|
Plagegeister aller Art und deren Bekämpfung: Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2013, 19:26 | #1 | |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? So - nu hat es mich auch erwischt... Da ich mal nachschauen wollte ob die Telekom denn nun auch brav die "Highspeed" Option in meinem Vertrag deaktiviert hat habe ich bei der letzten eMail mit der Rechnung das PDF aufgemacht... Es gab eine Fehlermeldung dass ein Font nicht gefunden wurde und es wurde auch sonst nicht viel Angezeigt. Holla - dachte ich... Daraufhin hab ich mir die eMail genauer angesehen... Gegoogelt... Bingo... Fake... das PDF wohl präpariert... Zitat:
Passend dazu und wie verabredet meldet sich direkt drauf Acrobat Reader und will ein Update Und nur wirds richtig "Lustig" ... Daraufhin speichere ich das PDF um es mal an Norton zu schicken (habe Norton AV) und prompt "mööp Malware - File in Quarantäne" ... Ahja - Danke ! Die Recherche in den Settings meines Virenscanners ergab dann auch prompt, dass die Office Integration aus war und damit vermutlich auch der Schutz im Outlook Also entweder hab ich mir schon vorher was eingefangen oder irgendwann mal gepennt und vergessen das wieder einzuschalten, nachdem ich ein Fehlalarm bei einem Attachment bekommen hatte... Sorry für den langen Text aber die Historie ist mir in dem Fall wichtig weil: - Norton findet jetzt nix - auch nicht bei nem Full System Scan oder mit ihrem "power erazer" (der Name ist eigentlich ein Grund ein anderes Produkt zu nehmen) - Malwarebytes findet auch nix (Vollständigen Suchlauf durchführen) - Meinen Adobe Acrobat halte ich eigentlich auf dem neusten Stand und der nun von Norton gefundene "Trojan.Pidief" baut wohl auf einen uralten Exploit... Acrobat war als zumindest schon auf Version 11.0.0 - Desinfec't bekomme ich leider nichts zum laufen - hat Probleme mit meiner Grafikkarte (Gtx670) Gibt es einen Weg Gewissheit zu bekommen - zumindest was genau diesen Übeltäter betrifft ? Das verdächtige PDF hab ich mal angehängt... Geändert von cosinus (26.01.2013 um 22:54 Uhr) Grund: Anhang entfernt |
25.01.2013, 21:12 | #2 |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Anmerkungen:
__________________- Ich meine "natürlich" nicht Adobe Acrobat sondern Adobe Reader - Malwarebytes entsprechend der Anleitung laufen lassen (und findet wie gesagt nix) - aswMBR hängt sich leider auf beim Scan mit AVAST engine (irgendwo im global assembly cache bei Microsoft.VisualStudio.Tools.Applications.) |
25.01.2013, 21:12 | #3 |
/// Malware-holic | Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Hi
__________________würdest du mir mal freundlicher weise sagen, warum du hier ein PDF anhängst, welches Schadsoftware enthält und worauf jeder nutzer klicken kann um es zu laden und auszuführen? Schau dir bitte auch immer deine Mails an, die erkennt man doch klar als Spam, keine Umlaute zb. Wenn du in zukunft Spam erhältst, leite ihn bitte an die in meiner Signatur angegebene Adresse. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
25.01.2013, 21:37 | #4 | ||||
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Also als aller erstes mal vielen Dank dass du versuchst mir zu helfen ! Zitat:
Zitat:
(https://www.wintotal.de/tipparchiv/?id=1679) Wenn ich dass dann hier reinkopiere siehts nochmal ein wenig schlimmer aus... Dazu hat der Betrag auf 10 cent mit dem übereingestimmt was ich erwartet habe UND die eMail kam ein paar Tage nach der echten - die ich mittlerweile gefunden habe Irgendwann erwischt es halt jeden mal... Ich kann behaupten, dass ich vorsichtig bin und mir seit 10 Jahren nix eingefangen habe - aber irgendwann ist halt jeder mal unaufmerksam Zitat:
Zitat:
Und nochmal danke ! |
25.01.2013, 21:57 | #5 |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Anmerkung: Wärend des Scans hat Norton einmal gemeckert und wieder den Trojan.Piedief gelöscht.... OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.01.2013 21:39:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\FirefoxDownload 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 4,55 Gb Available Physical Memory | 57,39% Memory free 15,84 Gb Paging File | 12,33 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,74 Gb Total Space | 16,74 Gb Free Space | 17,13% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 268,72 Gb Free Space | 90,15% Space Free | Partition Type: NTFS Drive H: | 346,16 Gb Total Space | 173,45 Gb Free Space | 50,11% Space Free | Partition Type: NTFS Drive L: | 140,73 Gb Total Space | 55,49 Gb Free Space | 39,43% Space Free | Partition Type: NTFS Drive M: | 1,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Z: | 6985,94 Gb Total Space | 4857,92 Gb Free Space | 69,54% Space Free | Partition Type: NTFS Computer Name: MAINFRAME | User Name: dirk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.25 21:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\FirefoxDownload\OTL.exe PRC - [2013.01.19 09:45:25 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.19 06:59:19 | 001,354,736 | ---- | M] (Valve Corporation) -- H:\Windows7\steam\steam.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe PRC - [2012.11.22 16:35:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.15 10:17:08 | 003,491,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.05.14 10:28:38 | 000,164,168 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2012.05.14 10:28:36 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2012.04.27 21:25:04 | 001,173,680 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2012.04.27 21:23:54 | 005,924,008 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.04.27 21:22:54 | 000,403,656 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2012.04.27 21:22:12 | 005,993,136 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012.04.10 14:41:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.04.10 14:41:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.04.10 14:41:40 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.01 20:09:48 | 000,160,256 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2012.01.05 02:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.12.04 16:01:26 | 004,721,224 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2010.11.25 11:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.09.17 18:13:08 | 000,067,584 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\G19_Retro_Clock\Retro_Clock.exe PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.05.05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010.05.05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.02.23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.02.03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe PRC - [2007.11.19 10:19:00 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE ========== Modules (No Company Name) ========== MOD - [2013.01.19 09:45:28 | 000,647,168 | ---- | M] () -- H:\Windows7\steam\sdl.dll MOD - [2013.01.19 09:45:25 | 020,320,240 | ---- | M] () -- H:\Windows7\steam\bin\libcef.dll MOD - [2013.01.19 09:45:25 | 001,100,800 | ---- | M] () -- H:\Windows7\steam\bin\avcodec-53.dll MOD - [2013.01.19 09:45:25 | 000,969,640 | ---- | M] () -- H:\Windows7\steam\bin\chromehtml.dll MOD - [2013.01.19 09:45:25 | 000,192,000 | ---- | M] () -- H:\Windows7\steam\bin\avformat-53.dll MOD - [2013.01.19 09:45:25 | 000,124,416 | ---- | M] () -- H:\Windows7\steam\bin\avutil-51.dll MOD - [2013.01.12 15:02:19 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll MOD - [2013.01.12 15:02:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\521a6a2a0bdc82ad5f0ec5aecb6b8c82\IAStorCommon.ni.dll MOD - [2013.01.11 20:33:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 20:33:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.11 20:33:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 20:32:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 20:32:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 20:32:53 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 20:32:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 20:32:50 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.09.30 12:29:56 | 000,072,416 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\zlib132.dll MOD - [2012.09.30 12:29:52 | 000,392,416 | ---- | M] () -- C:\Program Files\TortoiseGit\bin\libgit232.dll MOD - [2012.05.30 15:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.2.1.33\wincfi39.dll MOD - [2012.05.14 10:28:38 | 000,164,168 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2012.05.14 10:28:36 | 000,405,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2012.05.01 15:06:16 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2012.05.01 15:06:10 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2012.05.01 15:05:54 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2012.05.01 15:05:44 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2012.05.01 15:05:36 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2012.04.27 21:21:52 | 013,005,104 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2012.02.23 04:29:38 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2012.02.23 04:29:32 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2012.02.23 04:29:26 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2012.02.23 04:29:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2012.02.10 05:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.30 16:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2011.04.30 16:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.17 18:13:08 | 000,067,584 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\G19_Retro_Clock\Retro_Clock.exe MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.03.26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2006.06.09 15:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.03.07 01:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011.11.09 16:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2010.11.25 11:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.19 09:45:25 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.18 21:13:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe -- (NCO) SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe -- (NAV) SRV - [2012.11.22 16:35:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.15 10:17:08 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.04.27 21:23:54 | 005,924,008 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.04.27 21:23:22 | 001,133,360 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.04.10 14:41:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.04.10 14:41:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.04.10 14:41:40 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.27 08:22:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.02.27 07:53:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.02.01 20:09:48 