| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner plus Win Script Host FehlermeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.02.2013, 11:41
| #1 |
| |  GVU-Trojaner plus Win Script Host Fehlermeldung Hallo liebes Trojaner-Board-Team, habe mir gestern den GVU-Trojaner eingefangen (Bild im Anhang). Bevor das Sperrbild aufgegangen ist bekam ich eine Fehlermeldung, dass die Skriptdatei "C:\Windows\system32\21616881.js" nicht gefunden wurde (auch auf dem Bild im Anhang zu sehen). Mein erster Schritt war ein Neustart mit gezogenem Netzwerkkabel, zunächst ging auch der Desktop auf, aber danach wieder direkt die Fehlermeldung und anschließend das Sperrbild. Zweiter Schritt waren die Benutzung von Avira-Rescue-Disc (Bank-Log-Trojaner entfernt) und da das Problem damit leider nicht behoben war, die Nutzung der Kaspersky-Rescue-Disc (ohne Funde). Während dieser Scanns habe ich mich dann hier etwas eingelesen und anschließend habe ich den PC im abgesicherten Modus mit Netzwerktreibern gestartet und OTL, tdsskiller und aswMBR heruntergeladen und ausgeführt (Logs weiter unten). Dabei ist mir dann auf dem Desktop die Datei "21616881.pad" aufgefallen, die ich nicht zuordnen kann (wurde zeitgleich mit dem Autreten des Trojaners erstellt). Da die Ziffernfolge gleich ist denke ich mal, dass ein Zusammenhang besteht. So, hier nun die Logs: OTL: Code:
ATTFilter OTL logfile created on: 22.02.2013 09:52:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,38% Memory free 5,98 Gb Paging File | 5,44 Gb Available in Paging File | 90,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 593,01 Gb Free Space | 65,14% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,67 Gb Free Space | 58,33% Space Free | Partition Type: NTFS Computer Name: CHRISTIANS-PC | User Name: Christian | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (KmGameMouseServiceV1) -- C:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$CSSQL05) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (msftesql$CSSQL05) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Realtek11nSU) -- C:\Programme\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek) DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek) DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek) DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (KMWDFILTERV1) -- C:\Windows\System32\drivers\RPGMOUSEV1.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7964B157-A4B5-4DBD-9DB6-E3CE5F496BE0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{BA6847E6-F5FD-4221-A8E4-BFF69016A89A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f5770eeb-12f5-444c-a82f-9916772e316c&apn_sauid=72842836-5ACE-4246-B1E1-DEAC6EE0BA5B IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb110/?search={searchTerms}&loc=IB_DS&a=6PQjMikaPW&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Oryte Games 1.15 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2644243&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {d2f11d8b-3eb5-4b42-9511-370dbec707fb}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=f5770eeb-12f5-444c-a82f-9916772e316c&apn_ptnrs=%5EAGS&apn_sauid=72842836-5ACE-4246-B1E1-DEAC6EE0BA5B&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.04 14:49:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.04 14:49:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Christian\AppData\Roaming\16001.012 [2012.11.19 15:45:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.04 14:49:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.04 14:49:00 | 000,000,000 | ---D | M] [2010.02.10 17:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.11.16 13:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\m6odiu3z.default\extensions [2012.11.10 15:16:05 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\m6odiu3z.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2012.11.10 15:16:06 | 000,000,000 | ---D | M] (Oryte Games 1.15 Community Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\m6odiu3z.default\extensions\{d2f11d8b-3eb5-4b42-9511-370dbec707fb} [2011.12.30 09:14:32 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\m6odiu3z.default\extensions\ffxtlbr@incredibar.com [2012.11.16 13:47:17 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\m6odiu3z.default\extensions\toolbar@ask.com [2012.08.03 22:14:18 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\m6odiu3z.