|
Log-Analyse und Auswertung: Trojaner ... Gen:Variant.Symmi.10415 - Online BankingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.05.2013, 17:23 | #1 | |
| Trojaner ... Gen:Variant.Symmi.10415 - Online Banking Hallo, jetzt ist es mir passiert. Seit gut 3 Jahren habe ich mir weder einen Virus noch einen Trojaner oder ähnliches eingefangen, während ich bei meiner Nachbarschaft immer den "Bundestrojaner" entfernen musste. JavaScript habe ich zur Sicherheit bei Firefox immer ausgeschaltet. Adblock hat mich vor Werbung geschützt. Bei der Installation achte ich immer auf Häcken bei Spyware, usw. Dann wollte ich die Website von Mark Zuckerberg besuchen, die er 1999 erstellt hatte, war in den Nachrichten. Da er viel mit JavaScript gearbeitet hat, habe ich es bei meinem Browser mal wieder aktiviert. Das ist so 1 Woche her. Und jetzt habe ich mir wohl ein Trojaner eingefangen. Auffälligkeiten: 1. Beim Drücken der Tasten ^^ und ´´ erscheinen die Zeichen doppelt. 2. Firefox und Thunderbird frieren manchmal ein, beim Senden von E-Mails werden auf einmal die Grafiken nicht geladen. 3. Was ganz schlimm ist ... mein Online-Banking ist nicht erreichbar. Wenn ich mich einlogge, erscheint ein Status wie "Für ihre bequemlichkeit laden wir Daten runter." - schlechtes Deutsch. Und läd .. da wurde ich stutzig und habe im Taskmanager den Prozess avyr.exe gefunden, der unter Roaming in einem Ordner liegt. Den habe ich sofort beendet, und die Datei in .txt umbenannt. Dann bei Virenscannern hochgeladen. Ergebnis: hxxp://virusscan.jotti.org/de/scanresult/b3296657ca9c6fdc7e8aee3f9ccf9541403634b3 Gen:Variant.Symmi.10415 Ich finde auch merkwürdig, dass beim Online Banking immer etwas von "securepro150.com" geladen wird, laut Firefox. Das kommt auch jetzt noch. Hier nun die Logs: defogger_disable.log Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.05.2013 17:48:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maurice\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,21 Gb Available Physical Memory | 82,66% Memory free 31,96 Gb Paging File | 28,98 Gb Available in Paging File | 90,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 10,98 Gb Free Space | 9,83% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 732,86 Gb Free Space | 78,67% Space Free | Partition Type: NTFS Drive G: | 117,19 Gb Total Space | 14,00 Gb Free Space | 11,95% Space Free | Partition Type: NTFS Drive H: | 348,56 Gb Total Space | 34,96 Gb Free Space | 10,03% Space Free | Partition Type: NTFS Computer Name: QOQ | User Name: Maurice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.02 17:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maurice\Desktop\OTL.exe PRC - [2013.04.12 00:00:27 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.03.15 00:42:53 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.24 21:09:36 | 000,016,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\agcp.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.08.08 16:49:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:29:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:29:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.14 20:47:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.05.19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.19 16:39:14 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.04.10 10:03:46 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe PRC - [2008.11.06 06:25:21 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe PRC - [2008.11.06 06:24:41 | 000,846,344 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe PRC - [2008.11.06 06:24:21 | 000,526,856 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 00:00:27 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.15 00:42:52 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.02.14 21:10:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 14:02:38 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73095717d4f6e55c95cc4b1e0eb2d13c\IAStorUtil.ni.dll MOD - [2013.01.10 14:02:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\81df35c58c5880bba568914a95c3f84a\IAStorCommon.ni.dll MOD - [2013.01.09 21:02:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 21:02:38 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 21:02:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.09 21:02:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 21:02:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 21:02:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 21:02:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.30 04:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2013.04.12 00:00:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 00:42:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.05.14 17:15:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.08 17:29:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 17:29:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.14 20:47:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.05.19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 17:29:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 17:29:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2011.12.08 06:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.05.10 18:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.01.21 00:10:54 | 001,102,112 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2010.01.07 10:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.10.16 01:33:20 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F F4 C2 F9 0C 44 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.0 FF - prefs.js..extensions.enabledAddons: info%40maltegoetz.de:1.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "www-proxy.t-online.de" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "www-proxy.t-online.