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011.12.21 17:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011.11.15 17:44:36 | 002,155,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.11.25 11:06:27 | 000,487,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Downloaded Program Files\DM.0\DMService.exe -- (DMService) SRV - [2010.10.21 16:52:26 | 000,586,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.10 11:04:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.25 18:33:34 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311) DRV:64bit: - [2012.11.28 20:08:15 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.10.09 02:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.10.04 02:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.10.04 02:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\symds64.sys -- (SymDS) DRV:64bit: - [2012.09.07 03:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2012.09.07 02:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.09.06 19:05:08 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012.09.06 18:40:52 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccsetx64.sys -- (ccSet_NST) DRV:64bit: - [2012.08.20 20:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\ccsetx64.sys -- (ccSet_NAV) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.15 10:17:09 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.05.15 10:17:07 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.05.15 10:17:05 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.05.15 10:17:04 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.05.15 10:17:04 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) DRV:64bit: - [2012.05.15 10:17:03 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.05.15 10:17:02 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.03.15 19:57:28 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2012.03.09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.01 21:09:48 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2012.01.06 09:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.05 02:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.05 02:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.05 02:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.15 16:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.12.06 02:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.01 20:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2010.11.30 21:43:40 | 000,041,128 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.16 18:21:38 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid) DRV:64bit: - [2010.08.16 18:21:34 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda) DRV:64bit: - [2010.08.16 18:21:30 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE) DRV:64bit: - [2010.08.16 18:21:26 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5) DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010.03.18 09:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2010.03.18 09:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.10 09:44:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2009.11.10 09:44:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.11.10 01:46:02 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2009.09.21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.07.01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.14 08:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.05.11 23:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:64bit: - [2009.04.08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2008.05.14 09:46:22 | 000,033,600 | ---- | M] (X-Rite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XrUsb64.sys -- (X-Rite) DRV:64bit: - [2008.01.19 05:28:36 | 000,033,792 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irstusb.sys -- (STIrUsb) DRV - [2013.01.16 08:16:01 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130125.004\ex64.sys -- (NAVEX15) DRV - [2013.01.16 08:16:01 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130125.004\eng64.sys -- (NAVENG) DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.11.27 16:45:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.11.27 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220) DRV - [2012.08.20 20:33:41 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.05.14 10:28:36 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2010.12.01 20:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 45 5A 6C B4 F4 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {C206A9A1-5A06-4885-8EE8-F7DD9F144C8E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C206A9A1-5A06-4885-8EE8-F7DD9F144C8E}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4rc2 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%202 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012.11.28 20:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2013.01.25 18:52:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 21:13:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.25 17:14:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 21:13:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.25 17:14:49 | 000,000,000 | ---D | M] [2010.10.30 15:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dirk\AppData\Roaming\mozilla\Extensions [2010.10.30 15:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dirk\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.01.25 17:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dirk\AppData\Roaming\mozilla\Firefox\Profiles\9zuaxvau.default\extensions [2013.01.11 20:32:31 | 000,347,812 | ---- | M] () (No name found) -- C:\Users\dirk\AppData\Roaming\mozilla\firefox\profiles\9zuaxvau.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.01.25 17:08:15 | 000,533,513 | ---- | M] () (No name found) -- C:\Users\dirk\AppData\Roaming\mozilla\firefox\profiles\9zuaxvau.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.01.18 21:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.18 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.18 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.18 21:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.11.28 20:10:17 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPLGN [2013.01.18 21:13:19 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\dirk\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [Easy-Hide-IP] C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [Norton Download Manager{NAV_prod_1.5.30_18.1.0.37}] C:\Users\Public\Downloads\Norton\{NAV_prod_1.5.30_18.1.0.37}\NAVDownloader.exe /m File not found O4 - HKCU..\Run: [Polar Sync] File not found O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Users\dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: raiffeisen.ch ([webaccess] https in Vertrauenswürdige Sites) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://webaccess.raiffeisen.ch/InternalSite/WhlCompMgr.cab (Forefront UAG client components) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79AFB813-E37C-401D-A7CC-578CBA7A630E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{847F3D01-05B3-4F1F-A189-21E111C4249A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{847F3D01-05B3-4F1F-A189-21E111C4249A}: NameServer = 213.73.91.35,85.214.73.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A89E319E-DCD6-490E-9C29-09D481EBF230}: DhcpNameServer = 10.129.32.1 10.111.81.129 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {87406745-6845-D43A-6723-F31899ED1B13} - Internet Explorer ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} - msiexec /fus {ADD9AEE8-B916-4CD6-A04B-9386DF90D594} /quiet ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^dirk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ConnectionCenter - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MSIAfterburner - hkey= - key= - C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe () MsConfig:64bit - StartUpReg: STAMPIT-Tray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.25 21:17:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.25 19:02:45 | 000,000,000 | ---D | C] -- C:\Users\dirk\AppData\Roaming\Malwarebytes [2013.01.25 19:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.25 19:02:25 | 000,000,000 | ---D | C] -- C:\Users\dirk\AppData\Local\Programs [2013.01.25 18:35:16 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2013.01.25 18:33:34 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS [2013.01.25 18:15:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64 [2013.01.25 18:15:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A [2013.01.25 18:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard [2013.01.25 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard [2013.01.25 17:11:54 | 000,000,000 | ---D | C] -- C:\Users\dirk\AppData\Local\NPE [2013.01.18 21:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.03 14:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.01.03 14:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.01.03 14:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.03 14:52:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.30 16:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\dirk\Documents\*.tmp files -> C:\Users\dirk\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.25 18:37:39 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.25 18:37:39 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.25 18:36:07 | 001,528,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.25 18:36:07 | 000,663,884 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.25 18:36:07 | 000,624,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.25 18:36:07 | 000,135,364 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.25 18:36:07 | 000,111,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.25 18:36:03 | 002,242,930 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\Cat.DB [2013.01.25 18:33:40 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR311.dat [2013.01.25 18:33:34 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS [2013.01.25 18:30:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.25 18:30:06 | 2083,880,959 | -HS- | M] () -- C:\hiberfil.sys [2013.01.25 18:27:11 | 000,061,160 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx [2013.01.25 18:27:11 | 000,061,160 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx [2013.01.25 18:27:11 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx [2013.01.25 18:14:44 | 000,001,387 | ---- | M] () -- C:\Users\dirk\Desktop\Norton Installation Files.lnk [2013.01.25 17:07:38 | 000,002,408 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2013.01.25 17:07:31 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\VT20130115.021 [2013.01.18 23:18:19 | 000,002,048 | -H-- | M] () -- C:\Users\dirk\Documents\Default.rdp [2013.01.12 00:31:27 | 