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.10.16 21:46:52 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\m6odiu3z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.11.16 13:47:17 | 000,002,344 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\m6odiu3z.default\searchplugins\askcom.xml [2010.06.08 11:12:52 | 000,000,935 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\m6odiu3z.default\searchplugins\conduit.xml [2011.12.30 09:09:28 | 000,002,203 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\m6odiu3z.default\searchplugins\MyStart Search.xml [2012.10.27 18:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.19 15:45:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\16001.012 [2012.10.27 18:03:16 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.11 13:59:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.05 19:45:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 19:51:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.05 19:45:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.05 19:45:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.05 19:45:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.05 19:45:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek) O4 - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [trustGTX14] "C:\Program Files\Trust\GXT14 Mouse\POINTERGHOST.exe" showhide File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe File not found O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKCU..\Run: [vasja] C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XB6Q9BF\dc78b3c9a337a58b92eebf16e4e6baf7[1] File not found O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6325807-7151-41C2-AA69-1AA75AA805DA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D51C263A-1ECC-4B6C-8A46-F75DF5895BEB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{339c0b9d-85cb-11df-a7c2-406186644423}\Shell - "" = AutoRun O33 - MountPoints2\{339c0b9d-85cb-11df-a7c2-406186644423}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.22 09:47:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.02.21 20:23:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.02.21 13:49:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\DoNotTrackPlus [2013.02.21 13:49:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\AskToolbar [2013.02.21 13:48:44 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Christian\18861612.exe [2013.02.20 17:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.20 17:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.20 17:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.20 17:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.13 23:19:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 23:19:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 23:19:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 23:19:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.13 23:19:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 23:18:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.13 23:18:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 23:18:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 14:10:24 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 14:10:15 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 14:10:14 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 14:10:14 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 14:10:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Christian\AppData\Roaming\*.tmp files -> C:\Users\Christian\AppData\Roaming\*.tmp -> ] [1 C:\Users\Christian\Desktop\*.tmp files -> C:\Users\Christian\Desktop\*.tmp -> ] [1 C:\Users\Christian\*.tmp files -> C:\Users\Christian\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.22 09:48:21 | 000,740,486 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.22 09:48:21 | 000,695,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.22 09:48:21 | 000,159,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.22 09:48:21 | 000,132,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.22 09:47:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2013.02.22 09:44:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.22 09:44:03 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013.02.21 23:59:03 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 23:59:03 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 18:58:55 | 000,011,576 | ---- | M] () -- C:\Users\Christian\Desktop\21616881.pad [2013.02.21 18:58:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2013.02.21 16:46:04 | 000,453,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.21 13:48:49 | 000,001,049 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.02.21 13:48:44 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Users\Christian\18861612.exe [2013.02.20 17:19:12 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.28 19:41:31 | 000,001,068 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Christian\AppData\Roaming\*.tmp files -> C:\Users\Christian\AppData\Roaming\*.tmp -> ] [1 C:\Users\Christian\Desktop\*.tmp files -> C:\Users\Christian\Desktop\*.tmp -> ] [1 C:\Users\Christian\*.tmp files -> C:\Users\Christian\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.21 13:48:52 | 000,011,576 | ---- | C] () -- C:\Users\Christian\Desktop\21616881.pad [2013.02.21 13:48:49 | 000,001,049 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.02.20 17:19:12 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.14 