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "www-proxy.t-online.de" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "www-proxy.t-online.de" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.25 17:32:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.27 23:53:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:00:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 13:43:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.25 17:32:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 00:00:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 00:00:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 13:43:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.12.24 19:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\Extensions [2013.04.22 21:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\Firefox\Profiles\onisaz2i.default\extensions [2013.04.05 11:22:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Maurice\AppData\Roaming\mozilla\Firefox\Profiles\onisaz2i.default\extensions\ich@maltegoetz.de [2013.04.22 21:38:27 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\info@maltegoetz.de.xpi [2013.04.17 19:05:26 | 000,005,429 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.02.15 00:17:26 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.20 16:27:25 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011.12.24 21:17:52 | 000,004,140 | ---- | M] () -- C:\Users\Maurice\AppData\Roaming\mozilla\firefox\profiles\onisaz2i.default\searchplugins\youtube.xml [2013.04.12 00:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 00:00:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 00:00:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.04.12 00:00:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.21 19:05:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.06.20 13:10:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 18:54:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.20 13:10:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 13:10:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 13:10:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 13:10:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [Kyesg] C:\Users\Maurice\AppData\Roaming\Uvher\avyr.exe File not found O4 - Startup: C:\Users\Maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04D192DF-7EA0-4505-AFF6-C5CD31278819}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76578C98-2596-4999-BDB8-8C2C2700089A}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90DD6963-6CBA-43E5-90EA-E893DB2A82DF}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.02 21:08:31 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2b8017ca-2e4d-11e1-8c34-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2b8017ca-2e4d-11e1-8c34-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe O33 - MountPoints2\{c928e419-5653-11e1-8584-f46d046543b8}\Shell - "" = AutoRun O33 - MountPoints2\{c928e419-5653-11e1-8584-f46d046543b8}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.02 17:47:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maurice\Desktop\OTL.exe [2013.05.01 23:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.05.01 23:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2013.05.01 23:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.05.01 23:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.05.01 23:01:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.05.01 22:58:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.01 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Uvher [2013.05.01 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Cuampu [2013.05.01 19:24:52 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Biokci [2013.05.01 00:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.13 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\Maurice\Desktop\eBayQOQ [2013.04.13 02:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oZone3D [2013.04.13 02:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\oZone3D [2013.04.13 02:37:03 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\poclbm [2013.04.13 02:30:36 | 000,000,000 | ---D | C] -- C:\Users\Maurice\Neuer Ordner [2013.04.12 17:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.04.12 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Bitcoin [2013.04.12 17:23:55 | 000,000,000 | ---D | C] -- C:\Users\Maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin [2013.04.12 17:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin [2013.04.12 00:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.03 13:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.05.02 17:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maurice\Desktop\OTL.exe [2013.05.02 17:47:19 | 000,000,000 | ---- | M] () -- C:\Users\Maurice\defogger_reenable [2013.05.02 17:46:39 | 000,050,477 | ---- | M] () -- C:\Users\Maurice\Desktop\Defogger.exe [2013.05.02 17:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.02 16:59:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.02 12:37:03 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 12:37:03 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.02 12:34:08 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.02 12:34:08 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.02 12:34:08 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.02 12:34:08 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.02 12:34:08 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.02 12:29:55 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.02 12:29:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.02 12:29:49 | 4281,024,510 | -HS- | M] () -- C:\hiberfil.sys [2013.04.24 13:42:49 | 000,000,653 | ---- | M] () -- C:\Users\Maurice\Desktop\Ordner.lnk [2013.04.23 02:34:28 | 000,050,358 | ---- | M] () -- C:\Users\Maurice\.recently-used.xbel [2013.04.12 11:31:45 | 000,418,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.02 17:47:19 | 000,000,000 | ---- | C] () -- C:\Users\Maurice\defogger_reenable [2013.05.02 17:46:38 | 000,050,477 | ---- | C] () -- C:\Users\Maurice\Desktop\Defogger.exe [2013.04.24 13:42:50 | 000,000,653 | ---- | C] () -- C:\Users\Maurice\Desktop\Ordner.lnk [2013.04.23 02:34:28 | 000,050,358 | ---- | C] () -- C:\Users\Maurice\.recently-used.xbel [2012.06.18 16:51:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2012.05.13 18:45:46 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.13 18:45:44 | 000,000,900 | ---- | C] () -- C:\Windows\Printfil.ini [2012.02.15 23:44:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.12.28 16:42:37 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe [2011.12.28 16:42:37 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.12.25 17:31:34 | 000,218,998 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.12.25 