000,000,211 | ---- | M] () -- C:\Users\dirk\Desktop\Torchlight II.url [2013.01.11 20:33:46 | 001,505,324 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.11 20:29:31 | 000,419,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 08:53:33 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1402010.016\isolate.ini [2013.01.05 13:09:09 | 000,000,211 | ---- | M] () -- C:\Users\dirk\Desktop\Dishonored.url [2013.01.03 23:08:32 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.01.03 23:08:32 | 000,001,072 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\dirk\Documents\*.tmp files -> C:\Users\dirk\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.25 19:22:00 | 000,012,454 | ---- | C] () -- C:\Users\dirk\Documents\RE844739DE8487.pdf [2013.01.25 18:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR311.dat [2013.01.25 18:15:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini [2013.01.25 18:14:44 | 000,001,387 | ---- | C] () -- C:\Users\dirk\Desktop\Norton Installation Files.lnk [2013.01.12 00:31:27 | 000,000,211 | ---- | C] () -- C:\Users\dirk\Desktop\Torchlight II.url [2013.01.05 13:09:09 | 000,000,211 | ---- | C] () -- C:\Users\dirk\Desktop\Dishonored.url [2013.01.03 14:53:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.05.23 23:52:03 | 000,003,072 | ---- | C] () -- C:\Users\dirk\AppData\Local\file__0.localstorage [2012.05.16 13:48:33 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.16 13:48:32 | 000,479,528 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.05.16 13:48:31 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.16 13:48:30 | 012,985,344 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.05.16 13:46:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.05.16 13:46:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.05.16 12:59:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.12 11:26:08 | 000,120,041 | ---- | C] () -- C:\Users\dirk\helden.zip.hld.5.1.4.beta [2012.03.07 00:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.11.02 20:00:24 | 000,118,498 | ---- | C] () -- C:\Users\dirk\helden.zip.hld.5.1.0 [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011.03.20 22:19:03 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.20 22:19:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.07 07:28:09 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.03.07 07:28:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.01.06 11:56:52 | 000,000,017 | ---- | C] () -- C:\Users\dirk\AppData\Local\resmon.resmoncfg [2010.12.27 08:43:02 | 000,000,049 | ---- | C] () -- C:\Users\dirk\delCache.bat [2010.11.07 13:40:58 | 000,003,416 | ---- | C] () -- C:\Users\dirk\unigine_20101107_1340.html [2010.10.19 23:47:35 | 000,000,477 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat [2010.10.05 12:39:08 | 004,693,476 | ---- | C] () -- C:\Users\dirk\AcronisSystemReport.zip [2010.02.24 00:01:08 | 000,006,144 | ---- | C] () -- C:\Users\dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.22 18:35:00 | 000,134,884 | ---- | C] () -- C:\Users\dirk\helden.zip.hld [2010.02.04 08:51:52 | 000,000,600 | ---- | C] () -- C:\Users\dirk\AppData\Local\PUTTY.RND [2010.02.03 00:59:28 | 000,002,743 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2010.01.31 16:07:29 | 000,134,884 | ---- | C] () -- C:\Users\dirk\helden.zip.hld.ok [2010.01.31 13:16:31 | 000,059,884 | ---- | C] () -- C:\Users\dirk\helden.zip.hld_org [2010.01.25 17:36:01 | 000,055,369 | ---- | C] () -- C:\Users\dirk\.heldEinstellungen4_1.xml [2010.01.25 17:36:00 | 000,000,315 | ---- | C] () -- C:\Users\dirk\.dsa4.properties [2009.12.19 18:48:13 | 000,000,227 | ---- | C] () -- C:\Users\dirk\AppData\Roaming\default.rss ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.10 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\.minecraft [2010.09.04 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\2EDAC1D7-A671-46CA-8F3B-7B0F2FF3A3AB [2010.09.25 11:22:16 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\4D789AE7-44BE-4299-B7B2-662B1A4FAB23 [2011.01.06 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\76192FE5-4D0A-4323-BDE3-93D6AF6C3A2E [2011.06.18 15:17:47 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\8FC0BCD2-2209-4C07-863B-950BAD5823C3 [2009.12.21 08:51:53 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\AC1 [2012.05.15 11:08:55 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Acronis [2010.06.18 17:55:09 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\AVM [2011.02.23 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\B90F73D0-89C0-40FC-AD06-1368A8205CA9 [2011.08.16 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\BB26F44F-3FB6-41A9-ABD8-8FA27909E2DB [2012.11.19 16:35:54 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Bioshock [2012.10.18 17:24:18 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\BitTorrent [2009.12.02 18:10:28 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Buhl Data Service [2012.02.13 08:19:21 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Buhl Data Service GmbH [2012.12.26 12:27:58 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Canon [2011.05.18 06:33:54 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\CoSoSys Ltd [2009.12.05 11:26:50 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\DataDesign [2012.05.15 10:17:09 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\F152C15A-1173-4EAF-B284-A0F4E1B436AA [2012.04.08 14:05:16 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\FileZilla [2011.02.03 22:41:49 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\FreeHideIP [2010.01.03 12:40:00 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\FRITZ! [2010.01.03 12:19:07 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.02.06 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\HandBrake [2012.07.11 08:11:29 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\ICAClient [2011.08.13 20:58:59 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\IrfanView [2011.06.18 16:25:14 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\JAM Software [2009.11.10 00:41:27 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Leadertech [2010.03.01 17:30:11 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\LetsTrade [2011.07.03 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Lionhead Studios [2010.10.05 09:58:48 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\MiK [2009.12.25 10:27:42 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Mp3tag [2010.06.15 18:52:11 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Notepad++ [2012.03.08 18:39:04 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Origin [2012.01.04 09:23:21 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Phoner [2011.03.20 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\PunkBuster [2010.05.02 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Subversion [2011.11.21 18:14:36 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\TeraCopy [2012.06.04 13:23:24 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\thriXXX [2010.06.27 07:01:55 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Tific [2010.10.30 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\TomTom [2012.05.16 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\Ubisoft [2012.10.08 16:30:33 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\UFOAI [2013.01.12 16:39:20 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\UseNeXT [2010.02.12 19:16:35 | 000,000,000 | ---D | M] -- C:\Users\dirk\AppData\Roaming\XBMC ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.11.09 23:46:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.10 13:45:54 | 000,000,000 | -HSD | M] -- C:\Boot [2013.01.25 21:17:23 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.11.09 23:45:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.05.16 08:06:09 | 000,000,000 | ---D | M] -- C:\Driver_allOS [2009.12.15 10:16:11 | 000,000,000 | ---D | M] -- C:\Hauppauge [2012.05.16 07:50:23 | 000,000,000 | ---D | M] -- C:\Intel [2011.09.17 10:12:04 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.12.31 12:58:08 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.25 21:17:23 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.25 20:30:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.25 19:02:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.11.09 23:45:52 | 000,000,000 | -HSD | M] -- C:\Programme [2009.11.09 23:45:52 | 000,000,000 | -HSD | M] -- C:\Recovery [2009.11.09 10:25:02 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.01.25 21:41:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.25 19:33:24 | 000,000,000 | ---D | M] -- C:\temp [2012.06.17 07:46:11 | 000,000,000 | ---D | M] -- C:\uninstall [2011.12.31 12:58:08 | 000,000,000 | R--D | M] -- C:\Users [2013.01.25 18:35:16 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\drivers\iaStor.sys [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) MD5=8180A2392E732E8871589B54FAB6991F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_a0e315501c75a0d0\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2010.11.20 13:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.06.10 18:28:15 | 000,000,315 | ---- | M] () -- C:\Users\dirk\.dsa4.properties [2012.06.10 18:56:37 | 000,055,369 | ---- | M] () -- C:\Users\dirk\.heldEinstellungen4_1.xml [2010.10.05 12:39:13 | 004,693,476 | ---- | M] () -- C:\Users\dirk\AcronisSystemReport.zip [2011.01.06 12:08:39 | 000,000,049 | ---- | M] () -- C:\Users\dirk\delCache.bat [2012.06.10 18:56:37 | 000,134,884 | ---- | M] () -- C:\Users\dirk\helden.zip.hld [2011.11.02 20:00:24 | 000,118,498 | ---- | M] () -- C:\Users\dirk\helden.zip.hld.5.1.0 [2012.06.04 06:18:19 | 000,120,041 | ---- | M] () -- C:\Users\dirk\helden.zip.hld.5.1.4.beta [2012.06.10 18:59:05 | 000,134,884 | ---- | M] () -- C:\Users\dirk\helden.zip.hld.ok [2010.02.22 07:46:15 | 000,059,884 | ---- | M] () -- C:\Users\dirk\helden.zip.hld_org [2013.01.25 21:43:06 | 006,553,600 | -HS- | M] () -- C:\Users\dirk\NTUSER.DAT [2013.01.25 21:43:06 | 000,262,144 | -HS- | M] () -- C:\Users\dirk\ntuser.dat.LOG1 [2009.11.09 23:46:02 | 000,000,000 | -HS- | M] () -- C:\Users\dirk\ntuser.dat.LOG2 [2013.01.12 16:55:41 | 000,065,536 | -HS- | M] () -- C:\Users\dirk\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2013.01.12 16:55:41 | 000,524,288 | -HS- | M] () -- C:\Users\dirk\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2009.11.10 00:06:10 | 000,524,288 | -HS- | M] () -- C:\Users\dirk\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2009.11.09 23:46:02 | 000,000,020 | -HS- | M] () -- C:\Users\dirk\ntuser.ini [2010.01.03 13:36:12 | 000,000,000 | ---- | M] () -- C:\Users\dirk\Sti_Trace.log [2012.11.11 07:43:44 | 000,118,784 | -HS- | M] () -- C:\Users\dirk\Thumbs.db [2010.11.07 13:40:58 | 000,003,416 | ---- | M] () -- C:\Users\dirk\unigine_20101107_1340.html < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:054B9966 < End of report > Geändert von BigKid (25.01.2013 um 22:15 Uhr) |