14:13:48 | 000,000,064 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\blckdom.res [2012.04.06 16:42:08 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.09.23 14:26:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.09.23 14:26:30 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.12.29 12:34:09 | 000,004,096 | -H-- | C] () -- C:\Users\Christian\AppData\Local\keyfile3.drm [2010.06.04 13:58:03 | 000,000,356 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat [2010.04.14 20:23:45 | 000,007,606 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg [2010.02.11 20:00:20 | 000,000,355 | ---- | C] () -- C:\Users\Christian\Computer - Verknüpfung.lnk ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.02.2013 09:52:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,38% Memory free
5,98 Gb Paging File | 5,44 Gb Available in Paging File | 90,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 593,01 Gb Free Space | 65,14% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,67 Gb Free Space | 58,33% Space Free | Partition Type: NTFS
Computer Name: CHRISTIANS-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD03E6-424C-48F3-925F-1779B357D5C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07D74334-2002-4F9D-ACDD-F2A65EE519E3}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{0B750369-C903-40B2-A186-3EA07BEA1D34}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0BF2DB71-EFE4-447D-8899-DC26DED8D0A1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0D53E745-C5B8-47DE-A7F3-14B250AA5D26}" = rport=139 | protocol=6 | dir=out | app=system |
"{0E0BBC8D-FEAF-4F97-B46F-EC053E62297E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20E06371-A9D6-4BFC-9C6A-53352CACC443}" = lport=138 | protocol=17 | dir=in | app=system |
"{25153E27-839E-4FE7-83D0-5F65EFE07C2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{306E12E1-9569-4169-A8CE-716BD0170689}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{376507CB-5C86-4CF4-B3C8-7F9BAE26B370}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{37AF3F48-6ECF-49F0-90A7-57511C941876}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38A2ABC3-46BF-4422-BB57-DCD54AE7B4F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3979D2F0-2725-4093-BC21-B570186BDFFA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3CD8F41D-100B-4444-80B5-2A299B1E37B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48B50140-2E5C-4626-9DD7-2236F1F38E7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D86F91C-521E-4865-AB89-1CC05E55F13E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5152427C-5EF9-4C83-A564-FAFBAE60AD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{547C9191-0399-4607-AF66-83517E7A48EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{5AEBF365-F144-4B7D-91B5-122880703342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61ACE1E8-8C5D-442C-8BBF-1AE5697C774B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6731A5D8-6B95-4F04-99A2-BD98CBD33A0E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{680C6721-EE3E-4C23-8329-01E55FDAFF8F}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{7641094E-350E-4920-B0EA-55CBE9ABA4AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78762CDF-C81D-485F-823E-6DFEEA0D8E07}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7944BDC8-F9FC-4FCC-A098-1A28CFADC7C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{8071292B-D304-4B4E-A772-58B54FAE446C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8081D5FC-E920-4F1A-B576-D705A850A822}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{83373ACB-430B-4E4F-88EE-775264949A60}" = rport=10243 | protocol=6 | dir=out | app=system |
"{874B4DA5-2F52-431A-A93E-0ED2A891069E}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C25EF05-5674-44B5-BAB1-05F082465BD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95BBF75A-53B8-498D-B6F7-7A876FBF8243}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9CC5E7AA-2476-493D-9D7A-14BA1477B1E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADBD9943-0B62-4B34-A593-C886A3C55529}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3E6BC56-8FA1-47CC-8EB3-1CE001364879}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B3EED441-ACB8-486C-92DD-37358F345A06}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{BB700A2C-4E57-4B18-91FA-F793139AFBCD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2965B06-6456-4141-8133-D704ABF1F547}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CFF38B18-0972-4EED-B5C1-705AE891540F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D36CC3B6-CC05-47C9-B41F-94F1E372780B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6A827D1-913B-4A8E-8668-5AB0C0443969}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAAB0AF4-3346-4936-AEB5-24CCE476571B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E53CC357-4D4F-4081-8ACF-5CDDF1D2C43D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E66F003A-AE4A-4953