17:31:34 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2011.12.24 21:42:54 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.24 21:42:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.24 19:24:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.12.24 19:24:22 | 000,030,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.01 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Biokci [2013.04.13 04:16:21 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Bitcoin [2012.01.22 13:40:09 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Canneverbe Limited [2013.05.02 17:14:18 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Cuampu [2012.07.03 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\elsterformular [2013.04.13 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\FileZilla [2012.04.01 00:55:57 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Firefly Studios [2013.04.13 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\gtk-2.0 [2012.11.21 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\loadtbs [2012.02.11 03:50:07 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Notepad++ [2012.07.26 20:41:47 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Nvu [2012.12.04 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Origin [2011.12.28 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\PDF reDirect [2013.04.13 02:37:03 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\poclbm [2012.02.27 22:22:05 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Samsung [2012.07.27 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\SendSpace [2011.12.28 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Thunderbird [2013.01.31 12:40:56 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Trillian [2012.06.18 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Tunngle [2013.05.02 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\Maurice\AppData\Roaming\Uvher ========== Purity Check ========== < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.05.2013 17:48:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maurice\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,21 Gb Available Physical Memory | 82,66% Memory free 31,96 Gb Paging File | 28,98 Gb Available in Paging File | 90,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 10,98 Gb Free Space | 9,83% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 732,86 Gb Free Space | 78,67% Space Free | Partition Type: NTFS Drive G: | 117,19 Gb Total Space | 14,00 Gb Free Space | 11,95% Space Free | Partition Type: NTFS Drive H: | 348,56 Gb Total Space | 34,96 Gb Free Space | 10,03% Space Free | Partition Type: NTFS Computer Name: QOQ | User Name: Maurice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028A2843-D03F-4E58-BBAF-407C772ECAB7}" = lport=2869 | protocol=6 | dir=in | app=system | "{35DB2568-E4AA-404F-83E2-5551A76143FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A7FEF1C-E5D3-4499-BD48-19CC0DD6F852}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4A0E579E-0462-473F-9BE9-CBE437E3265F}" = lport=5357 | protocol=6 | dir=in | app=system | "{4F16DA50-FB22-489A-9A3F-FA71CF25753E}" = rport=5357 | protocol=6 | dir=out | app=system | "{5141B8A0-1EA2-4111-9D4D-AD4DF1457495}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{63F37A29-8C07-49FF-8E3F-CEF00139E4A6}" = rport=5358 | protocol=6 | dir=out | app=system | "{6D02EBEF-A2A6-4338-9465-E0F2EF3D63EF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{6F56A32D-BCD9-43F4-AEAA-26A7E8B83A3C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{80E7C223-FF0D-4EB1-93DE-E71D613140D8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{877B2000-DB0C-4379-8772-ABE6DF54F0F1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{88044E79-7459-4BFF-B5BC-7D960F23BDA2}" = lport=5358 | protocol=6 | dir=in | app=system | "{8ACAF68B-7D69-40E7-BA77-16D984BDF85F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{93B20578-CED6-444B-8BF5-9D114B6D87E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9585D6F0-8EA5-4FB3-B435-4142F6AD52DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{962F7314-9001-4592-B4DA-781CDC038C05}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{A22CF3AE-66D6-4E29-971B-68DC626D057B}" = lport=2869 | protocol=6 | dir=in | app=system | "{C82A4E8B-EA51-474E-8BEE-D8E0C14D959C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CB2ABCD7-36AB-4ED9-9A29-B8AF1FB007AC}" = lport=2869 | protocol=6 | dir=in | app=system | "{D470899D-6D0D-45B0-9962-DEA44B9D7BDD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E81EE90C-B064-4F42-9B05-396DEF71D5EF}" = rport=2869 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0496623E-A6A2-4243-B8FA-337C2B5E45FE}" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "{0732EB05-4D23-4282-872C-E1703ECEC27A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | "{0788BB0C-021F-461A-89FA-BEF7A7D994D9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{096184C1-3877-4B3B-9941-4622EB6CB206}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{09ED1D7A-1100-4003-9302-7C3F3246359F}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | "{0DCA5FED-29A6-4A0A-BA68-BEB358BBFE96}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{0E95B475-CA92-45C4-94EC-2474BB8040FC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{0EC754F0-ED2B-4C72-AFB9-34774215BBCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{10307749-1FAE-4C43-B830-E60BE49FDB11}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | "{10D78FC0-12A6-41F2-B848-7F8D58699851}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{116F17D9-28B4-4DB3-BE62-9A92386A0F60}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{13F8D248-6713-4DC3-AE45-F403DC490ED1}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | "{191D0D20-044A-44F1-9418-5183F7565A3B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{1AB4EE92-9516-4CA1-9330-674B60BAEFBC}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | "{1B7A2DB1-FF31-442E-9107-D9AF912121AC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{1E238B00-8102-45F6-A5E6-532FADFBE90C}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | "{208A11BA-1B9E-43E4-88B8-A19687A150AC}" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "{20C2C587-4FAE-496E-B55C-F77D9E384C39}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | "{20C9941F-C373-47F3-9AF5-96DF4892F4B2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{214A52E4-62E4-4DDB-A5E7-DB4BD18CEF6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{216FD7EB-1976-447A-AF46-F76C05C60842}" = protocol=17 