|
Plagegeister aller Art und deren Bekämpfung: Schädling zwint Internet Explorer aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.03.2011, 16:17 | #1 |
| Schädling zwint Internet Explorer auf Liebes Trojaner-Board Team, also, folgendes ist geschehen: Vor etwa 1 oder 2 Wochen ist urplötzlich mein Internet Explorer abgeschmiert. Nachdem eine Rückinstallation auf IE7 und das anschließende Wiederinstallieren von IE8 keine Hilfe brachte, entschied ich mich dazu, vorrübergehend auf Firefox umzusteigen. Da ich Firefox aber nicht sonderlich mochte, downloadete ich mir Opera. Als ich dieses allerdings startete, kam nicht Opera sondern der beschädigte Internet Explorer. Die Verknüpfung aber war korrekt, also ging ich von einem Schädling aus. Nachdem ich einen Virenscan von einer selbstbootenden CD (Computer Bild Notfall CD 3.0) ausgeführt hatte, funktionierte Opera wieder. Trotzdem woltte ich sichergehen, dass der Virus keine Backdoor oder ähnliches erstellt hatte. Habe also Malwarebytes laufen lassen und siehe da: 5 Schädlinge Deswegen meine Frage an euch: Ist der Schädling weg oder ist mein System nicht mehr vertrauenswürdig? Hier der Befund von MalwareBytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6042 Windows 6.0.6000 Internet Explorer 8.0.6001.18882 13.03.2011 15:59:17 mbam-log-2011-03-13 (15-59-02).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 173032 Laufzeit: 6 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ONWERETETR.exe (Trojan.SpyEyes) -> Value: ONWERETETR.exe -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Infizierte Verzeichnisse: c:\onweretetr.exe (Trojan.SpyEyes) -> No action taken. Infizierte Dateien: c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken. c:\onweretetr.exe\config.bin (Trojan.SpyEyes) -> No action taken. Und hier OTL.txt: OTL logfile created on: 13.03.2011 16:01:08 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tobias\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 41,20 Gb Free Space | 17,69% Space Free | Partition Type: NTFS Drive D: | 7,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Windows\System32\msfeedssync.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Inc) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.schuelervz.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 12:09:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 12:09:41 | 000,000,000 | ---D | M] [2009.05.28 19:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions [2009.05.03 13:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\extensions [2009.05.03 13:21:53 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011.03.07 15:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\ghplxtz1.default\extensions [2011.02.25 09:03:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\ghplxtz1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.02 20:20:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin-1.xml [2011.02.24 13:36:29 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin-2.xml [2011.03.02 23:36:27 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin-3.xml [2011.03.02 23:36:29 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin-4.xml [2011.03.02 23:36:31 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin-5.xml [2011.03.05 12:09:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin-6.xml [2008.03.31 08:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin.gif [2008.03.31 08:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin.src [2011.02.22 23:01:27 | 000,001,056 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ghplxtz1.default\searchplugins\icqplugin.xml [2011.03.07 15:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.16 22:47:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.07.16 22:47:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Programme\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Cm106Sound] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [srvzg] File not found O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [Shockwave Updater] File not found O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tobias\Pictures\Bearbeitet\tod_pudel_1920x1200.jpg O24 - Desktop BackupWallPaper: C:\Users\Tobias\Pictures\Bearbeitet\tod_pudel_1920x1200.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.10.01 17:20:00 | 000,000,067 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{79002552-9887-11dd-a28f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{79002552-9887-11dd-a28f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\lotrosetup.exe -- [2010.10.01 19:26:00 | 000,864,784 | R--- | M] (Turbine, Inc. ) O33 - MountPoints2\{79002553-9887-11dd-a28f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{79002553-9887-11dd-a28f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CdAutoRun.exe O33 - MountPoints2\{d6d659a3-9fd5-11df-a0c3-00196649a38e}\Shell - "" = AutoRun O33 - MountPoints2\{d6d659a3-9fd5-11df-a0c3-00196649a38e}\Shell\AutoRun\command - "" = K:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.13 15:28:55 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes [2011.03.13 15:28:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.13 15:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.13 15:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.13 15:28:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.13 15:28:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.13 15:26:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2011.03.12 18:13:11 | 000,000,000 | ---D | C] -- C:\Users\Tobias\{7a954602-b1a0-4570-bbf3-3af2ee952891} [2011.03.12 17:56:26 