-B0D7-5F4C4AA9DB50}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EE03D1D6-498E-4FBF-980A-01FA115B99BB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EFBAA075-F346-445B-A09B-3ABE504AA321}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F04B2E18-414D-4145-9883-E5127282DB21}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CA41A8-C311-4926-8C82-7EC276838E2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{0578C8F4-12EC-4882-A0B3-3DF803AF374B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{07B242BB-897E-4549-8382-1BF0CE397B67}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0842B58E-0F0F-41E4-AE17-8CC7CD6D4B2D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{0903D4AE-8C2F-4847-BF0A-B34AC72B8E68}" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.exe |
"{0E0030C9-4DE0-44AE-B2E2-21898A7AE65E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{0F452394-8493-44D9-A8D5-58C07A297EF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1037E36B-A50C-4A17-B302-A33C875EF07C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{10784C34-33B6-4BB7-84A1-5F0E477A8C8B}" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.patch.exe |
"{1419BBDB-2819-4138-B9CF-F3E3476C6036}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{16FF35F5-FD69-4F41-B057-4EB3F0E4C410}" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"{1D975FF3-2744-4C5E-9870-B33E41796CB2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F5B25D6-D6F7-4E53-9C7D-57A0EC5645AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{1F8DAC03-253C-4B23-A1D9-7F41E9FE3780}" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\blizzard downloader.exe |
"{20FC935F-CD80-448D-9CE5-0CF854DAC921}" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.exe |
"{239FB269-D419-40F2-AB4E-52650D89ABA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25B1FAAC-5F6C-4DCB-ADE3-46A0B8B15A0F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{278752EB-D97E-40E0-B358-D7CA881E6864}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{2BECB21E-11A4-45E2-AF7E-1ECA5348911D}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{2C73C383-99BE-42C1-BA50-BB7DCA67963A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{30265108-0369-4D32-8599-AE8590DE05E7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{365C1777-DAB3-43BC-AE6C-81C806506B18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{394E2FB7-E89B-46FC-AD24-351879B45AB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{398687F5-804E-4511-8477-5A8651BC0EBF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{40661B66-859B-417B-9299-10512A59AC07}" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.exe |
"{40D4519E-E27D-4E05-9789-9B9DC75BCF52}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{43B11839-0218-4EDD-9C1F-0AD1CA8009BF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{46EFA147-4F37-4560-AEC3-48C2A2F923BC}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{480B830C-7ED1-40DF-98D6-15017E5EBBFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B888B98-12A6-466C-AEB9-4D1FAF62B312}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{526E84D9-78E6-497C-AC02-C08BAA68A621}" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.patch.exe |
"{59C6B19F-A6B1-4178-8661-0BF48A22AF8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C647627-6CFD-4726-A4C7-3B7C0FCCEA14}" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\wow.exe |
"{62D7820B-AEB2-4DCC-A396-FD4650096D6C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6793D2CC-9760-4F7B-9ACA-4F2AD995743A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{6FAA28BB-25EC-4FE1-B7E4-0152ED8C9A18}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{734EFBF4-2BD3-4387-86EB-B527D307E3D2}" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.exe |
"{7774D7DF-E5FE-41E9-A328-87EBE84B970C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{7CC29065-D9F1-4567-B70E-C3A36B90BDFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E007CE9-EB12-4874-8891-986FC51BED09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EF43B1A-EB52-4B8B-BC50-25223581D85B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95A37C3D-19A0-49F4-AD4D-FD8F28EB1755}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{96C81C27-E5DE-48D9-B1B5-A708C1004C6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{970599E7-CE96-4085-99F7-A557802DDC84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{985F4CBE-2806-40FE-A99C-B39EC0638ACC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{986A55D4-1333-4C35-B881-68514EA5DCE3}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{9A214066-2591-422E-9DB5-2F61F9B6BEFC}" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.exe |
"{A48C76CE-0D62-490E-AF51-EA6096C6293D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A49EB32E-28F2-4307-9B2F-4E9C3D9B2B41}" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\wow.exe |
