83F5-77BAAD81CFE1}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{B1114B17-3B16-485C-92FE-A276A6B41A70}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher |
"{B94FFD26-DD6C-492A-8A2A-8EC8B0663BF3}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{BE9785A8-8327-4CA9-824E-FC887117A97B}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher |
"{BFDB6E35-2257-4927-803F-61738D78C1BA}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{C4938FD5-7529-4645-AADE-7904F6BC3816}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{D02E09A6-3924-40A6-852D-2F5C4973F6E6}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{D15DC202-13C4-4AFD-8721-6EBDB88BC4F1}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher |
"{D6D8CFC2-4017-4929-8691-AAB77E868BFA}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher |
"{DF58A3DE-8402-47C2-9E9A-0B39FA3B880B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{DF9562DD-0F3A-4018-990A-C825BC8B73C5}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E2630D3E-7EC1-44D9-9D19-1168C11A1020}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher |
"{E4D0D7DD-C6E9-477A-9A80-1FD05266EFDB}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{E9F0F218-1A02-457D-ADB0-B945D5BCDC19}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F3C3470A-3CC9-48EB-B25F-78C28F704049}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{F67B132F-843E-4983-A362-423B0B9B3BD7}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{FCD5EF61-FD8D-4667-A755-764298F7140C}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |
"{FEA872A3-92E0-4417-9753-C90F7920514E}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EC0757-290C-4061-A867-A68C6ADEEE8D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0A0FB620-0641-49A0-A3B9-FD3920BAB62C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{0E43AC73-08AF-47A5-BB8F-C194AD2E1B0A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{0FEB7246-CF41-4919-85DD-02021B4B183F}" = protocol=17 | dir=in | app=d:\anno 1404\anno4.exe |
"{1075578C-C548-49C3-BA60-3AB6E020CBD1}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{147AC8CC-1B3D-435F-BFFC-94814E623DBD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{180E3DF4-14DD-4838-9FC9-FB5C93A54DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{19DCD7B5-C6E9-42FB-8ABB-3E912AE63DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{1FB34491-9D76-46AF-BFB5-BAA3210BF1EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1FE1AD36-BF3B-4DBC-A0C8-CB0138DC7ECE}" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{256B7BAA-B553-4BB8-BEBB-E9FD0627EC7D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{26E16189-4B65-41BA-B0E3-73D36F03535F}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{28733288-61A5-4D76-8041-203E09B21E38}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 2\monkeyisland102.exe |
"{3004732B-12D5-4B79-82AC-98D89EB463BA}" = protocol=6 | dir=in | app=d:\anno 1404\anno4.exe |
"{32FEC8BE-0F21-4F4D-8B83-DF74AAB8E8BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{33A64507-E6D1-4371-B6BB-DD64A7497707}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{3509916F-E046-428B-8EB1-CC1B979F81AD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{3558D30B-BB6C-45D5-B6ED-F6F67BC12F07}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{37F7423B-0E43-451C-BC45-AF043E8DF300}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38EB86AD-48C4-4824-A455-DEA97E25B341}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3CE7E603-77EE-44DE-8EA6-AD0B92957F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{3D6028A0-26E8-446A-A717-40D2CD623606}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{4075D48F-FF6E-45A0-A2C2-4F75C0AE1EFA}" = protocol=17 | dir=in | app=c:\users\cak\appdata\local\akamai\netsession_win.exe |
"{41858A83-894C-4839-BCF4-7BA476BCCCAD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{42490839-6B60-4C58-9AB1-C00FB02549ED}" = protocol=17 | dir=in | app=d:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{42F2D0FB-7112-4215-9963-C91E1EE5FC8E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{485827B3-18F7-411B-B12E-E5CB3BE47F27}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{49F34266-7B49-4918-8241-420102C7C1DA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-engb-downloader.exe |
"{4E7A5E91-A962-487D-8700-ED9452233824}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\jabiademo\jaggedalliancebiademo.exe |
"{4FD821ED-80C5-42CE-9081-84407B1B1E09}" = protocol=6 | dir=in | app=c:\users\cak\appdata\local\akamai\netsession_win.exe |
"{509961EF-BCEE-4AE6-B738-67D7266B5899}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