25.01.2013, 22:01 | #6 |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.01.2013 21:39:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\FirefoxDownload 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 4,55 Gb Available Physical Memory | 57,39% Memory free 15,84 Gb Paging File | 12,33 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,74 Gb Total Space | 16,74 Gb Free Space | 17,13% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 268,72 Gb Free Space | 90,15% Space Free | Partition Type: NTFS Drive H: | 346,16 Gb Total Space | 173,45 Gb Free Space | 50,11% Space Free | Partition Type: NTFS Drive L: | 140,73 Gb Total Space | 55,49 Gb Free Space | 39,43% Space Free | Partition Type: NTFS Drive M: | 1,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Z: | 6985,94 Gb Total Space | 4857,92 Gb Free Space | 69,54% Space Free | Partition Type: NTFS Computer Name: MAINFRAME | User Name: dirk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CC54DDF-2C27-4B76-98ED-57374B47639D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{16A55181-706E-4CE9-9E25-9B855525FFC0}" = rport=137 | protocol=17 | dir=out | app=system | "{1B4F688B-6AD3-4CF6-9165-B3476DEB58E9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{20AF1CC2-8E26-414A-99E7-AE42EDA6D2AD}" = rport=2869 | protocol=6 | dir=out | app=system | "{2606C1E9-45A4-4561-A5C1-1D5857A79AD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3794911A-B452-45F8-B1B2-EC4F4828C845}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3D4697CE-C3F3-439F-BB04-2D566A4D3556}" = rport=139 | protocol=6 | dir=out | app=system | "{41A7F6B0-75A1-4CD1-B47F-CF8D0FA80BE7}" = rport=445 | protocol=6 | dir=out | app=system | "{41F703C5-F45B-4266-B8DF-AAABB633E471}" = lport=137 | protocol=17 | dir=in | app=system | "{42759EB4-6CC0-400D-B4F7-081810DBA6F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{538FFD54-2E06-4BFC-B2F8-A0AC2BC3A930}" = lport=445 | protocol=6 | dir=in | app=system | "{5FE80356-B624-4E28-B3F6-002FC6A97B34}" = lport=139 | protocol=6 | dir=in | app=system | "{69500127-569E-4216-B4FA-69B582917ACE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80974891-2D11-4963-BF8B-67DD6F4084EC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{89071E79-EA29-4F4E-B592-FBB67106A7CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E17347E-9420-40C9-9899-784A19E35130}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{90935F5B-B420-4260-BB7C-A186BBC68507}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{944FDE10-97D1-4F01-B2F1-8E3906C12A1A}" = lport=138 | protocol=17 | dir=in | app=system | "{97481795-855E-4E98-86AC-96BA86456DFE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ABB508BB-1C10-4D75-8F86-46CFBE513DEF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B832423C-8145-48C6-B6DF-A4A64EBB727C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C138AE96-7F5B-494B-9F84-8A02C393BD36}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CA727AC4-8F6D-48FA-BD69-C111C67A96CC}" = rport=10243 | protocol=6 | dir=out | app=system | "{D1BBFFED-DBD2-4B6F-A518-12ACA4B0A929}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DAE514A8-DC5A-49F0-9D37-4F56E970DA0D}" = lport=2869 | protocol=6 | dir=in | app=system | "{DE01252F-E268-40CF-A3E3-78D4B83C4359}" = rport=138 | protocol=17 | dir=out | app=system | "{DF03BA19-011D-4121-858D-24567E386EAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E43F6584-7171-4DD1-A5F0-C600A5841E24}" = lport=10243 | protocol=6 | dir=in | app=system | "{F07BB04B-5EE0-46E5-92FD-0B539D1E5D72}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F0C2940F-413C-45A5-B2BC-85D211AB7669}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F2BB18AD-F287-4BA5-B5A0-913E7DE562DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F42C9A00-EBEE-4460-AFD0-E52FAF51E23E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD018C49-87C7-42D6-9EE0-F0ED4C91F68F}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01228CAE-4BC1-4148-A1F1-7C85CCF3A25A}" = protocol=6 | dir=in | app=h:\windows7\starcraft ii\versions\base15405\sc2.exe | "{017A9EA0-839E-41F9-B03A-3DF05DC580F3}" = protocol=6 | dir=in | app=l:\assasins creed 3\ac3mp.exe | "{04F2825B-0F1D-419A-97D9-FD14B6C4FA9B}" = protocol=6 | dir=in | app=h:\windows7\assasins creed 2\assassinscreediigame.exe | "{07B531C9-BCD7-47E7-A2A0-DF8E96967F6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{08E537C9-97C2-44A5-9F5F-6127255C4E4D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{0966B61A-2393-4275-AB10-880CF44C0982}" = protocol=17 | dir=in | app=l:\world of warcraft\backgrounddownloader.exe | "{09A7E018-9572-4F67-9EBF-F3F30F070A95}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | "{0B1769B9-3B56-448E-9D13-21B977CCE087}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\rage\rage.exe | "{0BB4ADB1-429B-4423-A51A-0E659CA9D5EA}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{0C4FFCB2-41D2-4FCC-93F8-F01405551D62}" = protocol=6 | dir=in | app=l:\world of warcraft\launcher.patch.exe | "{0D3993EF-4D13-439A-95C3-37D6B93401F3}" = protocol=17 | dir=in | app=h:\windows7\assassin's creed revelations\acrsp.exe | "{0D86662E-CA01-4597-BFC6-DFAF0CB8768B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{0F632CE3-D7CB-477E-8021-1D59B0624615}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{0F670354-FEC5-451E-B8DC-D9B67A2580FC}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "{118A4B94-8AA3-4D0D-BB6C-938A1E161A5B}" = protocol=17 | dir=in | app=h:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "{131DFBBF-86D5-474C-A788-C8E2D6C3DF96}" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "{13EF661C-68A7-4E1B-9840-814172920744}" = protocol=6 | dir=in | app=h:\windows7\dragon age\daoriginslauncher.exe | "{1434D0C6-AD8D-42C1-B0A6-CC11DB9B7D56}" = protocol=17 | dir=in | app=c:\users\dirk\appdata\local\akamai\netsession_win.exe | "{15B3B0EF-F73A-4321-B5BC-71694F048842}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "{160E7E41-B026-49E9-B199-32D47AF4C0D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{161ECA06-27BA-44F8-8DC6-20249E266489}" = protocol=17 | dir=in | app=c:\program files (x86)\phoner\phoner.exe | "{18E041F1-441B-46F0-9CB3-E2B87A65C803}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{19B74956-0FAE-44E9-9CE9-B6CF3615AFB9}" = protocol=17 | dir=in | app=l:\assasins creed 3\assassinscreed3.exe | "{1A2343FA-4CED-428E-A683-4294E558F3A3}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\torchlight ii\torchlight2.exe | "{1ACC0D6B-7DF8-4DE2-8DE3-FE8A09017B10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1B342EF4-9CD4-4112-BFCF-C651453C586D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1C5CE973-B971-4F7D-B3AF-357B31024FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{1D297AD1-1F37-40E8-B6D1-ADF0781CB52C}" = protocol=6 | dir=in | app=h:\windows7\assassin's creed revelations\acrmp.exe | "{1ECEC0DA-7A7A-4B22-96B4-8211F696C45C}" = protocol=6 | dir=in | app=h:\windows7\assassin's creed revelations\acrpr.exe | "{20DBFB33-961E-4095-B1D6-73DCB0E26775}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{21038189-D22A-40F6-B273-E1BA715A2D49}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "{22DEBC5B-033B-4537-8D1B-FB2C527394D0}" = protocol=17 | dir=in | app=h:\windows7\eaorigin\mass effect 3\binaries\win32\masseffect3.exe | "{2403FDCD-4DDE-4A3F-B093-4264A76DF214}" = protocol=17 | dir=in | app=h:\windows7\crysis2\bin32\crysis2.exe | "{24780D1A-4386-4F1A-BF7E-A62FAF61513A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{25C53D83-0A82-43FB-BB51-0756B6921F26}" = protocol=17 | dir=in | app=l:\the secret world\clientpatcher.exe | "{26C3A988-A3A0-4B49-9ACF-AB28E727A408}" = protocol=17 | dir=in | app=l:\assasins creed 3\ac3sp.exe | "{275A55A7-13F2-4AA0-A915-F006ED8A62A4}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "{275AEAA3-DEDE-4D01-A829-AC5F3F97B620}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | "{277BD88E-C870-46DC-8E33-3B20CAA2A39B}" = protocol=6 | dir=in | app=h:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "{28179499-196C-4EFA-97B7-2D99D0833C03}" = protocol=6 | dir=in | app=l:\assasins creed 3\assassinscreed3.exe | "{28C5FAF0-570B-41FE-974B-DC2EF1CAADA6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{29784557-B594-40F8-82D4-4303BABD855A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{2ABF7169-1043-4FAC-B059-977E799051AF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2AE8B52B-F39F-4B3D-A5F5-28D9ECB02B15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{2C1C48CA-3BB4-44D4-AAF2-0EBF0702A7BC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{2F523BC8-1D5F-48E7-8857-00CA32A01A34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{30278A10-63A8-4251-BD24-0B50902307EA}" = protocol=17 | dir=in | app=h:\windows7\batman ac\binaries\win32\batmanac.exe | "{311A415D-5606-4CD7-BE8D-3B46039B8148}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{329DA9E9-5BC2-4312-8DB6-379B83845977}" = protocol=6 | dir=in | app=l:\world of warcraft\blizzard downloader.exe | "{3331B1CB-07F0-435E-9ADE-0A731D81692B}" = protocol=17 | dir=in | app=h:\windows7\dragon age\daoriginslauncher.exe | "{33ED2031-08F7-413F-A215-52E229DCBBF2}" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.exe | "{33F662ED-DBA8-4668-97F2-60B758D8366B}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "{3491B0B0-8AAA-4878-A6E4-48FF3A6A1EF2}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "{34A26EFC-5C3F-499D-BF98-AA9A2BA71E73}" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.exe | "{34FE9D0A-3D98-45CC-A1FD-F7E408FED80A}" = protocol=17 | dir=in | app=h:\windows7\nfs hot pursuit\nfs11.exe | "{36A6963A-F635-480A-A3B2-FF93081C9BA1}" = protocol=17 | dir=in | app=h:\windows7\assasins creed 2\uplaybrowser.exe | "{374D0BF9-EE02-4D58-B1B0-7D36B29C8975}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{37AFF016-63E9-4CF7-9B29-E2B1121815C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{381F0F79-FC15-4A4F-9886-848605C35E05}" = protocol=6 | dir=in | app=h:\windows7\assasins creed 2\assassinscreedii.exe | "{395FBB5A-4307-4EB0-B4B3-A2870343639D}" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | "{3963F151-F31A-4253-B2DB-9876AB1B9459}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{39FC6725-BEF8-4A5B-952D-A25A59C2EEE9}" = protocol=17 | dir=in | app=l:\world of warcraft\launcher.patch.exe | "{3B2C0640-931A-457A-BABB-B755904AD518}" = protocol=17 | dir=in | app=h:\windows7\steam\steam.exe | "{3C153184-EE17-44D5-B425-5DAC948D03BF}" = protocol=17 | dir=in | app=h:\windows7\starcraft ii\versions\base15405\sc2.exe | "{3DE565AF-DB79-4632-AB63-33D38B290019}" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | "{3F66A125-F7A4-4CA8-A022-96DE0C5B57E3}" = protocol=17 | dir=in | app=c:\temp\commonfiles\java\bin\javaw.exe | "{419BD3A1-36B9-4A38-8A30-1D110BAD0507}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4366A2C6-6797-4CC1-9B82-4B06275BA798}" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "{4528BD0C-6E2D-4EEC-9B75-039E0BFEE1A9}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{462A635B-4DAD-4FE1-AA31-EE195F2A337A}" = protocol=6 | dir=in | app=h:\windows7\assasins creed brotherhood\assassin's creed brotherhood\acbmp.exe | "{474D881A-5924-48B7-890B-4DA360DCCCCF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{4776DB45-9E50-4C9A-A99E-A067D3D26B5F}" = protocol=17 | dir=in | app=h:\windows7\dragon age\bin_ship\daupdatersvc.service.exe | "{48C54723-8B9B-4901-B7CE-8DAFCDBB3E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{48DD6BD1-ECB9-4CA9-A345-C1986C3CECD0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{4B98D32A-F80D-44BC-AC78-9F12881AD6E0}" = protocol=17 | dir=in | app=h:\windows7\star wars-the old republic\launcher.exe | "{4CD0217B-D2D6-460B-8705-0A48B6C86498}" = protocol=6 | dir=in | app=h:\windows7\anno 2070\initengine.exe | "{4D66E706-5095-4C4B-9DBA-ADD0BCD0CBD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4DE648D4-51F8-485F-B08F-9FE2759B599C}" = protocol=6 | dir=in | app=h:\windows7\assassin's creed revelations\assassinscreedrevelations.exe | "{4FB0218F-868E-4286-9BD4-E9949D104374}" = protocol=17 | dir=in | app=l:\world of warcraft\blizzard downloader.exe | "{53812081-55D5-4F33-98B7-4885490E1179}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{53C3C3C7-6F07-4C79-AFDB-7DE67AF65BF5}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "{55882911-3208-47E2-A20F-89D5A2D13795}" = protocol=6 | dir=in | app=c:\program files (x86)\phoner\phoner.exe | "{568E00C3-8660-4966-8101-BDC04822ACA6}" = protocol=6 | dir=in | app=l:\assasins creed 3\ac3sp.exe | "{57D1C691-7A60-4E16-9B57-DEB3D4E3CEBB}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\rage\rage.exe | "{592F977A-BBA6-4A86-8B79-42C975D5C3DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{5AF77DB7-BD20-4514-A19A-4FA241EDA135}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\endless space\endlessspace.exe | "{5D477111-37B7-4B5C-99EB-957A6951ED87}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "{5E2E225F-D958-493D-A73C-0233CCF65F3D}" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | "{62C87FC6-5C68-45A7-ADA5-E356A73773A0}" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | "{64D25C4E-1457-45BD-BD74-5E8FFF91ABCA}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | "{6539AA6E-8748-491B-90B8-040E5F0AF238}" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | "{686B6EC4-E974-465B-A86D-FB17224CA987}" = protocol=17 | dir=in | app=h:\windows7\mass effect\masseffectlauncher.exe | "{6D6F06D7-1C21-44B2-BC90-C5B8A143DE0A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{6EE09C56-0D7E-412F-8937-D2612A3059EB}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\alan wake\alanwake.exe | "{704B0A24-6F8C-4A8F-976C-908D3BC84536}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "{70FE3414-5C00-4D95-8C50-B0FF020C0523}" = protocol=6 | dir=in | app=h:\windows7\assassin's creed revelations\acrsp.exe | "{711BC268-FFF4-4C0B-8B2E-7040B11C60DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7221ADBF-3123-415F-A00E-819551771367}" = protocol=6 | dir=in | app=c:\program files (x86)\easy-hide-ip\easy-hide-ip.exe | "{73898FDE-9FE5-427F-86BA-EEF88D65D2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{74962C9B-748F-45EC-AE89-BEC190AA83CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{77C18DBC-924A-4FA9-B442-61C4EF3FD351}" = protocol=6 | dir=in | app=h:\windows7\eaorigin\mass effect 3\binaries\win32\masseffect3.exe | "{77CC1095-661F-4093-8F96-FEF8D7F06464}" = protocol=6 | dir=in | app=h:\windows7\nfs hot pursuit\nfs11.exe | "{7FE03152-8D6B-4895-BAE9-0332B93EB829}" = protocol=17 | dir=in | app=h:\windows7\assassin's creed revelations\assassinscreedrevelations.exe | "{80DCD202-14A3-4560-A463-64E4A730535D}" = protocol=6 | dir=in | app=l:\world of warcraft\backgrounddownloader.exe | "{8437D747-8492-4BC7-A44E-8F3B764295DC}" = protocol=17 | dir=in | app=h:\windows7\assasins creed 2\assassinscreediigame.exe | "{84814A18-2F82-42EE-A731-C993ED4084B4}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "{84B0639B-9444-4409-A507-2F05AB935393}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\endless space\endlessspace.exe | "{86F4CF16-585F-45E7-886E-2142A3CAB7FC}" = protocol=17 | dir=in | app=h:\windows7\anno 2070\initengine.exe | "{87282C1A-8888-4EA3-982E-0E798AC94DE0}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "{87DAD988-892A-458E-A813-C1DC322F3254}" = protocol=6 | dir=in | app=h:\windows7\batman ac\binaries\win32\batmanac.exe | "{88A95459-8D9A-4EA2-8EE2-DE45E97B9A98}" = protocol=6 | dir=out | app=system | "{89CF9EB9-E6CA-4A49-AD82-8CE981E1839A}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | "{89D470FC-8890-4A1C-8457-7FA3B6C8A805}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{8A06EEAC-A667-4AC4-AE11-A8F0A788D7BC}" = protocol=17 | dir=in | app=h:\windows7\starcraft ii\starcraft ii.exe | "{8A140BCA-D9AF-4294-BA26-02FC017453D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{8A87DF92-0510-4496-8005-3E43182B0528}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8ACCD483-C55C-4E2E-B5B2-AB1FD52B2BFF}" = protocol=17 | dir=in | app=l:\diablo iii\diablo iii.exe | "{8F83FCCB-67DC-414F-9161-E617BB85AD20}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{8FF38EC5-66B9-4979-BEB3-FB147A24B50A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{904BC096-6968-4A6B-B5C4-099EA2C44DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{91912773-977F-4E4E-865A-19318BC81197}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "{927022E8-DAD0-462B-83A3-4EA0A9C1D463}" = dir=in | app=c:\program files (x86)\norton antivirus\engine\18.1.0.37\ccsvchst.exe | "{9296ADFC-3558-4E48-9266-056E7C148AEC}" = protocol=6 | dir=in | app=l:\world of warcraft\launcher.exe | "{92BCC8F2-BA41-4096-A68E-1C978306520B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{93D0159A-3006-4C41-B6A3-16999923FC33}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "{93FB2370-65D7-46BA-8310-51EAAF3E282A}" = protocol=17 | dir=in | app=h:\windows7\batman\binaries\shippingpc-bmgame.exe | "{94549647-6FD3-49EE-9F9F-CB6A39B7490D}" = protocol=17 | dir=in | app=l:\assasins creed 3\ac3mp.exe | "{94CD39FE-60F7-4B8E-83DE-BDB03E099C28}" = protocol=6 | dir=in | app=h:\windows7\star wars-the old republic\launcher.exe | "{94E34E07-11A2-493C-AEC1-DDCB7365B319}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{95A739A9-949C-4530-975F-F880D8282434}" = protocol=6 | dir=in | app=h:\windows7\dragon age\bin_ship\daupdatersvc.service.exe | "{98AF4DAC-30E6-4487-991F-6BC236F09BF4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9A5DFFE4-146D-4F14-884D-AFD48606CE0D}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | "{A1B1A0F9-009F-4A28-B08A-33672CB15B93}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A2067BFB-A6C9-4F9F-A63B-6A3DA089C9A4}" = protocol=6 | dir=in | app=h:\windows7\nfs hot pursuit\launcher.exe | "{A2AD8973-01B5-4A6F-9C93-32F92A91CDAE}" = dir=in | app=l:\dark souls\darksouls.exe | "{A9440D18-8A7D-43A6-91A6-B8DD3140C0BA}" = protocol=6 | dir=in | app=h:\windows7\assasins creed 2\uplaybrowser.exe | "{AA80EFF2-9DC3-4770-BFD1-68682E7225B1}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "{AA83270D-114D-44BC-BF45-7D2F3A842CE0}" = protocol=17 | dir=in | app=h:\windows7\assassin's creed revelations\acrpr.exe | "{AAFDF058-3614-4569-A40F-18991946EB86}" = protocol=6 | dir=in | app=h:\windows7\dragon age\bin_ship\daorigins.exe | "{ABDB7B17-BFB7-40B8-9745-02DA037A24EA}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "{AC1950DB-BB96-4FD1-A479-26C638D0663D}" = protocol=6 | dir=in | app=h:\windows7\steam\steam.exe | "{AC543664-6F68-41F3-B4E8-714987E98532}" = protocol=6 | dir=in | app=h:\windows7\anno 2070\anno5.exe | "{AE2BC01B-03F6-455B-8615-C2A8FB256DE1}" = protocol=6 | dir=in | app=c:\temp\commonfiles\java\bin\javaw.exe | "{AF7C50E1-5783-4E4A-BE8F-3C57E348FCFA}" = protocol=17 | dir=in | app=h:\windows7\mass effect\binaries\masseffect.exe | "{AFCAC9FC-3239-42D2-83F4-6CEDD73F7823}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{B19EB3BE-0FE0-4A1E-89B0-CAAF80DC629C}" = protocol=6 | dir=in | app=l:\the secret world\clientpatcher.exe | "{B3A0198A-8C23-4D33-8139-F2C8BD8D0DE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B50C7063-DCDE-4011-9138-DAC38890B522}" = protocol=17 | dir=in | app=h:\windows7\star wars-the old republic\swtor\retailclient\swtor.exe | "{B5BC5D72-6FC9-4880-98BA-D9D2FC75DFE3}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "{B5F2BD77-3E63-4BAC-B6F0-270675B7ED2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B718B7D2-EB46-440E-AECC-86D3777D9744}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B8DDB515-412A-45B0-BDB0-1D834B476F7B}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{BAD5B52A-E424-40A4-AFA8-F9CDD7D2B35F}" = protocol=17 | dir=in | app=h:\windows7\assasins creed brotherhood\assassin's creed brotherhood\acbmp.exe | "{BB07BECA-BF54-4053-A504-59406D4CCDE0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BC47382F-D464-4600-B989-56455FDE6EA4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{BDFA91B8-5C04-4722-8288-402EFDC32C9F}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | "{BF38A2E9-9A32-4A10-BC8C-E8DA5E4C0466}" = protocol=6 | dir=in | app=h:\windows7\star wars-the old republic\swtor\retailclient\swtor.exe | "{BF3A8234-9F95-4C3F-81FA-E95BD6B29F8A}" = protocol=17 | dir=in | app=l:\world of warcraft\launcher.exe | "{BFA8640B-AD81-45C0-BE31-4E90D6EA6FEF}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | "{C2332A13-9BFE-4ABD-8D27-A33108123458}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{C4F76F50-4FE1-41F0-AF42-2B1D1E06C199}" = protocol=6 | dir=in | app=h:\windows7\starcraft ii\support\blizzarddownloader.exe | "{C53F7A10-39EF-49C8-A24A-C0809802820C}" = protocol=17 | dir=in | app=h:\windows7\dragon age\bin_ship\daorigins.exe | "{CA342A7D-8DD1-4F8D-BBCF-FA2F2A74F28B}" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | "{CA5357F6-576C-4738-8E51-21515B0677AD}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "{CB37FA76-768D-4007-8303-CA783C726F9C}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{CC98387A-0275-4A23-A311-FD12C1AD1BE2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CDDD5529-5826-4CB0-9724-63BD81998E1D}" = protocol=6 | dir=in | app=h:\windows7\mass effect\binaries\masseffect.exe | "{CE6FDBDB-0CAD-4692-9CBB-099F795C18BB}" = protocol=6 | dir=in | app=h:\windows7\starcraft ii\starcraft ii.exe | "{D0868D48-8C8C-48E7-A153-09B1C84803AF}" = protocol=17 | dir=in | app=h:\windows7\assassin's creed revelations\acrmp.exe | "{D2FC5C35-61DD-47A3-9437-42CF11BF9981}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D39B2427-DE53-413A-9B81-8DF26BA739D2}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "{D43A5F66-6C4B-45D3-9118-F75CABA7AE8B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D5EF251F-E1EA-44DF-AF25-85B0B756DB27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D68B314D-036E-45B1-8129-3188E2D5C62D}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{D7E091A1-763E-48FF-9111-932B989DA6BB}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\torchlight ii\torchlight2.exe | "{D7E35CD1-0674-4BA7-BE39-97A2DBF99160}" = protocol=6 | dir=in | app=l:\diablo iii\diablo iii.exe | "{D82F786E-F268-4065-B623-267F493AC798}" = protocol=6 | dir=in | app=c:\users\dirk\appdata\local\akamai\netsession_win.exe | "{D8F4705D-4645-4A8A-BBCC-E2BEB6D547BB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{D95D036B-5086-45F1-B1D6-B0F655832B9A}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "{DAD75D5E-C051-4C23-85A9-EBFFE9F92655}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DB36481B-F066-4BC3-8DF8-85FA7998556D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DBC63EF4-193A-4A04-B4DE-871773A9688F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{DBD6E356-9EBB-42AE-ADEA-1F0B3285D7F5}" = protocol=17 | dir=in | app=h:\windows7\assasins creed 2\assassinscreedii.exe | "{DC873E34-3436-43FA-A252-13C63AEEE730}" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "{DD1A09E2-3498-4F2A-8CA2-BCFFB1F7E7C8}" = protocol=17 | dir=in | app=h:\windows7\nfs hot pursuit\launcher.exe | "{DE855E87-38D3-4680-8360-3A90AA717E54}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "{DEE3E915-3BE5-4C01-A170-436489D0A761}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E087505B-0B97-4B75-82EF-52BA1327EE48}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "{E34AE6B2-AC64-4D5A-8FB3-39D4F34431D4}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "{E3CDAB39-7759-41A6-94D7-9312E2165944}" = protocol=6 | dir=in | app=h:\windows7\anno 2070\autopatcher.exe | "{E3FC3ECA-ED95-4F7F-B8CB-19191425B445}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E727E4AD-B517-4D1B-946E-28C59C48A576}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7E4E662-C0A6-4B24-A365-AB00E21FD240}" = protocol=17 | dir=in | app=h:\windows7\starcraft ii\support\blizzarddownloader.exe | "{E9395D5C-5740-4391-AF40-9C19230FA28E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9A096F1-DB3C-4A77-9810-3072F8DDF3F8}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{EA498B1A-C24F-4DF4-B57C-F6377D6A4943}" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "{EBB17B17-E5E1-429C-B2FE-542EF56CD3E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EC6CD6B9-5D55-4102-95BF-B43BE8BD5DA2}" = protocol=17 | dir=in | app=h:\windows7\two worlds ii\twoworlds2.exe | "{EFFFBC43-58B5-405D-B3F3-4663FD46C951}" = protocol=6 | dir=in | app=h:\windows7\batman\binaries\shippingpc-bmgame.exe | "{F0134F57-9290-44B4-A7AD-3E76CE9C5E9A}" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | "{F0869F72-2F00-4827-BA15-D3E3CC135DD2}" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | "{F1A22E6A-0776-45E8-9212-1B924910DC35}" = protocol=17 | dir=in | app=h:\windows7\anno 2070\autopatcher.exe | "{F1E7AD19-B96C-426C-9E19-C7BEC9471D4A}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\alan wake\alanwake.exe | "{F2EC2990-2F61-467E-8319-230BFE7C2633}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "{F33467CC-8C2C-443E-9E00-AFB6A6E89D28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{F33F283C-A210-4407-A2ED-72389F2544C0}" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | "{F72DDBC0-BF05-4D08-920B-712EF01D299A}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | "{F7556C4D-C1CE-4EF2-8036-60EFA3C870D9}" = protocol=17 | dir=in | app=h:\windows7\anno 2070\anno5.exe | "{F917EC64-9E25-4122-AAD5-8F995FFA026E}" = protocol=17 | dir=in | app=h:\windows7\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{FB0344B1-195A-451D-BBD7-B0D267CAEE78}" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | "{FB179190-35FD-4FF9-8309-9C8860817CD3}" = protocol=6 | dir=in | app=h:\windows7\crysis2\bin32\crysis2.exe | "{FBB4F96B-CCA4-410F-9CBC-84063C1D7936}" = protocol=6 | dir=in | app=h:\windows7\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | "{FD8286FA-CF6C-46D1-BB3D-A71140B848DA}" = protocol=6 | dir=in | app=h:\windows7\two worlds ii\twoworlds2.exe | "{FD9B3D5E-BA1E-4EB7-A560-F4936363E6B5}" = protocol=17 | dir=in | app=c:\program files (x86)\easy-hide-ip\easy-hide-ip.exe | "{FEEB7D08-929C-4033-8304-DF7839908294}" = protocol=6 | dir=in | app=h:\windows7\mass effect\masseffectlauncher.exe | "{FF6994A0-3638-4360-AEAD-4A2FC80C2E06}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "TCP Query User{02DBF22C-937C-41AD-B6A7-A80F0F3E1D05}C:\temp\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\temp\commonfiles\java\bin\javaw.exe | "TCP Query User{0E3C4769-4BBC-4247-B605-F3B2A7D2C322}L:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{14AF4BA1-E0FF-4A08-8371-457699820D00}L:\dark souls\data.exe" = protocol=6 | dir=in | app=l:\dark souls\data.exe | "TCP Query User{14B5F434-94D6-49AE-B593-81CC0484A2F3}H:\windows7\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=h:\windows7\assassin's creed revelations\acrpr.exe | "TCP Query User{16EF9A6E-52FB-4CE3-AD3B-A14128016FC8}H:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.exe | "TCP Query User{1A9CFF19-EA1C-4F08-ADE5-26C2053A2AC9}L:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{1C79E035-F01E-47A1-8C73-826A6D9B8849}E:\eadownloads\dead space™ 2\deadspace2.exe" = protocol=6 | dir=in | app=e:\eadownloads\dead space™ 2\deadspace2.exe | "TCP Query User{20CAE110-1364-4961-9112-1B0CDDC41193}H:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\blizzard downloader.exe | "TCP Query User{24D78F97-3B9E-41BE-9B70-419A50039F06}L:\maxpayne3\maxpayne3.exe" = protocol=6 | dir=in | app=l:\maxpayne3\maxpayne3.exe | "TCP Query User{280B19FD-A98E-4796-9CC8-160044282B9E}C:\users\dirk\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\dirk\appdata\local\temp\_istmp1.dir\_ins5576._mp | "TCP Query User{29F7CA14-2846-4F8B-86E4-8DED47962FF9}C:\users\dirk\downloads\star trek downloader st.0.20100123a.5.exe" = protocol=6 | dir=in | app=c:\users\dirk\downloads\star trek downloader st.0.20100123a.5.exe | "TCP Query User{2BE66FA0-744A-4431-B4BB-67EB5226C34C}L:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{3126DEC1-AFEA-4A3D-9FAF-05A985469CD7}L:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "TCP Query User{31D553FF-1CE6-4881-A83B-C5C73CF4BCB6}H:\windows7\witcher2\bin\witcher2.exe" = protocol=6 | dir=in | app=h:\windows7\witcher2\bin\witcher2.exe | "TCP Query User{35829CCD-C1E8-41E5-9CC5-BEC8B9F09406}L:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=l:\world of warcraft\launcher.patch.exe | "TCP Query User{3887D8F0-2B00-4E7A-B85A-154B115484B9}H:\windows7\crysis2\bin32\crysis2.exe" = protocol=6 | dir=in | app=h:\windows7\crysis2\bin32\crysis2.exe | "TCP Query User{3993E755-015D-4014-B4E1-316F2DE9DD6B}H:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "TCP Query User{3A975781-AD80-4B26-8C5A-EBA15C608EE1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{3DA6D3ED-C728-4E8E-85CA-6A12B236EE9C}L:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "TCP Query User{3E0176C0-F996-4D4E-8EE8-C72A8C00384D}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | "TCP Query User{44026322-2C1E-40C2-A122-3FC9349AAFB2}H:\windows7\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=h:\windows7\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{597BA144-AF7D-4A42-8DA4-3959E028A5B0}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{5BE44140-474E-477F-B409-B2520BAB9398}H:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=h:\world of warcraft\launcher.patch.exe | "TCP Query User{65015A2A-C69A-4A68-A65B-C54717657E96}L:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | "TCP Query User{6D020F3C-1A3F-4B39-B3F7-5607060BF4B1}H:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | "TCP Query User{6EB8BF85-614D-4081-A8CA-9DB0214D81E8}H:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | "TCP Query User{742235B8-7FAC-4FAE-A2C3-E04D1C410A3C}L:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | "TCP Query User{755DA9D7-3361-4682-8900-E839E35D6C6C}L:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "TCP Query User{761CDE2E-A8FA-4FC5-9A8F-1E6AC3FA38F1}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "TCP Query User{7AC581C1-CFAB-497E-B144-1AAC84DD18C8}L:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{7AD4C7AD-A7EB-4E8B-B4A2-D62D65A22FD9}C:\program files (x86)\phoner\phoner.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phoner\phoner.exe | "TCP Query User{7CC17CB3-ACDF-4920-82D6-181B181FA01B}H:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | "TCP Query User{7EDA7335-AAC0-466A-867F-2B4B69382BA2}L:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "TCP Query User{822E2770-CFEB-4308-9645-F073D1BFE88C}H:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | "TCP Query User{86A1AFD6-139C-4263-997D-05700D26A2F7}L:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "TCP Query User{8B83A454-4C5B-4989-847C-B2E1DF9C7CD8}L:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=l:\world of warcraft\launcher.exe | "TCP Query User{9A9ABE8C-2B3E-49F9-913D-22D502FE8CB7}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{9EB02EE4-539E-4E08-84F8-1D91634F2897}H:\windows7\nfs hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=h:\windows7\nfs hot pursuit\nfs11.exe | "TCP Query User{A604CAA6-FD63-4746-8D4E-7CC4363D6306}L:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\backgrounddownloader.exe | "TCP Query User{ABCBF6D7-E45B-421E-92F2-0C75B3685968}C:\users\dirk\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\dirk\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | "TCP Query User{B38D9A92-6B1C-43B1-AF8D-609EC3A12B7D}L:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\blizzard downloader.exe | "TCP Query User{B3EEA5EF-00C6-4980-9E5D-F25BA90A0AD1}H:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | "TCP Query User{BBCF7A02-2C1A-4C28-BA19-A441228F1A70}C:\program files (x86)\easy-hide-ip\easy-hide-ip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\easy-hide-ip\easy-hide-ip.exe | "TCP Query User{BDA616DE-1055-4DDB-886D-E350427D4FAE}L:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "TCP Query User{BE8C89D6-8081-404D-BB2F-B6DC60654455}L:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=l:\diablo iii\diablo iii.exe | "TCP Query User{C81A0298-F7F9-4E93-A00D-DE7F8F8D4B19}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{CFEA25F1-68AE-408B-90BB-9CF54D969D88}L:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "TCP Query User{D8AFC683-4702-4D65-9CCA-6B28DA33623C}L:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{DB477070-E551-4885-8FAD-EFA67F3EC135}H:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "TCP