"{A70B9642-4461-4530-8990-06378D8FDE71}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B51E83AC-098E-4DCC-B1C8-AB192A7C0FA3}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B8B81F67-FB1F-42EC-8478-C8DF94BBA3B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBACC5D8-41B5-4567-B649-1DC39D32E192}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD826F76-D84F-4425-B925-EEC5411C38F5}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{C31F3D19-0550-4B4A-87DA-E239B009A6A4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF8AABE2-A39F-4BE7-BC85-6E43004073FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{D8656DE4-F69A-4ED8-9B50-F8A68A279B7A}" = protocol=6 | dir=out | app=system |
"{D883F995-F688-455E-861D-A5BB9B932E02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAC1AB1F-0221-4846-98FC-42460B86F26F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DB85606B-1518-48D4-9BFA-A8BE729CF200}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{E05DE648-7B13-4AAE-9DEF-AF02547E3415}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E3A6D684-8DF7-4621-B6F6-A918A83EEECC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E45ECD62-037D-422F-9ACD-6363BC833B27}" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"{E6C1657C-996A-4F2A-885C-E273754B0741}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E7DB8BF9-DE1F-41BD-A501-A1BE314EE67F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EBA7A056-0591-408F-ACBE-A5EFA181CEA9}" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.exe |
"{EEBD4601-6DD5-4CAB-BA23-D6294ABCC3BD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F10A1D55-7437-47A2-BBB6-1987DEF6F5C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1389403-CB06-497F-BF15-5CCF45DB4305}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F197FDF9-37D8-45C6-8A00-F5575480DC17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F41B9F09-4F25-497D-9794-90C839188276}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F63B5083-BD12-42FA-9947-24F884BC52B1}" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\blizzard downloader.exe |
"{FD870598-8F9E-42D2-B815-AFCCF027DA9A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{05A89AF8-DF6F-4C2F-BE57-E43E7E615541}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{07ED4E61-950C-48F8-90F2-6894969BF529}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{08B43410-09D1-43A2-92A0-4A22251EEBB4}C:\program files\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"TCP Query User{0FCDD03C-018E-4E69-A4C6-9D098349144D}C:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{10922DD0-A04D-4C60-BAA0-5F4AAFE48EBE}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{14111F6F-F55E-4366-AF95-82AA59823408}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{17DDA16D-6C13-4492-A25B-19E1CA17326C}C:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{1AEDD44D-7B4A-49FF-967C-64A2ED92FC5E}C:\users\christian\desktop\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.patch.exe |
"TCP Query User{1B3DA200-8F06-4EC3-8C39-87C554F8C78A}C:\users\christian\desktop\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\backgrounddownloader.exe |
"TCP Query User{1B3EDEFC-38B0-4543-8C7C-E429AD12D298}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{20E77770-56AE-478B-99BF-295A4E4BF42B}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{25AEBABC-C95F-402C-A6D3-B724D7298B9D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{2B2B4686-4F21-45D2-8A8A-B23F3CDFE89B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{2DCEAE3D-9B7D-4E1D-A142-A08E31ABDA6A}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{2F0535FC-AEE7-4865-8722-6CCFA6E0AF44}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{33B9B147-98BB-42BD-957C-47591B12DEDD}C:\magic workstation\mwsplay.exe" = protocol=6 | dir=in | app=c:\magic workstation\mwsplay.exe |
"TCP Query User{4674182B-12CB-4B2B-A1F7-86575EF87E7D}C:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{4826884B-0030-4146-9EF0-ECE63215E01F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{5019DAD2-53FC-497A-A914-56113C182452}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{5F618F52-5383-41D4-8FCE-DB1E199C6F63}C:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{717DB3F4-779F-4BB7-A1E9-D98E5EFEE0BB}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{71AAB83B-67A1-4414-96CF-06648B3F1296}C:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{7201EEFC-5656-4AB2-9D66-6391135C5B57}C:\program files\rapidstorm\bin\andorcamd1.exe" = protocol=6 | dir=in | app=c:\program files\rapidstorm\bin\andorcamd1.exe |
"TCP Query User{744A47EA-4C90-4106-BA28-FEBF4176E759}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{7CA34EBC-3759-4EDB-AC4C-1354B3CCD655}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{84ECEF2E-7F49-4536-9891-D032A02ACC59}C:\users\christian\desktop\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\blizzard downloader.exe |