"{55F65634-495C-4FF3-A36F-ACC92F1F9692}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{5D61C2D2-B88A-4D78-AA9E-D710F5E62A47}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5D8D9001-7F7E-4F4F-B975-471F469346DC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{5DBA00CD-29C1-4C61-B256-A782AF1A8681}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{61F40945-E160-45E1-BBEF-26A905E74520}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{65397D2F-CE35-4B54-91BC-FBCFB1E258AE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{6B42FF64-18A3-4102-98AB-8918D0A2D3A2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{6C8ACBF8-0DAA-4204-8079-C805F77F2C74}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 3\monkeyisland103.exe |
"{6D054E52-B7A8-4207-883E-467995E19839}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6D22E575-D7A3-407F-9805-E9F81DD9DECC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6EE1E78A-8987-4C5A-8DD3-955E2F78A62D}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{6FDB91BB-348F-40D2-AA67-9FB22A262C88}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{70407DA0-33DE-435F-A6A0-3EF4CDBA5010}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{7217C7F3-7B28-4FB2-B5E7-2F7777FFD571}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{790F92EC-0CBA-4745-B319-984474D784F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\c.langenhahn@web.de\counter-strike source\hl2.exe |
"{7FAA6F37-9D0B-466D-94C3-BF57AA32F821}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{82CFD8CB-9A08-494C-9E90-5E02BCBF6BC4}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{86BF0B12-6FA5-4865-80F8-C2E58509356C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{8D67C057-0E34-4847-8A13-3F71CFD146DE}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{9262CC86-FC85-4FBB-BA64-A9B15CDB71B3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{99A701B7-04E1-472E-8224-5C7638D5D803}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{9DC57F02-8032-403C-AB1B-E5E393AAA34D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\jabiademo\jaggedalliancebiademo.exe |
"{9F2BA068-4169-4846-8A3D-6FC2E59D5F81}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9F6B228D-25BD-4280-8F8D-AA0BBC34348C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{A2AF22DF-7E79-481F-B5BE-9EB3D0170E16}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A91F9657-7027-45C5-9EA7-919721F7708F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{AAA058FA-C0C4-4778-86DF-1319C48557F6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-engb-downloader.exe |
"{AC9EED3A-6B8C-49BE-B7D0-46CE8BB4E1CC}" = protocol=6 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe |
"{ACD1CD2B-1B10-4760-A48D-70C13CCFBE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe |
"{ACE2F1B8-247E-4EEA-B064-F7A468F53F4C}" = protocol=6 | dir=in | app=d:\steam\steamapps\c.langenhahn@web.de\counter-strike source\hl2.exe |
"{B06BC62F-35A2-431D-9180-4E8EC75E0431}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B16F3FAE-CA96-4206-ACD9-918C1102DF04}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{BF9528DC-A4C0-4FD8-AEA6-165FC9E87684}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6F6A74F-FEF9-4763-B083-BFDE554BAF47}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 5\monkeyisland105.exe |
"{C8C1E474-3755-439B-A439-5761DB8DB3C2}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{CC5A43EB-FCD9-43DF-B2DE-485A5D8D302F}" = protocol=6 | dir=in | app=d:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{CF9AF341-4880-496C-BAB2-F6DC1C39D833}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{D444A711-3E97-472E-917A-AC417EBF86A8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 4\monkeyisland104.exe |
"{E9C822EB-39B8-4BF9-B77D-2D99AD0A9160}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{EA05B816-E828-4FFF-86C0-3A11685BC4EB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe |
"{ED96E4FF-18C5-44ED-BB9F-347E5735C3D4}" = protocol=17 | dir=in | app=d:\battlefield 3\battlefield 3\bf3.exe |
"{EE608B8D-C51A-4B7E-8990-D80232325056}" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"{F17F53CC-02E2-40B8-8FD3-54276F2B61FE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{F85B3FB4-A236-4ED8-9813-2EE7FE365447}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FDD0B838-9ECC-49D7-BD78-185355110AB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{0A6A9548-2F0F-43E1-8124-50F2EBF3D9A1}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{19825952-666A-4C31-820F-22EBB1FD5CA2}D:\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{21A9372D-FA6B-466B-A6D8-15DFAF3A8FF0}D:\railroad tycoon 3\rt3.exe" = protocol=6 | dir=in | app=d:\railroad tycoon 3\rt3.exe |