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys [2011.03.12 17:56:26 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys [2011.03.12 17:56:26 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys [2011.03.12 17:56:26 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys [2011.03.12 17:56:26 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys [2011.03.12 17:56:26 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys [2011.03.12 17:56:25 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys [2011.03.12 17:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.03.12 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Samsung [2011.03.12 14:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmUnitedForever [2011.03.12 14:11:07 | 000,000,000 | ---D | C] -- C:\Programme\TmUnitedForever [2011.03.08 08:27:25 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\PlanetWerks [2011.03.08 08:26:43 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\SimAquarium [2011.03.08 08:23:34 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Arkadion-X [2011.03.08 08:07:33 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Opera [2011.03.08 08:07:33 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Opera [2011.03.08 08:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2011.02.28 21:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.02.24 09:20:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.24 09:20:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.24 09:20:15 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.24 09:20:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.24 09:20:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.24 09:20:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.24 09:20:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.24 09:20:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.24 09:20:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.24 09:20:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.24 09:20:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.24 09:20:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.24 09:20:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.24 09:20:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.23 11:29:35 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.02.23 11:29:34 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.02.23 11:11:17 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.02.23 11:11:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.02.23 11:11:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.02.23 11:11:16 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.02.23 11:11:16 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.02.23 11:11:16 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.02.23 11:11:16 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.02.23 11:11:16 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.23 11:11:16 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.02.23 11:11:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2011.02.23 11:11:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.23 11:11:15 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.02.23 11:11:15 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2011.02.23 11:11:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.02.23 11:11:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.02.23 11:11:15 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.02.23 11:11:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.02.23 11:11:14 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.02.23 11:11:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.02.23 11:11:13 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.02.23 11:11:13 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.23 11:11:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.02.23 11:11:13 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2011.02.23 11:11:13 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.02.23 11:11:13 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.02.20 10:14:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.13 16:01:31 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F50D3BF-7AE3-4F33-8167-D23F466B904E}.job [2011.03.13 15:59:33 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ymomrq.sys [2011.03.13 15:45:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.13 15:30:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 15:30:45 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 15:28:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.13 15:26:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2011.03.13 14:49:52 | 000,706,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.13 14:49:52 | 000,675,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.13 14:49:52 | 000,140,902 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.13 14:49:52 | 000,128,128 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.13 12:30:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.13 12:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.13 12:30:41 | 3757,367,296 | -HS- | M] () -- C:\hiberfil.sys [2011.03.08 08:07:31 | 000,001,638 | ---- | M] () -- C:\Users\Tobias\Desktop\Internet.lnk [2011.02.11 16:54:14 | 000,073,728 | ---- | M] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.13 15:59:33 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ymomrq.sys [2011.03.13 15:28:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.08 08:27:25 | 000,001,865 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetWerks.lnk [2011.03.08 08:26:43 | 000,001,865 