Query User{E2AC3BD4-00A4-4A87-8008-6D1D883602C9}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{E31AA9DB-C7B9-4CC7-9A88-10823CB6192B}H:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | "TCP Query User{E4B1B1FE-4EAA-4EFC-81B8-6A5B143C423B}H:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | "TCP Query User{E8695D09-0B24-4803-8B13-BA72EFBFC058}L:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | "TCP Query User{F496D06C-AEA4-4D71-A244-BE2663109B1E}H:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\backgrounddownloader.exe | "TCP Query User{F61EBE1F-E393-4DE5-BBA1-A3607CE907CC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{F6C502AE-3AF3-49E1-80EE-E14D4D9FA935}H:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "TCP Query User{F7E2685B-4B60-407D-977B-0F0D69B944EC}H:\windows7\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=h:\windows7\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{F849A963-BAA4-47A7-8F73-C9193C3593B4}H:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "TCP Query User{F9CE0C38-0A81-4C55-87FC-EAD37E7058C9}H:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=h:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "UDP Query User{10B98D5B-0F08-4C2E-9A36-C04485478570}H:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | "UDP Query User{149B2A72-5583-4B9F-BDD8-19ABC7472917}L:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\backgrounddownloader.exe | "UDP Query User{231381F9-4992-4B50-8249-CB1E7932037C}H:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\blizzard downloader.exe | "UDP Query User{25A950EA-290A-41F3-9321-0131F8C4548D}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "UDP Query User{2CFC86B4-AEDC-45C8-8C7C-01837A4DCDDC}H:\windows7\crysis2\bin32\crysis2.exe" = protocol=17 | dir=in | app=h:\windows7\crysis2\bin32\crysis2.exe | "UDP Query User{2EF720E5-39C3-4C9C-9BA7-81390F4F383F}L:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{2F75E4F5-A207-46DB-AEB1-E35181DB2B30}L:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "UDP Query User{301DEB3D-3C9C-4DBC-B7E1-97C49ED27700}H:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.exe | "UDP Query User{30B7017C-C2BB-4C29-BFEE-D60C7CA473CA}H:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "UDP Query User{3CD297B3-6464-424A-BB91-4A9FAAC0C45A}L:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\blizzard downloader.exe | "UDP Query User{4303CEF2-DA1D-424C-8F64-57C24A9468A6}H:\windows7\nfs hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=h:\windows7\nfs hot pursuit\nfs11.exe | "UDP Query User{4C044353-66D8-4592-B740-B384CD8A7597}C:\users\dirk\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\dirk\appdata\local\temp\_istmp1.dir\_ins5576._mp | "UDP Query User{4FA5C934-3813-49E7-8B39-E7D214E36006}L:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=l:\diablo iii\diablo iii.exe | "UDP Query User{559C060B-C2F2-4458-AAD5-69813868BE42}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{5DA48885-E981-46DB-ADB3-8EDB1CC87EC6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{5F5D56D5-EA68-497B-A9D1-03ECA4F81C6C}L:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | "UDP Query User{652C3694-B880-4337-A540-28B6882830E2}L:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "UDP Query User{6B9ADEF5-4FC1-4BDA-8B69-483928E87765}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{6FF109C1-2363-45BA-B0C1-6AE2AF8AC70E}L:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "UDP Query User{752E4A4F-ED04-469B-AFCE-81FBEB986084}E:\eadownloads\dead space™ 2\deadspace2.exe" = protocol=17 | dir=in | app=e:\eadownloads\dead space™ 2\deadspace2.exe | "UDP Query User{7A6DFD00-CB6A-4D45-A5ED-B0FA1A3E7C79}C:\program files (x86)\phoner\phoner.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phoner\phoner.exe | "UDP Query User{7F2435E6-C588-48E4-A960-5BC2F7723288}H:\windows7\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=h:\windows7\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{7F8CF8FD-E2DF-4D6E-8039-34FA8EEAF639}L:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{8179DB4A-A5CF-4584-8762-2C4BC7966BE0}H:\windows7\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=h:\windows7\assassin's creed revelations\acrpr.exe | "UDP Query User{81DF329E-A017-4922-AB7D-DD7355023B75}L:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | "UDP Query User{8503F9C7-B4C1-4109-8590-23C245172CDF}H:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "UDP Query User{8739AA84-804C-45CF-B7C8-BF06AADAC918}L:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "UDP Query User{8A48B2D4-8CB2-4225-8DE7-FAFBE6217F01}H:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | "UDP Query User{90514EB0-263A-4E3D-83A6-84CCB21ED3C2}H:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | "UDP Query User{9360B27E-4FCE-433B-9FCD-3F60D5A91CDB}C:\users\dirk\downloads\star trek downloader st.0.20100123a.5.exe" = protocol=17 | dir=in | app=c:\users\dirk\downloads\star trek downloader st.0.20100123a.5.exe | "UDP Query User{96083BFA-866F-4BAE-923C-94E4F535B49D}L:\maxpayne3\maxpayne3.exe" = protocol=17 | dir=in | app=l:\maxpayne3\maxpayne3.exe | "UDP Query User{9804871C-06E8-4937-A840-29AF08D880FB}H:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\backgrounddownloader.exe | "UDP Query User{9EE1CF82-4EE5-4E87-A218-B41242A505FB}L:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | "UDP Query User{A97C291B-B7BB-40E8-82EE-AA8CC6264410}C:\program files (x86)\easy-hide-ip\easy-hide-ip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\easy-hide-ip\easy-hide-ip.exe | "UDP Query User{ABA8F34C-EE42-43ED-B5AF-FFF9D9A3F446}H:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "UDP Query User{ADFD9C61-F78C-48A7-AFAB-E1A55E7764EB}L:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{BB2C0FED-8875-4215-8F65-00B3A5F33738}H:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=h:\world of warcraft\launcher.patch.exe | "UDP Query User{BCC7D2C1-6657-47F7-8885-25F30E782223}L:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{C1AE2810-A568-4632-88DE-20C745300840}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{C29B04BB-287A-4B9D-8842-A429298FCBB7}H:\windows7\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=h:\windows7\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{C68D43B3-E5AF-41F6-94EA-0A8822E2DD2F}L:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | "UDP Query User{C7057B60-C6DC-46F2-8140-A2774EEE7919}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{CA2916D9-D3CF-4419-AE0A-844F40B7D11C}L:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=l:\world of warcraft\launcher.exe | "UDP Query User{CDEB00F7-6F12-4581-A1D3-D6933BBE8114}H:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | "UDP Query User{CFBF7924-1836-4A02-A181-9DB0C775CFC0}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{D697CFEC-F3D4-445F-9A6E-CBB6678C0B2C}H:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | "UDP Query User{DC9651E2-3C87-430D-8600-147058EB1259}L:\dark souls\data.exe" = protocol=17 | dir=in | app=l:\dark souls\data.exe | "UDP Query User{E19E6E2C-A4A3-4D3B-973D-9B70BE1A9CE4}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | "UDP Query User{E4803372-D458-49FB-B771-4F1F28E8E610}H:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "UDP Query User{E61E6C5F-2B37-46DC-818F-E2AD3F767A17}H:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | "UDP Query User{E8CEF5A4-D5A1-45F5-8A8D-005DB370D55F}H:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | "UDP Query User{F03C4A82-1859-4EB9-96A6-16256866B42F}L:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=l:\world of warcraft\launcher.patch.exe | "UDP Query User{F5ED08AF-ACDE-4B3F-A697-0A3B62C8A2E3}H:\windows7\witcher2\bin\witcher2.exe" = protocol=17 | dir=in | app=h:\windows7\witcher2\bin\witcher2.exe | "UDP Query User{F7A99B0E-7068-494E-982D-D93138E8FE55}L:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{FB80D494-33D6-4178-BB5E-843BAA643EF9}L:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | "UDP Query User{FC51CACE-0BDD-415A-BBC6-AB747E10152C}C:\temp\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\temp\commonfiles\java\bin\javaw.exe | "UDP Query User{FC773E80-3942-4CD3-89AD-0983348A2242}H:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=h:\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | "UDP Query User{FCDC129B-EBD5-4FA8-BD6B-59C811604D43}C:\users\dirk\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\dirk\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | "UDP Query User{FFA31173-2B90-4C43-9771-85E4180F30DD}L:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=l:\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit) "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit) "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64) "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{DAC9084F-7D76-43CF-BE78-8EA05AE13BA8}" = TortoiseGit 1.7.13.0 (64 bit) "{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{E76A136D-3A4F-40AA-BBDA-D682FCC8C90D}" = Intel(R) Network Connections 17.0.200.2 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) "51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AutopanoPro2.6" = Kolor Autopano Pro 2.6 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60.1 "Explorer Suite_is1" = Explorer Suite III "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1 "PROSetDX" = Intel(R) Network Connections 17.0.200.2 "SP6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeraCopy_is1" = TeraCopy 2.