"TCP Query User{231615DF-8710-4B00-A39E-C66BC06DEA91}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"TCP Query User{266210F0-52CA-4374-AA5D-ED6F2D97E917}D:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"TCP Query User{2D81E067-AA03-4AA5-9867-9FE3AC01843A}D:\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"TCP Query User{3651F95A-0899-448A-9689-2DA366C150C0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{3B422D98-C8BD-4D36-9BDE-643155332086}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{47AD7556-FC5A-449B-9910-BED93BBAFEF6}D:\runes_of_magic_5_0_0_2535_full.exe" = protocol=6 | dir=in | app=d:\runes_of_magic_5_0_0_2535_full.exe |
"TCP Query User{52768D67-7C8A-4008-B080-77F3814E71DA}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{6F2F0D52-D096-48D2-8AAD-5F3D0C36CEF1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{76FC457E-78E3-4871-A6C4-404A39DE5442}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
"TCP Query User{7B2233E4-97A3-482B-B3CC-11D91F79D7F4}D:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{87BFB24A-976D-43DD-87FC-22A6CA0258F2}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{896EF397-6830-4A44-BAD6-7988DF35775C}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{8D874946-CEA3-451C-8E5D-7CFA0E287FD8}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{9275510A-6555-421F-8186-28B434018D39}D:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno 1701\anno1701.exe |
"TCP Query User{99336BCD-E29C-4ABB-9F08-82E2FA8B8EA7}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{9A648480-01DD-4EF1-AAFC-6B6827D4EAC5}D:\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"TCP Query User{A2E91762-2B92-4471-AC04-AA829A5BF289}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B947C281-995F-4987-8654-B2AAEF7F79CA}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{DD332D19-ADF6-43EE-9AB8-83C1D6A1309C}D:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"TCP Query User{DDB26811-85B6-4061-BE9C-FE7F8FD56E33}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{E672722F-7F7D-4769-9CD0-B9476D9DAC9C}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{F6ABFD77-B38A-488D-B4F2-CA2A1F08D147}D:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{0D01525D-F534-4759-BACA-46B37890F50A}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{0E9768DA-6A90-4F2B-975E-C8825655CFAA}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{1A1F6B0C-2248-4235-800E-8DAA01FC876B}D:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{22BE2D74-A50B-4723-B580-0CF85D3A470E}D:\runes_of_magic_5_0_0_2535_full.exe" = protocol=17 | dir=in | app=d:\runes_of_magic_5_0_0_2535_full.exe |
"UDP Query User{2CFB3E16-3389-44EF-991C-279D6425E4B5}D:\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=d:\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{2EFC8566-CB07-48F7-A45A-0E29D81C3DD2}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"UDP Query User{2F30FB1D-9C69-4D3E-B9AA-D133B56D273A}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{4814E675-FDCE-4BF8-8E43-C0A66BCDA3A3}D:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno 1701\anno1701.exe |
"UDP Query User{4AE1D5C2-922F-43F0-AF22-7C6B4E102125}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{4D5F8977-9B28-48DA-B5DD-4FB73D9D8628}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{4F0CBE65-97B4-4427-82EA-16D75577DD20}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{54DD48B6-0EB4-4536-BD82-EA299F0525D6}D:\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\shift 2 unleashed\shift2u.exe |
"UDP Query User{6E6A9448-8FD6-40A3-A1DA-BFBAE1FDFE3C}D:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{72B64D7E-0886-4FE8-BADD-451A061C0C21}D:\railroad tycoon 3\rt3.exe" = protocol=17 | dir=in | app=d:\railroad tycoon 3\rt3.exe |
"UDP Query User{731C64F6-4F3E-44E6-B841-E4DB15AE06D1}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{74EAAE46-5521-4539-97E4-E4708BDE167C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{85C30DD1-1B19-4263-9F7A-D1A4A4E214D5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{AB5928FE-22D3-4188-88C8-1D58F6EA980A}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{BB77E1E3-22BA-4CBD-A1C6-9D0FAA096A8A}D:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\anno 1404\tools\anno4web.exe |
"UDP Query User{BD3F81B6-DEBD-41E2-AF6A-1C249BC28C5D}D:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"UDP Query User{CFAD3A05-A922-48D3-B2EA-A7B29A0C1C67}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{D8CC421A-3DF3-4BB4-A5E6-6CF7630105A0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E28F8368-FAF8-4F4A-AAB2-0DE78D387437}C:\program files (x86)\samsung\intelli-studio\istudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\intelli-studio\istudio.exe |