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimAquarium.lnk [2011.03.08 08:23:35 | 000,001,849 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arkadion-X.lnk [2011.03.08 08:07:31 | 000,001,638 | ---- | C] () -- C:\Users\Tobias\Desktop\Internet.lnk [2011.03.08 08:07:31 | 000,001,626 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.02.24 09:20:15 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.11.25 18:10:12 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.10.14 09:39:11 | 000,000,527 | ---- | C] () -- C:\Windows\eReg.dat [2010.06.12 13:23:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.06.12 13:23:23 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.06.12 13:23:23 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.06.10 15:13:34 | 000,086,520 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.05.16 10:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.16 10:48:37 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.03.15 18:10:17 | 000,000,008 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\DofusAppId0_2 [2010.03.15 18:09:00 | 000,000,173 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\D2Info0 [2010.03.15 18:09:00 | 000,000,008 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\DofusAppId0_1 [2009.09.14 18:53:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.28 19:45:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.04.23 17:55:32 | 000,466,944 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe [2009.04.23 17:54:11 | 000,003,329 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2009.04.23 17:54:11 | 000,001,399 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2009.04.23 17:54:11 | 000,000,171 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2009.04.23 17:54:10 | 000,000,335 | ---- | C] () -- C:\Windows\cm106.ini [2009.04.23 15:58:13 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll [2009.04.23 15:57:38 | 000,241,664 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.11.24 19:55:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.11.24 19:55:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.11.18 11:11:58 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.11.02 18:56:20 | 000,073,728 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.01 17:11:01 | 000,018,056 | ---- | C] () -- C:\Windows\War3Unin.dat [2008.10.12 19:46:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.10.12 18:46:09 | 000,003,936 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.10.12 18:46:07 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2008.10.12 18:40:56 | 000,001,356 | ---- | C] () -- C:\Users\Tobias\AppData\Local\d3d9caps.dat [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.10.11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006.11.02 16:33:31 | 000,706,418 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,140,902 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,261,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,675,256 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,128,128 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2010.02.05 14:49:06 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ankh - Heart of Osiris [2009.06.21 09:29:40 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\AntMe [2010.03.15 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\app [2009.08.28 14:34:08 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Blender Foundation [2010.06.12 13:23:40 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\concept design [2009.11.08 09:58:27 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\congstar WebRadio [2011.03.13 16:01:24 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DNA [2010.03.15 18:21:21 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dofus 2 [2010.03.15 18:10:18 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010.03.15 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010.07.25 18:59:05 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.14 07:39:02 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Firaxis Games [2009.05.20 18:53:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\FOG Downloader [2010.08.16 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\gtk-2.0 [2011.02.03 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ [2011.01.06 18:05:45 | 000,000,000 | -H-D | M] -- C:\Users\Tobias\AppData\Roaming\ijjigame [2011.01.29 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Kalypso Media [2010.04.04 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Leadertech [2011.01.04 21:03:08 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\My Games [2011.03.08 08:27:27 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Opera [2010.05.16 11:07:53 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\PC Suite [2010.03.15 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\RegTesting.