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0687D86F-B8D9-4CC1-AA98-0ED81B3CA0AD}" = ILLUSION すくぅ~るメイト2 ぷらす! "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = SigmaTel USB-IR Adapter "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2C1D4263-77F0-46F6-A3A3-F89A95F6EB8F}" = SSDlife Free "{2CF85F30-3514-45C9-A945-43659876EE1C}" = AutoRun Disable von Endpoint Protector "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{343C731F-1C08-4F90-8268-B4F3F4F9E857}_is1" = Audio Comparer "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{46B69F5F-E77D-49DE-9729-0F562564A15E}" = ILLUSION すくぅ~るメイト2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™ "{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis*Disk*Director*11*Home "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A8EFC6C1-DF0C-4F51-8779-EAC4CDB440A4}" = Plus Pack für Acronis True Image Home 2012 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{ADD9AEE8-B916-4CD6-A04B-9386DF90D594}" = Deutsche Post E-Porto "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}" = Acronis*True*Image*Home 2012 "{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible" = Acronis*True*Image*Home 2012 "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D4830EE9-E795-4CCA-AA7A-612A4E565977}" = SnapAPI "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{f5a911c0-4fa4-4cfe-82e0-8e1ab9747505}" = Nero 9 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3FD0C489-0F02-481a-A3E1-9754CD396761" = Intel® Watchdog Timer Driver (Intel® WDT) "A New Dawn" = NVIDIA A New Dawn demo "AcMgrDDL" = DDL und DTS Connect-Lizenzaktivierung "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.2.1 "ALchemy" = Creative ALchemy "AnyDVD" = AnyDVD "AudioCS" = Creative Audio-Systemsteuerung "AviSynth" = AviSynth 2.5 "BitTorrent" = BitTorrent "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Creative Volume Panel" = Lautstärkefenster "Diablo III" = Diablo III "dm-Fotowelt" = dm-Fotowelt "Dolby Digital Live Pack" = Dolby Digital Live Pack "DTS Connect Pack" = DTS Connect Pack "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ExifPro 1.0" = ExifPro 1.0 Photo Viewer "FileZilla Client" = FileZilla Client 3.5.0 "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition "GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™ "Git_is1" = Git version 1.7.11-preview20120710 "HandBrake" = HandBrake 0.9.5 "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.8.5 "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0 "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "Mp3tag" = Mp3tag v2.45a "NAV" = Norton AntiVirus "NBRTWizard" = Norton Bootable Recovery Tool Wizard "Notepad++" = Notepad++ "NST" = Norton Identity Safe "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OCCT" = OCCT 4.2.0 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "PCGen6000" = PCGen6000 "Phoner_is1" = Phoner 2.68 "PunkBusterSvc" = PunkBuster Services "SFBM" = SoundFont-Bank-Manager "StarCraft II" = StarCraft II "Steam App 200510" = XCOM: Enemy Unknown "Steam App 200710" = Torchlight II "Steam App 205100" = Dishonored "Steam App 208140" = Endless Space "Steam App 22370" = Fallout 3 - Game of the Year Edition "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 8850" = BioShock 2 "Steam App 9200" = RAGE "The Secret World_is1" = The Secret World "THX_Console_Unicode" = THX-Einrichtungskonsole "TreeSize Free_is1" = TreeSize Free V2.5 "Two Worlds II" = Two Worlds II "Uplay" = Uplay "UseNeXT_is1" = UseNeXT "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.0.5 "WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "101a9f93b8f0bb6f" = Curse Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.01.2013 13:30:37 | Computer Name = MAINFRAME | Source = Windows Search Service | ID = 3007 Description = Error - 25.01.2013 13:30:38 | Computer Name = MAINFRAME | Source = Windows Search Service | ID = 10021 Description = Error - 25.01.2013 13:50:32 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.2.1.4, Zeitstempel: 0x50be99af Name des fehlerhaften Moduls: TortoiseGit32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x50682ce9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6eeb3760 ID des fehlerhaften Prozesses: 0xb6c Startzeit der fehlerhaften Anwendung: 0x01cdfb21a01c17af Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe Pfad des fehlerhaften Moduls: TortoiseGit32.dll Berichtskennung: b68481ac-6717-11e2-ba5e-c86000be5cec Error - 25.01.2013 14:30:28 | Computer Name = MAINFRAME | Source = usbperf | ID = 2001 Description = Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben. Error - 25.01.2013 14:36:26 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TreeSizeFree.exe, Version: 2.5.1.149, Zeitstempel: 0x4ce12a76 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c4c9f1 ID des fehlerhaften Prozesses: 0x1688 Startzeit der fehlerhaften Anwendung: 0x01cdfb2a845fae38 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 200807b9-671e-11e2-ba5e-c86000be5cec Error - 25.01.2013 14:38:24 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TreeSizeFree.exe, Version: 2.5.1.149, Zeitstempel: 0x4ce12a76 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c4c9f1 ID des fehlerhaften Prozesses: 0x23bc Startzeit der fehlerhaften Anwendung: 0x01cdfb2b0806acf3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 66563f90-671e-11e2-ba5e-c86000be5cec Error - 25.01.2013 16:04:18 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e41b ID des fehlerhaften Prozesses: 0x21bc Startzeit der fehlerhaften Anwendung: 0x01cdfb36f424dd9f Pfad der fehlerhaften Anwendung: E:\FirefoxDownload\aswMBR.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 666281e3-672a-11e2-ba5e-c86000be5cec Error - 25.01.2013 16:06:00 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften Prozesses: 0xe34 Startzeit der fehlerhaften Anwendung: 0x01cdfb3736d42796 Pfad der fehlerhaften Anwendung: E:\FirefoxDownload\aswMBR.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a302cde4-672a-11e2-ba5e-c86000be5cec Error - 25.01.2013 16:08:02 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: aswmbr.exe, Version: 0.9.9.1707, Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften Prozesses: 0xb7c Startzeit der fehlerhaften Anwendung: 0x01cdfb3771ca8dea Pfad der fehlerhaften Anwendung: E:\FirefoxDownload\aswmbr.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ebe5b55a-672a-11e2-ba5e-c86000be5cec Error - 25.01.2013 16:19:08 | Computer Name = MAINFRAME | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ManagementConsole.exe, Version: 11.0.0.2343, Zeitstempel: 0x4ec3bb35 Name des fehlerhaften Moduls: snapapi.dll, Version: 4.2.0.668, Zeitstempel: 0x4f4350f8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012ff3 ID des fehlerhaften Prozesses: 0x1ee0 Startzeit der fehlerhaften Anwendung: 0x01cdfb38b7c9cc36 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Acronis\DiskDirector\ManagementConsole.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Acronis\SnapAPI\snapapi.dll Berichtskennung: 78dd41fc-672c-11e2-ba5e-c86000be5cec [ Media Center Events ] Error - 07.01.2010 15:31:12 | Computer Name = MAINFRAME | Source = MCUpdate | ID = 0 Description = 20:30:53 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden. ) Error - 23.06.2010 14:33:12 | Computer Name = MAINFRAME | Source = MCUpdate | ID = 0 Description = 20:33:12 - Fehler beim Herstellen der Internetverbindung. 20:33:12 - Serververbindung konnte nicht hergestellt werden.. Error - 23.06.2010 14:33:40 | Computer Name = MAINFRAME | Source = MCUpdate | ID = 0 Description = 20:33:17 - Fehler beim Herstellen der Internetverbindung. 20:33:17 - Serververbindung konnte nicht hergestellt werden.. Error - 11.07.2010 04:00:56 | Computer Name = MAINFRAME | Source = MCUpdate | ID = 0 Description = 10:00:55 - Fehler beim Herstellen der Internetverbindung. 10:00:55 - Serververbindung konnte nicht hergestellt werden.. Error - 11.07.2010 04:01:43 | Computer Name = MAINFRAME | Source = MCUpdate | ID = 0 Description = 10:01:01 - Fehler beim Herstellen der Internetverbindung. 10:01:01 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 25.01.2013 13:30:39 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%997 Error - 25.01.2013 13:30:49 | Computer Name = MAINFRAME | Source = PNRPSvc | ID = 102 Description = Error - 25.01.2013 13:30:49 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%997 Error - 25.01.2013 13:30:49 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%997 Error - 25.01.2013 13:30:49 | Computer Name = MAINFRAME | Source = PNRPSvc | ID = 102 Description = Error - 25.01.2013 13:30:49 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%997 Error - 25.01.2013 13:30:49 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%997 Error - 25.01.2013 13:50:33 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Norton Identity Safe" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 25.01.2013 14:32:48 | Computer Name = MAINFRAME | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht. Error - 25.01.2013 16:14:11 | Computer Name = MAINFRAME | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > |
28.01.2013, 11:20 | #7 |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Hallo.... Nochmal vielen Dank für den Versuch mir da zu helfen - aber irgendwie wäre wohl immer ein ungutes Gefühl zurückgeblieben sodaß ich mich dann am WE schweren Herzens dazu durchgerungen habe das System neu Aufzusetzen. War nach c.a. 3,5 Jahren auch Zeit Denke ich... Es würde mich zwar interessieren, ob man den Logs ansieht ob ich mir was eingefangen hatte ... Aber es eilt nicht mehr... Und wichtig ist es auch nicht... |
28.01.2013, 13:27 | #8 |
/// Malware-holic | Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? nein sah ok aus. pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.01.2013, 14:29 | #9 |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? Vielen Dank für das Feeback... Nachdem ich die Infos zu diesem Pidief Virus gelesen hatte und gesehen hab, dass die Exploits schon ziemlich alt sind dachte ich mir zwar, dass ich Glück gehabt haben sollte - aber da ich mit dem Rechner auch Banking betreibe etc wars mir dann am Ende doch zu heiss... Zumal Norton den Virus am selben Tag nochmal in einer neuen Variante in ihr Virenfile aufgenommen hat... Den Tipp mit Sandboxiee und den Backups werde ich beherzigen... Manchmal siegt halt die Faulheit auch wenn man es besser weiss... Beim letzten Umzug meines Homeservers (Daten und Backupgrab) hab ich dann auf dem Desktop kein neues Backup mehr eingerichtet - ging ja 2 Jahr gut ohne... Beim Antivirus werde ich zumindest bis das Abbo abläuft mal bei Norton AV bleiben. Und ich denke ich werde neben FireFox auch den Acrobat Reader und wenn es klappt Outlook in den Sandkasten setzen... Ich bitte nochmal um Entschulding für das Anhängen des PDFs... Ich hätte es zumindest noch zippen und verschlüsseln können um ein versehentliches öffnen auszuschliessen... Bzw. noch gründlicher nachschauen wie es bei euch läuft - also per Mail schicken... |
29.01.2013, 15:56 | #10 |
/// Malware-holic | Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? hi schon mal chrome angesehen, bietet einige sicherheitsfeatures die der ff nicht hat und sollte auch schneller sein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.02.2013, 08:54 | #11 | |
| Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ?Zitat:
Lieber Sandboxiee und FireFox... Ist am Ende vermutlich auch noch etwas sicherer... |
04.02.2013, 10:43 | #12 |
/// Malware-holic | Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? klar, es gibt viele andere Suchmaschinen. Chrome wurde von vielen Firmen getestet, da werden keine Daten gesammelt. Er ist aber sicherer als die anderen Mitbewerber, deswegen rate ich dir, sieh ihn dir mal an :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Trojan.Pidief - PDF versehentlich Aufgemacht - Infiziert oder nicht ? |
acrobat, adobe, aktuelle, deaktiviert, e-mail, email, fehlalarm, fehlermeldung, file, infiziert, kunde, kundenservice, malware, malwarebytes, neuste, norton, office, pdf, quarantäne, rechnung, scan, schutz, service, system, telekom, update, wichtig |