"TCP Query User{8B884B01-BEA6-435C-866A-EED658293E30}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{8F5576FB-6ADB-42A5-886E-365D52D1E53C}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{9417A268-2454-4896-A27B-6374D2B0EAF1}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{9F6FB1BE-D34E-4B58-A700-8CC731EF0803}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{A100AD4A-F95A-4B10-A76E-EC539BD52389}C:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{C2FA29BA-1CE2-4578-88BE-27916A009C47}C:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{C57243D9-8475-4837-91B5-185C5DC78E06}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{C65B9F07-E5EC-42C9-82F4-E53075140433}C:\program files\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"TCP Query User{C85A1421-95CB-4E8C-87E3-5184EED21B3D}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{D973A34F-6101-4A61-9AD2-C1AB439F19C7}C:\program files\rapidstorm\bin\andorcamd1-dummy.exe" = protocol=6 | dir=in | app=c:\program files\rapidstorm\bin\andorcamd1-dummy.exe |
"TCP Query User{DBDAA122-5646-49F4-8FCC-7C0DFC82B815}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{E306E746-FA0D-4622-BCC9-6ADE54874529}C:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"TCP Query User{E5A74D3A-0B99-40A6-BA9E-A333DDC9D02B}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F3E0C0D1-7055-43E2-B223-554C99101151}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{F3FCEB04-CA54-4BD2-82FB-0A141D676331}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"TCP Query User{F57AECC8-95BA-4584-9253-395A4E25E1F3}C:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{F712D8A1-1685-4182-891B-C42CDD8B6DFD}C:\users\christian\desktop\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\christian\desktop\world of warcraft\repair.exe |
"TCP Query User{FA7D1D7E-889F-4F39-8498-2DB647B2D10F}C:\users\christian\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{15817735-4789-4421-8321-A400AC4C03F9}C:\users\christian\desktop\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\backgrounddownloader.exe |
"UDP Query User{1D440B4E-0DB8-49EE-9F55-36439A67FB3A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{23FD8D23-3376-4BD7-9A66-7618A9AC1E1D}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{28C1CB00-D761-4F58-9999-0491FE7ED670}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"UDP Query User{4C35B22E-3165-4DE9-8C75-05D79BC4244F}C:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{4F1DAA48-CEF7-46C5-A85A-806005DE683A}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{4F7ACC29-6BF0-469F-8B67-9F6DF0F0BC9F}C:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{57EFD694-70AB-412B-BBE7-66599C7671D5}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"UDP Query User{5A8F7459-BB40-4A5E-B49B-4DAA210D489A}C:\program files\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"UDP Query User{5D189075-B749-4533-A01D-C45EB1CFDF14}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{5E7CA083-0002-4B30-B199-9F8F5F9365E0}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{61BD112E-58BF-4BF4-B5B0-04D2245209FD}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{69408B3D-EE5F-4102-8506-239CFF323A1A}C:\program files\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"UDP Query User{76895289-707F-4D4B-A762-594119864881}C:\program files\rapidstorm\bin\andorcamd1.exe" = protocol=17 | dir=in | app=c:\program files\rapidstorm\bin\andorcamd1.exe |
"UDP Query User{7B42F337-0E81-4FE2-BB38-174F788BDBE1}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{7DE30447-1B28-4749-9DEA-ECFC4443ACF2}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{7EB55CFB-FF3F-4497-A29D-13D8CEA08AED}C:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{816D3F39-3706-40A4-915A-022EC821F490}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{84379303-ED97-486E-B158-B66009A9602E}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{85A08FB4-0665-4B54-B3D0-A5BDEC29CAB3}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8760F7B9-FE34-4742-9B9F-C97EAFC0ED13}C:\users\christian\desktop\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\repair.exe |
"UDP Query User{88DFE79C-3D15-42A0-8C64-8752312450D5}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{8C5A5347-7741-4FDF-AA6A-00D2B85F8766}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{9718643C-DAA7-4A87-8EC1-B25E0B2EA719}C:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{99102808-F1F8-489B-B05D-AE2101C6F632}C:\users\christian\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{9BD7C1BF-8131-482A-85CA-98DE0688B8C8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{9E1D74B6-B91F-46F5-A05E-FB847E3CB69D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{AC19F465-185B-49C3-89FA-EB1C5881DDBC}C:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{ACF8EC9F-FE17-4853-9C6F-1359E12C7AAF}C:\users\christian\desktop\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\launcher.patch.exe |