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | "{21B3F84F-2D65-456F-A5AD-F913DF1AC9DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{24CAF27B-3A9A-4DD4-99E7-460E8BA891AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{272A442A-55A7-4166-B6E9-F7820B9EA48A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | "{2B7D6CFA-68EE-4784-834B-D5C630F04AD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{2CEFD51B-B14A-4ADC-8DC2-FDACEF2546CA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{2DF377E6-7122-4898-A12F-8BE7B3E3E02D}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | "{2E535313-3959-4153-93F6-7D7E3AA6E116}" = protocol=6 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | "{2EFC4FCF-2060-4C04-9B9B-57558215BBFE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{31186E7E-1784-4621-941A-A728FFF8684B}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{33F77227-5E61-4EE2-90E4-D8911F7ADB1C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{340BA5CA-8D01-461A-87FC-ADE83D33E503}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{35028F38-F2E1-49AC-8F53-57F016CB6ED4}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{3719E429-2389-4B52-A0D5-4B0C6A1D87DF}" = protocol=17 | dir=in | app=g:\spiele\starcraft ii\starcraft ii.exe | "{37593186-4CE5-4E47-AEAF-00EE2F54EA72}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{38773358-38DC-48CC-8136-3E8ED0E2DD32}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{3B139121-2E97-4ECE-9721-D22BF64DA39E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3C51A34F-1F5A-493E-B6D7-483962C4919A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{3D1CE58D-6DF9-476A-BFE2-497A8A512258}" = protocol=17 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | "{3DB90A69-D054-4E2D-8904-A79867BB9D7B}" = protocol=6 | dir=in | app=g:\spiele\starcraft ii\starcraft ii.exe | "{40693C86-B143-40E7-92EC-11F90A42E028}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{40E6D333-6C30-4627-AA67-AEDF3AF282F9}" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "{4103ADDB-48A7-4F25-B989-3A6D5888AD72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{412FC0FD-8EDC-43B0-96DF-1E22C51F1FBD}" = protocol=17 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | "{41F3A082-4153-4E3A-841B-03572E9F4D17}" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "{42770BDB-9B92-4C32-BE66-C76B23BAC866}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | "{427F5AB0-81B6-4A6F-BC39-B308438EC717}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | "{447C3EE3-27EF-42D0-9F4B-634CA5DB28CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{46AF6B1E-01EB-425A-BB28-4C456F6E05EF}" = protocol=6 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | "{48261D98-A33A-4F3E-8A01-A674160867A8}" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | "{49CD88F5-6A97-4AF6-A345-AF4F5602FE5E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{49D6F561-9956-4ED2-A81C-8F6DC87B2C6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{4A7AC534-C95E-4C09-B1E4-F1881AC359E1}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | "{4B979F4F-A55F-4FF8-8F0A-C343DCDB68BB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | "{4C64B056-64B7-436B-BA8E-BFC9BE256AC7}" = protocol=6 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | "{4E462467-DA03-46FE-97F1-BAA08B6EC2E6}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | "{4EB574FE-F9DF-4D89-8C3A-363BD556182A}" = protocol=6 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | "{4EC3654A-382E-4169-A40B-44D38105BD15}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | "{50B327F0-0B1E-4BBD-87DB-D17481A112AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{526EEF4A-DDA1-4066-B088-DB2F1F91346F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{550EB3D1-DD22-467A-B0D3-9D69ADEB1F98}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{563D8BE1-BA9E-4EB7-ABC1-EAFAC1170CA8}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | "{587F7043-755D-4AC4-BB77-3CEE8119D9FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{589C0074-9D6D-49EF-A760-10DF8AD5B016}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{5E7C9CE9-3EFE-4E5E-935A-7D117E890207}" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "{5F7EE34B-9D27-4321-9671-4D8A24458FA7}" = protocol=6 | dir=in | app=f:\spiele\diablo iii\diablo iii.exe | "{604E4137-20A4-4ABF-AF61-C9BE8F13B01B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{63AFE182-B232-448B-8B5D-7239C2C628F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{681397BA-00CA-40C6-B432-D8A3FC7E0132}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{6959C6FC-4F22-4FB9-9846-E33244113CB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{6BF1F9FE-6250-4657-B480-62A0E492E4C4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{70095100-7578-4DD4-A355-79CAC59730EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{730257BD-50D4-4D95-A265-0B4A5B1BF9A4}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | "{73179A52-D6B6-4A9D-80D2-ACED074FD584}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{73A8F2F2-8C55-4DE8-B56E-5457E44E93EB}" = protocol=17 | dir=in | app=g:\spiele\world of warcraft\launcher.exe | "{73FDA2D5-F139-4DCA-9AAF-507961AADF31}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | "{769C4716-1F74-424F-AA04-565662371DBA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{770505AB-0C8A-452A-8C95-408ACEF874A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7793C6D8-78FA-4FEC-80D5-0EEB9A235E4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{779D2B20-5DCB-46A8-939D-F0A1AEB80EE4}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | "{781BE35C-9AB7-4EE9-951F-FA0A44432DE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{79350DDF-1288-49A5-AE6B-6C0A56D664B1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{7990D987-541A-4BAF-9FE8-FAB51512FC9B}" = protocol=17 