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010.05.16 10:48:31 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Samsung [2009.11.08 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Splitscreen Studios [2009.08.10 14:19:44 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\SPORE [2009.02.10 13:28:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\TotalRecorder [2009.12.25 11:37:52 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ubisoft [2011.03.13 00:07:34 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.13 16:01:31 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F50D3BF-7AE3-4F33-8167-D23F466B904E}.job ========== Purity Check ========== < End of report > Und die Extras.txt OTL Extras logfile created on: 13.03.2011 16:01:08 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tobias\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 41,20 Gb Free Space | 17,69% Space Free | Partition Type: NTFS Drive D: | 7,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TOBIAS-PC | User Name: Tobias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2941950513-2167470703-3295120860-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12BBF577-7FF5-4858-8CA9-763DA2CB6418}" = rport=445 | protocol=6 | dir=out | app=system | "{14D5E101-8BBB-4AD6-B92A-CF7CF9E69E4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{188BD6FE-D3A0-4FAC-B10E-EF6DC4BF43D9}" = lport=445 | protocol=6 | dir=in | app=system | "{2C036AE0-8D06-474C-B506-0B82DDEECCE7}" = lport=6112 | protocol=6 | dir=in | name=guildwars | "{2FB21820-160D-4184-841D-224DF45EE8E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3C82BD57-BE23-4C34-9947-E21E350B10A0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{5253BEAE-74F3-4076-ADFD-D96816304FA1}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | "{52873EE1-CB83-4CF7-AD99-150B176679CA}" = lport=137 | protocol=17 | dir=in | app=system | "{61B78AEC-3EBE-4397-8B0D-B45A06B48072}" = lport=7011 | protocol=17 | dir=in | name=sacred 2 open net | "{69960F90-A93B-4CA2-95EB-0E6E7ACDB657}" = rport=139 | protocol=6 | dir=out | app=system | "{85B2F56E-0BE5-4824-A6AA-885D5946E153}" = rport=137 | protocol=17 | dir=out | app=system | "{8B1E30D0-4100-42CE-8BBA-9607EC509C53}" = lport=138 | protocol=17 | dir=in | app=system | "{941FFCFB-74B7-4B4F-953C-9765B2AF0C4B}" = lport=139 | protocol=6 | dir=in | app=system | "{A06D8AD2-33B4-4B38-815F-DE43EF53E6AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D3917297-8E65-4406-8786-95734AFF3A2D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{DD6DE54D-FAE7-4722-826E-618F86D41380}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{E7F06F9F-C274-4DFC-980C-36C4C4CF0DA4}" = lport=80 | protocol=6 | dir=in | name=1 | "{F35DFB87-5C5C-4199-AB88-AE30876B85A1}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00243682-5604-4E76-9DC4-8E25F4152FFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00540BDB-F407-43B0-9F76-438FA0346B62}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00A7DB46-2F2A-4CEB-B8BA-E878D42901EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00D38AD2-5B55-4ABE-A9DA-E64D3BD23FAE}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{00F7A1AB-0E60-494C-A189-B9FFDED9A34D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{018273AB-DA75-40DB-909B-BD54FCD33DD6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{01C0581B-6A6E-4BEC-A2D5-A74AD04122B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{02AE1E67-D9B7-48F6-AD75-51B78B817BF1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "{0370C053-C115-4EA0-A30D-7D05F959DD72}" = protocol=17 | dir=in | app=f:\programme\two worlds\twoworlds_radeon.exe | "{04A0DF07-FB75-4325-A85E-D1C904FFCFBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{06636A79-D65A-410B-A376-ADD76E39D7A7}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{07C01119-66A0-4704-A7A4-5D5D62EB18D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08FC8518-99E9-48BF-AAB5-B6AC4A7270E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{091711FF-63EF-427F-9B38-929140E157E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0B689179-BAF0-43C0-8BFA-7DC243860220}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D8535C4-728D-41BA-865E-B50E1B836C2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0E20D2E4-1C3A-47EF-A3CE-FAE986BEEE4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0E8090AC-5D8D-47DC-ACC2-ACDF4FA72212}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12ADFF31-8CAF-4CC3-A356-A05B834C5FAD}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | "{147301C5-DD4B-43C5-B2BC-C4741DD028AE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{14DBD69D-DCE4-448E-AF14-DF3D7E4ADB78}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14DBD974-57FE-4601-BB66-5C54E082469E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{15BD4CC9-5E37-4B7A-B7EE-E45B24A8C6BA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{182DCB3F-2D13-4B53-9591-0EF4E040BEBE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{18561C0F-3876-438A-BE8C-07EBB1DC919A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{192FB07E-B880-4D96-9DDA-D518072BB28E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1943D562-F3AD-4E8D-A439-E5F76EB850B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1C3D516C-24B7-432A-80CE-1569976D3F86}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "{1E230610-7298-4433-9604-C34CC594DD4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{204ECDCE-6C04-4DED-8C87-7B2AA6B3EDB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{20B28D72-777C-485E-8731-784CD823CBAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{21EBB0AE-E7D5-4B58-9C68-8263545169E9}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{23731C93-CBE7-4A5F-ACF8-B7A0209DEC62}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{240FF944-AD4B-4A33-9F77-6F7C88645225}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2460F7FF-AC33-401B-985B-5680420CEA21}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{25945B03-2D8B-48A1-BDA3-F69629A3B8F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{26894F12-9344-4056-9ADA-AAF30F0C3AB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{269921E9-4CEE-45BF-9FE1-1F0C1E5F4C21}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{27F4312F-1773-4788-8A81-ED2B70AAD3AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{286AE712-4AC7-43E1-8069