"UDP Query User{AF1183F1-2893-4802-AE68-27917B9EE8EA}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{AFD0CED2-25E4-455B-BB68-08272F6BEE91}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{B3CB34FF-369C-4F02-8D6F-5F89C891FB38}C:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{B62582AD-508D-4A0E-ACD2-B2725FD5F70B}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{BC2C9ECE-0F85-4DBB-A3E8-DCC12C10C59A}C:\magic workstation\mwsplay.exe" = protocol=17 | dir=in | app=c:\magic workstation\mwsplay.exe |
"UDP Query User{C11D71EE-1562-47E4-85F1-9CF61825F77B}C:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"UDP Query User{CFAAA717-CE37-4FC0-B27B-1193FFD77135}C:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D8DEE5CE-3CDE-4C47-BFCE-76017B29A151}C:\users\christian\desktop\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\blizzard downloader.exe |
"UDP Query User{D8DEEE8E-94A4-4069-ACE8-4A43F9ACB631}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{E089A8F8-B471-403E-BF5A-1C6EEC2E840D}C:\program files\rapidstorm\bin\andorcamd1-dummy.exe" = protocol=17 | dir=in | app=c:\program files\rapidstorm\bin\andorcamd1-dummy.exe |
"UDP Query User{E277C882-BB38-4973-A0F4-BD193BE19463}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{E5172167-A7B7-42A0-A8DA-4D3302254985}C:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{ECC3A9BA-7167-4375-8A74-FFEA3289F205}C:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\christian\desktop\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{FBD45132-719F-4CEC-81D3-58899A35090E}C:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{FE20AF11-3AF2-4FFA-A85B-90A1D8B10ABB}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47C6C88F-FA95-49C8-B57D-5C5F093738E1}" = iTunes
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{694F7A8C-691D-4C98-BADB-54687CA73A70}" = Smart Technology Programming Software 7.0.11.42
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Magic Workstation_is1" = Magic Workstation 0.94f
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTG Card Images for Magic Workstation_is1" = MTG Card Images for Magic Workstation
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"pywin32-py2.5" = Python 2.5 pywin32-210
"rapidstorm2_is1" = rapidSTORM 2.0.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ThiefDeinstallKey" = Dark Project: Der Meisterdieb
"Trust GXT14 Mouse1.2" = Trust GXT14 Mouse
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.02.2013 12:50:08 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 12:50:08 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 13:58:08 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 13:58:08 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 13:58:08 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 18:51:42 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 18:51:42 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 18:51:42 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 19:01:09 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 19:01:09 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.02.2013 19:01:09 | Computer Name = Christians-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
[ System Events ]
Error - 22.02.2013 04:47:44 | Computer Name = Christians-PC | Source = DCOM | ID = 10005
Description =
Error - 22.02.2013 04:51:26 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:51:26 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:51:26 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:53:32 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:53:32 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:53:32 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:58:32 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:58:32 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.02.2013 04:58:32 | Computer Name = Christians-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Log poste ich nach Rückmeldung, da ich die maximale Zeichenzahl überschritten hatte und die Datei auch zum anhängen zu groß war (Will keinen Doppelpost machen, damit nicht davon ausgegangen wird, dass mir schon geholfen wird, hoffe diese Entscheidung ist richtig). aswMBR: Fehlermeldung immer an der gleichen Stelle, Programm schließt sich nach Klicken auf die Fehlermeldung direkt, daher kann ich den Log bis zu dieser Stelle leider nicht speichern. So, ich hoffe das war soweit richtig und hoffe, ihr könnt mir weiterhelfen. Vielen Dank schonmal! Gruß, Christian Geändert von Christiann (22.02.2013 um 11:45 Uhr) Grund: Bild angehängt |
| Themen zu GVU-Trojaner plus Win Script Host Fehlermeldung |
| aswmbr, avira searchfree toolbar, battle.net, bingbar, black, bonjour, desktop, error, excel, firefox, flash player, google, home, hängen, install.exe, launch, logfile, mozilla, plug-in, problem, realtek, registry, security, senden, server, svchost.exe, system, teamspeak, trojan.banker, trojan.fakems, usb, windows, winload toolbar |
Baum-Darstellung