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | "{7C3E4B48-EA0B-4899-84F1-2783BB29BF0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{7D2A9C36-A221-4582-BC34-A9EFAF871B38}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{7E43469B-ED66-4F78-B6D8-0C71F6ED0FEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{83CD104F-515A-46E8-B9B4-A23DC25720C5}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{8429512B-9B5B-4E56-9433-E69A1B0DE0AD}" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | "{8805B709-E283-4F70-8F3C-483DA2C5957D}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | "{8A3BA314-4118-45EB-A858-98C055A976BA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{8EB481F6-0291-4AB5-A3C1-711577E27AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{904A59DF-40EE-4AC3-BB06-636465DED806}" = protocol=6 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | "{90A3EDBC-8366-4647-81E5-0CE6BE569BDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9620EFA4-1AD8-42E2-9148-F2ABAD2E37CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{968607BB-6A99-4047-8842-DB8F648AD920}" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "{98BDE2DF-C586-4E9C-87A2-507EFEDACFAC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{996BBFC9-35EA-4962-9B3C-BBB23C383A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9BEE1587-A694-4BB8-9BF9-4C3ED2401369}" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | "{9D0E7BEE-EC55-4BE2-B664-3E6DF11348A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{9DD53746-E8FC-4E0B-81CA-6EABE4933CDD}" = protocol=17 | dir=in | app=g:\spiele\world of warcraft\launcher.patch.exe | "{9E340CB9-6C29-4B93-9E80-47FDDB476A50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A09C75DD-9017-4939-9E36-BD38434AF141}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{A547224D-F4B5-46EE-9160-66DC3478E8E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{A58E42F4-D901-4DA7-ACF2-1D21681C8D81}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe | "{A7BF740F-5E2A-462F-AC54-A92D5BF88AD8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A8E8E6D1-3656-4FB9-AF0F-36B20616BD38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{AAD6B6CB-66DB-4BED-9E63-39CEA132B0AE}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{AB763610-12A3-4786-BF04-DB4D604A9DC2}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | "{ADC3CA66-EBD9-41CA-8730-0EB013A9D074}" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | "{AF207193-660E-4F71-B759-C7E94595C060}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{B01EA59F-32AA-42BF-8B21-F57595A90DF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{B07728D5-B029-45DF-82AB-9061A41123BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{B1156CC1-5314-43F1-8E5B-A49B42BC01BA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{B23B8B70-72F3-4735-8622-181428B99B23}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | "{B25C5729-5F39-4DB2-B11C-2BFA59DE9921}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{B3915A44-6C7A-45C0-92C7-8CED3E54444D}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | "{B902C2F3-6597-483E-9833-109E9F4C0777}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | "{B924A967-3082-4BC2-B083-2C35AA58CF23}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | "{BD0C2A02-4F9C-4421-B8CA-2DE73DD131D6}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | "{C0EC2DD3-7BC0-478D-86C0-875C9C391BFB}" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | "{C18F6293-70AA-4DEB-9BED-9140DD02919F}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | "{C2EB1DB5-5F5D-4B01-B131-25DC4EF63377}" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | "{C72C433F-79D9-4945-82AB-4D3C48C0E49C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{C7B0A85F-870D-4188-8F59-7CD6FF8DB7CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C800DE54-716C-4845-BCF0-C05E7AAADFE2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C82B4067-D743-472D-A2F8-5FF891A5D3EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{C96159B0-100C-4431-8D57-DCE1CF891395}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{CD2DA7C8-1EDC-473E-81C2-14CB634654F9}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | "{CD926E5D-76DC-4C0F-84A1-FD5E5E59F235}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{CE171A63-C5A8-40E9-B87F-9F678FC92F01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{CFA99C2A-9E2E-40B3-A7DB-238BAF87021D}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | "{D109AACC-2052-4681-84C3-5378FC33BAE2}" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | "{D3759155-5481-49FC-94D6-CBCB91038594}" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | "{D3759D59-BCAE-4220-BD9F-9C37311938E5}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{D622DD9B-79A8-4A8C-ABBF-1E7D3E15345B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D986A5D3-C177-4507-8667-F1E59BE46315}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | "{DC5A8B45-CE76-4BF1-8B3E-A2DB5EFD9BA8}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | "{DD84E030-8C19-48E5-8FFC-A7904C99A979}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{DF492672-A439-4702-B868-863E9A76323C}" = protocol=17 | dir=in | app=f:\spiele\diablo iii\diablo iii.exe | "{E0C096EC-F140-4E54-B62B-75FA14D59EFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{E456F09B-E026-4781-862B-FA18333E3E73}" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | "{E864DAD9-E543-4142-80CE-3E6383D56655}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{E8D650D6-F5D5-44B1-BB23-B3B811C5280C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{EA118C80-2777-4DC8-B927-506442FFCC4B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{EB07845D-4664-4A6E-AFAD-CD871C1A4914}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EBA3822A-C983-4BF6-A91A-CD2019150347}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{EBDD94DC-BA3D-405D-B771-739EF03C6D40}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{EC9F6EDF-458C-4630-8F53-523574B7C4C4}" = protocol=6 | dir=in | app=g:\spiele\world of warcraft\launcher.exe | "{EDBEA87B-43FC-4869-A044-C658059797E2}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{EF0924C4-3A4A-42B3-B720-0A27D97C6B51}" = dir=in | app=c:\users\maurice\appdata\local\temp\7zs508e\setup\hpznui40.exe | "{EF0C43CF-CF1E-4A31-B0DD-A437C5861353}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F042A4A0-1116-43FC-A321-2F22481A6A25}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{F244C703-695B-4EA5-85EE-68B5A7B62554}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{F3B99AFB-AF15-400F-AAF5-8B1822106732}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{F425F987-536A-441E-BAB8-43F3E8D365F7}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | "{F42CBA81-D872-48CE-B3CD-2E7448143EA7}" = protocol=17 | dir=in | app=c:\spiele\battlefield 3\bf3.exe | "{F59FD77B-5664-40CB-9009-819E9BE67386}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{F7DBC021-6182-4E9C-AB12-450678845E97}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | "{F93CA055-3004-46A1-BEFC-5446857FB458}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FAF11287-ECBE-4A9E-B8FE-D8BA07B1FC33}" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | "{FB85C613-1631-4782-B9F9-A3D5BFEE04C4}" = protocol=6 | dir=in | app=g:\spiele\world of warcraft\launcher.patch.exe | "{FEAEA0A1-FC7B-44AC-9AA7-FE5ED1E88071}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "TCP Query User{01303FEE-120D-4CC3-9A29-83D6441B5D3A}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "TCP Query User{0494245E-740A-4229-A13B-B6ECA41BAEF8}C:\users\maurice\downloads\ygod\ygopro.exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | "TCP Query User{07BD0577-214E-48EA-A381-844C8F6A67D8}H:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\launcher.exe | "TCP Query User{0CA0F8C2-2160-472C-B76B-44995DAA471C}C:\users\maurice\appdata\roaming\uvher\avyr.exe" = protocol=6 | dir=in | app=c:\users\maurice\appdata\roaming\uvher\avyr.exe | "TCP Query User{19C1C7C5-8F7A-4623-A39D-306C4CB9181E}C:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | "TCP Query User{1A4F7A49-F467-47C9-8281-AE246D7CBAE8}C:\users\maurice\desktop\ygopro102a\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | "TCP Query User{237E621D-D230-44E8-A0A8-4F3B04A6B6A8}H:\spiele\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | "TCP Query User{24A05F49-1881-4913-B27A-80FDDF070C8B}C:\users\maurice\desktop\ygopro\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | "TCP Query User{25AA7AF3-0FC3-4D7F-8A6D-3BF1A95813CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{2653D398-678F-403A-BE4E-C19B98D88DDE}C:\users\maurice\desktop\ygo pro\gframe-english.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | "TCP Query User{2A89C9E6-BD83-43D1-87FA-891A31883B40}H:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "TCP Query User{2D364B2D-C4A8-49ED-B0CE-EA19D3D914A0}H:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{328C276D-AC33-49EA-ABAC-8C0E5FF19681}H:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\backgrounddownloader.exe | "TCP Query User{35157FB6-94A2-41CF-AAAA-B0E3533929C1}C:\users\maurice\desktop\ygopro\devpro.dll" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | "TCP Query User{3641631F-E164-4BD4-A37A-F55343191766}H:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{420A47F4-F0B3-4D67-9E5A-52171612A14A}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | "TCP Query User{4C02CC56-CB7F-419E-A978-696B48E2D37A}C:\users\maurice\downloads\ygopro.exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\ygopro.exe | "TCP Query User{51025F77-3F21-4201-9599-BCA4EA4FF4A1}H:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{5AD59199-1D6D-4DB2-8741-94634DF600DA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{5B025402-ED5B-49E2-91CE-08B3CDB6BB75}C:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | "TCP Query User{5F600107-2ABD-4C18-8FDC-4058170B78A8}C:\users\maurice\desktop\ygo pro\gframe.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | "TCP Query User{69C28C17-4A62-49F0-BA79-FF5ADD543CCD}F:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | "TCP Query User{709D8828-E628-4790-9A00-E640AE5550E4}H:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{78547B9F-AE47-4178-B81C-E61C8BB3BCE6}C:\users\maurice\desktop\ygo pro\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | "TCP Query User{8A6042BC-9F82-4D47-BA64-FFF3F845727F}C:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | "TCP Query User{95E39C32-A80D-467C-8E49-8CC45C9AB972}H:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\launcher.patch.exe | "TCP Query User{9F63E6E7-0E91-473A-B1A0-8C395EDF942B}C:\users\maurice\desktop\neuer ordner\miranda64.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | "TCP Query User{A1E63D2F-82EA-4BE5-AE12-5808AFDA88B3}C:\users\maurice\desktop\ygopro - kopie\ygopro.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | "TCP Query User{A228F171-32A8-4C69-94A6-67DAA7617227}C:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | "TCP Query User{A76A630A-C83D-471A-9E94-B4EDBBDD3E02}H:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{AECD1D7B-F808-4BB9-9896-E9C513D82667}H:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "TCP Query User{B0EF814F-F209-401B-8A24-B441618507C1}G:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=g:\spiele\world of warcraft\backgrounddownloader.exe | "TCP Query User{B9A17119-C10A-451A-B5C4-027325D66861}C:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | "TCP Query User{BC082732-CFA1-499A-A6EE-1CD1AB6E28BE}C:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe" = protocol=6 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | "TCP Query User{C26C961B-A842-4EAA-BDFB-7BB061CB258D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{DD4BAAA3-DB09-4EC1-A67B-6895B8D51E46}H:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | "TCP Query User{E92C54DD-E624-41E3-B833-EF95A37C0C25}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | "TCP Query User{EF1ADCF3-99D1-424C-938D-F49BA4CE9F9F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{F2C74E40-8795-4661-889D-BD7CB90A7768}C:\users\maurice\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | "TCP Query User{F77407C2-BC4B-4200-A841-4F37FD6E7904}H:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{FB925D25-C250-4A64-B477-D341BC324720}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{0116B359-FE9C-4207-8D27-4B8E1B8D5059}C:\users\maurice\desktop\ygopro102a\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro102a\ygopro_vs.exe | "UDP Query User{08275BE7-019F-49DC-8D9E-1F751854D2C2}C:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro-1.02a.0\ygopro_vs.exe | "UDP Query User{17FA4057-6BF4-4B58-BD89-53381C313FF8}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{1E8CB8EC-D1AC-4DDF-9210-25391A7C7336}F:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\spiele\guild wars 2\gw2.exe | "UDP Query User{21951524-F0B6-4936-9F72-3FCD4AFC19B6}H:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{3638995E-6B3D-4075-B2DA-F1DAAFDE3521}C:\users\maurice\downloads\ygod\ygopro.exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\ygod\ygopro.exe | "UDP Query User{3B807915-658B-4D1E-9809-BBFD93D92644}C:\users\maurice\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\maurice\appdata\local\temp\gw2.exe | "UDP Query User{468CFA6F-91AD-43EB-BDE3-0FCA3C3D7FD4}C:\users\maurice\desktop\ygo pro\gframe-english.