"UDP Query User{F17246BE-D6ED-493C-BEE1-482A9C7E1EB3}D:\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"UDP Query User{FD0B9F42-CE32-4406-BC33-8F11372DBD34}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2C22EA92-CB30-4932-0046-020001000000}" = InfraRecorder 0.46 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F29E25-2B7A-43BA-AF95-D0978593F399}" = Reader for PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA version 201201
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF5A3DC-D774-4991-860E-0B4D2C372BA6}" = BenQ Web Camera
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Civilization V" = Sid Meier's Civilization V
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.4.0
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Intelli-studio" = SAMSUNG Intelli-studio
"IrfanView" = IrfanView (remove only)
"Jagged Alliance 2" = Jagged Alliance 2
"League of Legends_is1" = League of Legends
"Lernerfolg Vorschule - Capt'n Sharky" = Lernerfolg Vorschule - Capt'n Sharky
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Ravensburger tiptoi" = Ravensburger tiptoi
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 204920" = Jagged Alliance - Back in Action Demo
"Steam App 216690" = XCOM: Enemy Unknown Demo
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31180" = Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
"Steam App 31190" = Tales of Monkey Island: Chapter 3 - Lair of the Leviathan
"Steam App 31200" = Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood
"Steam App 31210" = Tales of Monkey Island: Chapter 5 - Rise of the Pirate God
"Steam App 39160" = Dungeon Siege III
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.8.4.2596
"Trackplanner_is1" = Trackplanner 1.1.12
"Uplay" = Uplay
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver
"wintrack10demo_is1" = WinTrack Demo Version 10.0 3D
"WinUAE" = WinUAE 1.5.3
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1530812510-795291264-2146227399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/14/2011 3:03:08 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:03:09 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:03:09 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:04:30 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/14/2011 3:04:31 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/17/2011 5:33:28 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0xfd0,
application start time 0x01cc5d254d25cf60.
Error - 8/19/2011 4:19:20 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0xe38,
application start time 0x01cc5ead44bb44c0.
Error - 8/20/2011 3:49:38 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x11f0,
application start time 0x01cc5f724aa1c6f0.
Error - 8/21/2011 2:05:04 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x10b8,
application start time 0x01cc602cd8629450.
Error - 8/22/2011 4:05:02 PM | Computer Name = Cak-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 6.0.0.4240, time
stamp 0x4e44985e, faulting module FOXITR~1.OCX, version 1.0.1.1113, time stamp
0x4afcef8f, exception code 0xc0000005, fault offset 0x00002ccd, process id 0x10f8,
application start time 0x01cc6106c5353560.
[ System Events ]
Error - 1/9/2013 9:30:23 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/9/2013 9:32:18 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/9/2013 9:34:46 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 1/9/2013 9:34:46 AM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/11/2013 8:40:49 AM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/11/2013 8:40:53 AM | Computer Name = Cak-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description =
Error - 1/13/2013 6:06:20 PM | Computer Name = Cak-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/13/2013 6:08:12 PM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 1/13/2013 6:09:29 PM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 1/13/2013 6:09:29 PM | Computer Name = Cak-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Cak :: CAK-PC [Administrator] 1/14/2013 12:00:17 AM MBAM-log-2013-01-14 (02-05-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 465965 Laufzeit: 2 Stunde(n), 4 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Cak\AppData\Local\Temp\hehda.exe (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Users\Cak\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) sry und gude nacht |
| Themen zu Infizierung mit Sirefef.AH |
| akamai, antivir, application/pdf:, audiograbber, autorun, avira, bonjour, desktop, down, entfernen, error, firefox, flash player, format, home, install.exe, launch, league of legends, logfile, mozilla, nvidia update, plug-in, popup, realtek, recycle.bin, registry, rootkit.0access, samsung kies, server, software, teamspeak, vista, visual studio |
Baum-Darstellung