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe-english.exe | "UDP Query User{596E9AD4-CFAC-4342-8BE8-6F997051B123}H:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{5C63572C-6FA4-4692-9D4D-43B933B308DF}C:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo - kopie\ygocore\ygopro_vs.exe | "UDP Query User{5E163468-A30A-46B8-B1C6-40C203614604}H:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{5E7D04F4-975B-4958-A385-1EED70DB4B48}G:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=g:\spiele\world of warcraft\backgrounddownloader.exe | "UDP Query User{7B56B498-D5DE-4A47-992F-4EDC6CD034C2}C:\users\maurice\desktop\ygopro - kopie\ygopro.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro - kopie\ygopro.exe | "UDP Query User{800F778B-EAD1-4F87-AB3B-D26CF092A3AD}C:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro the dawn of a new era\ygopro\ygopro vs.1.exe | "UDP Query User{81468422-3D75-4641-94B1-AF8D3F57D3BC}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader.exe | "UDP Query User{846F2660-E650-4E96-AF17-2C9F24C30A8C}H:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=h:\spiele\starcraft ii\starcraft ii.exe | "UDP Query User{8858C054-1992-442B-B0C2-CC0279F3BE49}C:\users\maurice\desktop\ygopro\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\ygopro_vs.exe | "UDP Query User{8F255DBF-E28F-4C9E-A0B3-A8332CB423D0}H:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\launcher.exe | "UDP Query User{90A416C4-D10D-4118-8DC3-F0AB3EE1FF39}C:\users\maurice\desktop\ygo pro\gframe.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\gframe.exe | "UDP Query User{9395E26D-C4E8-4BE8-9281-09F43F12FCAA}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{9474C844-ED32-40D1-AC9C-DE970C67FDDB}H:\spiele\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=h:\spiele\stronghold crusader\stronghold crusader.exe | "UDP Query User{9776F845-AC88-49A1-AF33-4B9701C399C5}H:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{9CC5EA7E-89D1-4F3A-923B-5512453FD4FE}C:\users\maurice\downloads\ygopro.exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\ygopro.exe | "UDP Query User{9E766F12-1DA3-4331-9D96-AB4C73BFF0B7}H:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{A2033B17-01D2-4577-9473-5172952319DD}C:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 29\ygopro_vs.exe | "UDP Query User{AAAE86D2-239E-41B2-81CE-48825BF7755A}C:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\maurice\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | "UDP Query User{ACAEF139-7324-42FB-A371-66F5C672FC23}C:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo\ygocore\ygopro_vs.exe | "UDP Query User{AED4D78C-245D-41AD-B181-5F782F4055AD}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{AF6B43C4-B0E9-479B-9E16-AF1534BA1C9C}C:\users\maurice\desktop\ygo pro\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro\ygopro_vs.exe | "UDP Query User{B3F71518-74F0-49AF-ABF0-D63E712CCFA0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{B9DE004C-769C-453C-9D58-AAA4C1CE4A9F}C:\users\maurice\desktop\ygopro\devpro.dll" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygopro\devpro.dll | "UDP Query User{CD1CC98E-833D-4C31-BEEC-EC20D2C3EA89}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{CED70BBB-F6E2-4223-B635-29E3E074FECC}H:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\launcher.patch.exe | "UDP Query User{D9090EAC-8E1B-43E1-862E-AEB3373D495F}H:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{E64EC131-FC8E-45CA-852D-2F567FF00227}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "UDP Query User{E67F6E34-EE08-487B-99A1-395A9BEEB80D}H:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | "UDP Query User{E6E67E1F-510D-4859-8A7E-FB0D6788FA37}C:\users\maurice\appdata\roaming\uvher\avyr.exe" = protocol=17 | dir=in | app=c:\users\maurice\appdata\roaming\uvher\avyr.exe | "UDP Query User{EF563ACD-331D-4690-B488-1ECAC9073939}H:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "UDP Query User{F50F10F2-15EB-49C0-B97E-8AAF89EF3DC7}H:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=h:\spiele\world of warcraft\backgrounddownloader.exe | "UDP Query User{F60A3BAA-A511-4947-BA5F-48DBE582565E}C:\users\maurice\desktop\neuer ordner\miranda64.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\neuer ordner\miranda64.exe | "UDP Query User{F95DE7A8-BA52-4387-876B-795FA9E23542}C:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe" = protocol=17 | dir=in | app=c:\users\maurice\desktop\ygo pro 28\ygopro_vs.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{15D97451-1520-4551-BE2D-BCDE2DF22EA7}" = Logitech GamePanel Software 3.01 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Shop for HP Supplies" = Shop for HP Supplies "Unlocker" = Unlocker 1.9.1-x64 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110 "{0F366B10-BED2-4DC0-B8CF-B3DF3AF27B37}" = M3 SAKURA V1.49a Global (GAME PATCH V4.9a) "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio "{577EA8FF-7FA8-4D88-B7E2-29A437605F80}" = Belkin Basic Wireless USB Adapter "{5BE5DB79-685E-46FD-A231-CD7467B69DD7}" = TP-LINK Wireless Utility "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{AC7C704F-BFAB-4E0F-9440-E18D70B52109}" = Dawn Of A New Era "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "Battlelog Web Plugins" = Battlelog Web Plugins "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "ElsterFormular 13.2.0.8623p" = ElsterFormular "ElsterFormular 13.2.0.8623u" = ElsterFormular "ESN Sonar-0.70.4" = ESN Sonar "GPU Caps Viewer_is1" = GPU Caps Viewer v1.8.0 "Guild Wars 2" = Guild Wars 2 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Nvu_is1" = Nvu 1.0 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Origin" = Origin "PDF reDirect" = PDF reDirect (remove only) "PKR" = PKR "PokerStars.eu" = PokerStars.eu "PunkBusterSvc" = PunkBuster Services "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Trillian" = Trillian "Tunngle beta_is1" = Tunngle beta "Veetle TV" = Veetle TV "VLC media player" = VLC media player 2.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft "World of Warcraft Beta" = World of Warcraft Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "65998142.www.click-learn.info" = CLICK and LEARN "Bitcoin" = Bitcoin "FileZilla Client" = FileZilla Client 3.5.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.05.2013 16:44:53 | Computer Name = QOQ | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.05.2013 16:44:55 | Computer Name = QOQ | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.05.2013 16:44:57 | Computer Name = QOQ | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.05.2013 16:48:55 | Computer Name = QOQ | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Maurice\Downloads\SoftonicDownloader_for_messenger-reviver.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 01.05.2013 16:51:10 | Computer Name = QOQ | Source = MsiInstaller | ID = 1013 Description = Error - 01.05.2013 17:46:28 | Computer Name = QOQ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: devpro.dll, Version: 0.0.0.0, Zeitstempel: 0x517c3494 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x89df036c ID des fehlerhaften Prozesses: 0x1938 Startzeit der fehlerhaften Anwendung: 0x01ce46b54f596e3e Pfad der fehlerhaften Anwendung: C:\Users\Maurice\Desktop\duelshop\YGOPRO Dawn of a New Era 2.4.0.1513\ygopro4\devpro.dll Pfad des fehlerhaften Moduls: unknown Berichtskennung: 93691b68-b2a8-11e2-a731-a22b949c57a7 Error - 02.05.2013 06:31:46 | Computer Name = QOQ | Source = WinMgmt | ID = 10 Description = Error - 02.05.2013 07:20:55 | Computer Name = QOQ | Source = Application Hang | ID = 1002 Description = Programm thunderbird.exe, Version 17.0.5.4835 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15bc Startzeit: 01ce472011372a4d Endzeit: 9 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: 386f2072-b31a-11e2-a711-a1bad0921d41 Error - 02.05.2013 07:31:00 | Computer Name = QOQ | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650a74 Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x008d1ea0 ID des fehlerhaften Prozesses: 0x1be8 Startzeit der fehlerhaften Anwendung: 0x01ce4725f4619c94 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: c302273b-b31b-11e2-a711-a1bad0921d41 Error - 02.05.2013 08:53:04 | Computer Name = QOQ | Source = Application Hang | ID = 1002 Description = Programm thunderbird.exe, Version 17.0.5.4835 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d9c Startzeit: 01ce472f1bd30299 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Berichts-ID: 38be750e-b327-11e2-a711-a1bad0921d41 [ System Events ] Error - 21.04.2013 17:52:52 | Computer Name = QOQ | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 22.04.2013 15:39:07 | Computer Name = QOQ | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 25.04.2013 05:36:04 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 26.04.2013 12:37:36 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 26.04.2013 18:45:13 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 26.04.2013 19:54:28 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 27.04.2013 18:58:20 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 28.04.2013 12:29:56 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 29.04.2013 18:22:22 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = Error - 30.04.2013 18:05:19 | Computer Name = QOQ | Source = ipnathlp | ID = 31004 Description = < End of report > Bei gmer_2.1.19163.exe kommt leider "gmer_2.1.19153.exe funktionier nicht mehr" bei Library C:\\Windows\system32\svchost.exe @ c:\windows\system32\sstpsvc.dll" Ich hoffe mir kann geholfen werden. Bin Selbstständig und der PC ist sehr wichtig. Viele Grüße Maurice Ich habe hier mal alle Dateien, die mir verdächtig erscheinen, hochgeladen: File-Upload.net - virus.zip Zur Sicherheit die Endungen (.exe, .zoe) in .txt geändert. |
02.05.2013, 18:20 | #2 |
/// TB-Ausbilder | Trojaner ... Gen:Variant.Symmi.10415 - Online Banking Hi,
__________________du hast dir in der Tat sehr unschöne Malware eingefangen, welche es auf dein Online-Banking abgesehen hat (Zeus/Zbot). Aber da dein Microsoft Office Professional Plus 2010 wohl keine Originalversion ist, sind uns hier leider die Hände gebunden.. Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb: Cracks und Keygens Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden. Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen. Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows.
__________________ |
02.05.2013, 18:51 | #3 |
| Trojaner ... Gen:Variant.Symmi.10415 - Online Banking Betrifft es nur das Online-Banking oder auch Passwörter/E-Mail Programme?
__________________Das Passwort für das Online-Banking und zur Sicherheit auch die Passwörter von meinen E-Mailkonten habe ich geändert. Aber wenn der Trojaner auch die gespeicherten Passwörter von Firefox klaut, habe ich Bingo. Habe mit Unlocker die verdächtigen Dateien gelöscht. In Windows32: dllhost.dll und dllhost3g.dll In AppData: avyr.exe, bcyoo.zoe, fequa.zoe Mit Regedit habe ich dazu den Eintrag von avyr.exe entfernt. Mein Online-Banking funktioniert jetzt wieder, es taucht auch keine Verbindung mehr zu securepro150.com auf. Ich habe das zur Sicherheit noch mit smsniff kontrolliert. Die Domain habe ich mal der ICANN gemeldet, die IP-Adresse dem Hoster aus Russland, vielleicht passiert ja was. Aber ich habe echt Angst beim Surfen, keine Ahnung wie der Trojaner gestern Abend auf mein PC kam. Laut meiner Chronik habe ich in der Zeit wallapi°com besucht. Habe die Dateien, die in der Zeit erstellt wurden, Dank der Infos eurer Tools entfernt. |
Themen zu Trojaner ... Gen:Variant.Symmi.10415 - Online Banking |
.com, adblock, antivir, avira, battle.net, bho, bonjour, browser, e-banking, entfernen, error, firefox, flash player, gen:variant.symmi.10415, helper, home, install.exe, launch, logfile, msiinstaller, olympus, online banking, plug-in, realtek, richtlinie, scan, securepro150.com, security, senden, software, spyware, svchost.exe, taskmanager, trojaner, virus, werbung, windows |