-7AB90DC5A799}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{296F87BC-4F05-4F5E-916F-990EF0E0ED99}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A648DDD-37F3-42CA-A902-D9A9AD6E641F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{2ACDFF02-EB4D-4307-8B38-D9E4F003CE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2B211F11-D7FD-4568-8015-EA73AC043A9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2B793CEC-2EF5-40E1-B792-E92760C3F3B4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{2D627A1A-FF1E-4781-B7A1-2AC669BA57CE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | "{2FC74658-2310-45BF-9ABC-44B75BA0D7AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{309BB197-FE94-4780-B470-10C7AB9A3184}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{310D5962-7694-4992-9F01-8DB00EEE99F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{317850DA-5922-4393-9C8E-82788F3AABDB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{31D4886F-01FC-4426-B31E-DC93D4E849CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{32A564A4-27DF-4905-BF4A-5A7AB0456D50}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{33483BC3-018C-4C67-AEF5-E3869525AACA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{344C421E-C531-4D48-A56D-4986AD021D4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{354F6A9E-8478-4228-8274-59AEA82FE83B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{37B90D3C-CB8F-4484-96E6-B9DC530134EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{38A0C21A-FBE6-47FF-BB15-BAB36CB97214}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{38CDFEEF-B657-4270-B437-17EF71437942}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{39C7840A-7A16-42EF-A373-4AEDC10D1CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AFD03CB-6236-4F0D-86C3-BD3F667C0BE9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{3BEFD30A-079D-4B73-9217-C52BEC0D6CBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3CCB642A-616B-483A-80A5-E40BFC9E4BA4}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{3CFB62E3-8E68-4AF2-A114-31558B121CAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3D6F8176-7A0B-441F-AE7F-38EA1080F877}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3D750D49-185F-447E-8778-7B2A539A90BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3DF63719-0565-4166-BB50-F3F00113FA1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{42471269-45CB-499F-80CA-4272EA4B13A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{42D69775-F5BA-40BD-9FC4-DAC5AA4EF493}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{42DE7BC2-C620-4F97-8EE8-103BFC131DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{43BABF7D-E5B9-49AD-A671-934182BB7107}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{43E6A9AD-A698-4FD8-AADD-4C07A41EA841}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{44A43C1E-4A23-45C6-8400-A0A5CBF04E8E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | "{466009AA-29F5-4A24-937D-6A1A3A3F2C2B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{46C5094A-9E41-40D3-A2A5-6B5AC3D2C0BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{493D2AB0-D813-49A9-8E56-5C8CC5B9F228}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{498D2866-56D7-4E9D-9A5F-6720847523D1}" = protocol=17 | dir=in | app=f:\programme\two worlds\twoworlds.exe | "{4B4684FF-CEEE-4872-AA59-90ACCAD58E63}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4D071EB1-1F5A-41FF-861C-BA898EE3BF08}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4E52857E-D079-4BD6-8B80-4C8413C199DC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{4FA4DF94-A29A-4A78-94AD-EADB98702098}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{512B0B19-4E75-471E-841A-C386ABA801D5}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{513E0B10-7EF0-42FA-9473-097F988BC209}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{526EACB7-389C-4F86-9236-B0A024584DE6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{540F9F7D-73E0-426E-84DB-EEF9D03AA424}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5440E386-9007-4328-8D96-9E4E01B80F49}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{55203A95-AD72-4802-AE94-4066B03CDA4B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | "{5789B504-E99E-45B3-96BD-1139DA80F6E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5A7E5054-B0FA-4D25-BCCA-CC85A149B53E}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe | "{5B20B7F3-9D3C-41B3-A731-F1CACE3A00CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B8D4A2E-84BE-47C3-8EF2-B1EB8D774E6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C7A541C-B286-45F5-9A0C-701040139F48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5CDE9271-4F00-4817-9B1D-7B86FF087053}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{5FE85D48-0BB9-43C2-9406-2B1FD4DA6562}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{608251C9-4F10-4D8F-8AA9-4985107B218B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6195CC39-1392-4524-B501-038FBBED86A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{63F83FBE-C2C1-43C5-A151-0F2067D11D12}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{64395C82-8C86-478C-87C8-F9D62B1EAFD4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{6514C938-759F-49D7-A3ED-8BDA8E206EB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{658DA930-DDAD-4048-892C-BCD9178EA683}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{659890D5-E457-4BDC-92EE-3C852F04A878}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{66BFF2DC-77F8-4EC3-9D0B-6224B28583C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{66C8FE1B-20C3-400B-B73F-03B03651EBFF}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{67479B7B-3F1F-4A3F-A64F-E266C81003B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6818F7C0-F489-41EF-82D4-C0953B3C4855}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{69AD888E-FBBB-4057-926C-0A7458F39953}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{69D16AE4-D498-4FC6-BFE6-43B72AFA7CA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6D16C451-3371-4E2C-A704-4DAD922575A3}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe | "{6EB73501-1024-4C12-BD6C-F774DA372951}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{70974019-5E4E-4610-BF77-A73DD6156164}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{7101596C-C23A-4ABA-9757-044DD1575CCA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7145C4E3-43FE-4681-85E3-12CBCF627811}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{72158564-1F30-4D99-B026-AFA8C5D370D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{728CB622-57CA-4B2F-BE49-E68274ECDB9C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7523F388-FA2C-48B0-80EC-E3268C51022A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{785DD3E4-F6AF-4DBB-A3FB-7E31A7F70D23}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{795F3AA1-E181-4FBB-BABF-47BEDF7BEA3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7CA8833D-70D7-4A32-B4D0-9D9A24251212}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7EA3EF2E-9A26-4901-94EC-9B7B577CFE94}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{7FA39631-C69F-4E5E-A370-840D7267B047}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{804A23AE-02BB-4294-8600-FD6527D5B338}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{812E9FF0-8551-417F-8328-B0D68BD6C268}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{82EC473C-1AB7-46BA-B71E-46FA43DA0DD6}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{83575B1E-0D95-49B1-93B2-9E083C035CF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{83C419D4-3703-4E61-89F1-D4F66C2D4F6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{83C9DDCE-440A-49EC-9BF5-3E9E78D66AEF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{84A77FA7-7E48-4941-80E2-B5E44FC5B703}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{87B24CB0-57AE-45FE-A80C-E6E747291C1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{891928BC-092D-4954-A390-E134C3410991}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{8AE1F299-1BAB-4705-8554-7F684B4C6F3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8AE225D7-6FF8-4A7B-BEF9-AA41EC86CBF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8B514C48-2EAC-4E1C-ABF3-8A9A504F0751}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8BAC5FC3-9CF8-4C7D-8F8D-E545C921330E}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | "{8BDA9DD6-3D8E-4463-AFAB-903ECEEA534B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8D65C54B-CB97-4CFB-BDCD-0791FAF333B1}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{8E014BC9-C244-4DAF-A5F3-2DC1623CACAC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{8E3BB0A0-DFD6-4CAC-9DF2-B6B02BFB27DD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | "{8ED26C53-93E3-4DB0-9CE4-35A8B3FD7E7C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{9207B460-89A4-4932-A231-B1BE7AA8C423}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9445EB73-6475-4F25-B085-8386CF4DEA9C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9465C461-ABA7-4EC0-A1EE-162D77A86907}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{951223E4-5A6D-4C2F-8B0F-3677C4CB2605}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{956B05A8-B5E7-488D-98C1-66845F4182AC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{97849A32-1197-44DE-944D-3D5FB1656193}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{99913334-9CEC-4CC1-B24C-FF8B875C8451}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{9A685A45-C498-41E3-8101-917DE19BCA8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9AD04B93-A733-44FC-AE25-CD62EF2F9236}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A09313E9-B357-4076-96C4-590C6BFADBBD}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{A18B5589-C0A4-4462-88C7-9282753FDD8B}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | "{A2014631-820B-4811-92F6-F26CCED44BF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A410ECBC-C517-4382-ABC4-898C5933A335}" = protocol=6 | dir=in | app=f:\programme\two worlds\twoworlds.exe | "{A449EB6C-20D2-4469-BB50-7E129EA6EC57}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A477911E-7985-4571-8A04-3DBD01D54AC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A58164E0-4BB8-4B95-9439-7E352BF78C5E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{A7203611-7A19-4326-99BB-7FB5A6129001}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{AA3DE754-DD68-490A-8009-EF227B29CA2C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AA7776FE-366D-47ED-A16F-0B13EF9AE7F6}" = protocol=6 | dir=in | app=f:\programme\two worlds\twoworlds_radeon.exe | "{AB0A07BD-832F-40DB-941C-916BDCE4001D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB36F398-5DFA-48E5-A5E2-3E505CA93F57}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "{AD3400A5-086A-45A1-BB20-4D7249187624}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | "{AE5AD349-6717-4B0D-A116-742489A5E870}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE679479-1F1F-440B-BE24-F0EC3432A530}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{AF76E783-EEFF-40DC-A3DA-54838B7AEC0B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{AFB6A4E7-DD9D-4528-9C59-6F2D5578937D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B1DBDD14-92A9-43A2-9D47-82B9D75385D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B242C7CA-BB7B-44C3-96C6-21092E13D073}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B36ADA4F-9673-4874-91E8-0BB95A4F2EBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B3C41979-44B3-4E98-A862-84B01BA82F07}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4959080-1EB8-436E-81F6-6F5806DA62F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B4B98AA8-8EDA-43BA-8407-EA63D9B2627A}" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe | "{B53C16A5-5E93-48EA-8620-FCE4D440B38D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B5A68407-F2B9-4A7C-8FE6-885E300DF30D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B83FDE75-FB55-4CB0-9622-ABE0BB6E1C1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BA44C6D5-AA59-48D5-8C70-D5F8912E40C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BA8C6389-EF30-4C35-985B-BD752595E86E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BAEE4119-4E7A-4B25-85A2-7B460B20E000}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BCD227D5-D8C2-40AE-ACCD-52CF994323F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0FCE8A8-AF71-4F15-8E87-74979FE1032E}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | "{C219844E-7C14-4C20-8310-0A945477ECC8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{C27DA363-D0EC-48F1-9734-11B5DA27EA04}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{C283E58A-D364-4F6A-B7AD-8201BD7A999A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C2E142F7-E426-4101-AD2E-3676A85B97CB}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{C4764DDC-BCA3-4A78-8F5D-527F1C52741C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C483413E-FFA7-4271-BC6B-3612C9FAF886}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{C7F4602B-4F66-402D-928D-C48A142D46F8}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | "{C9836BC2-B08D-414A-8786-31B1180D47B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D00B7007-9D2C-4A2A-8A9F-5B14794EB2B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D11F422D-1803-43EF-BB1B-13299F32A5CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D1E6214C-500B-4814-A7EE-533E9E8317F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D1F40F79-EA06-4756-9744-3FF71852ADB3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | "{D2B54D52-6E50-4CE8-B1D5-02FFB9E3869C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D2D6406B-23E8-49C5-B9A4-F46DF1ADB8CA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{D3E127F4-EE15-4773-97CC-5B73E274C7AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D543335C-666F-4272-95D8-163D58F0314E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{D720B4FB-F9D3-43EC-8995-B9B4A88FB83F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D73726FD-7B6A-43AA-91C3-9B168371C224}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D7DA299E-8729-43D1-A2A0-4BCBC7E17DAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D918519B-788A-443F-90E2-873A3C4B88B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D9748DD2-98A7-4B30-BE91-C723D8C7D450}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "{DA320A80-7541-429B-9742-7649FAAA00BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA5895FB-9929-47E8-88ED-841A15E3C1DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DAB16C15-1623-4BC8-BEC4-216D3DF9CA55}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{DAEF5105-0ABE-43B4-A30F-4F965DAC4C64}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E04A9CB2-82BB-4DFC-8812-379EEB0AE1AB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{E0B10EE2-F12D-44D9-AAE3-43CDEF65912F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E0D35F6D-E4FC-4033-BEF4-0C63D46ED342}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{E45B28E3-8276-462F-945C-E5B9D1A20BEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5E94ABA-A601-4A4E-9642-4F09FA1C7DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E610E054-00FF-4F31-9174-83ADBFF8ACF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E73BE370-2EB2-462D-8A4F-CD1355D50E7E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{E8A9E4FA-DDE3-4250-800C-5CE9C3428453}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{E8E0E521-F242-449A-BF28-8BB84A178E17}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E9CE2A0A-6A1D-4B30-B2E4-B8BAA6B04956}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA31D69A-B78A-4A40-8939-A05CFD8F803D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EB14FA04-A6E5-4002-9ED6-83311889F160}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED2354DE-2755-4B88-BEA0-56710B50F3FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ED7655A4-6A05-4EB0-948C-9C7003DB8DC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EDE9C6BA-7494-4C54-AA69-4B5D14760FED}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EE9C7D5E-E743-4322-9747-3949A10B8678}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EF8ED0DD-BF05-464E-AA8D-03FC3D5AFA4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F1081729-F9E5-47BE-BA29-9D6F1DF1D045}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{F2D425DB-412B-4725-998E-BFBEADCAAABF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F4C447A9-9415-45BD-B4EC-6B9C9EB66689}" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe | "{F6AC188D-0F41-41FD-B7CB-5D52F8BE674B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7126C75-E160-4759-85AE-467E84FC434A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F80F92E3-0806-4B86-8786-E66E8BAD4053}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F88E9EC7-9C19-4DE0-8652-A30A3A365939}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8EE747F-9398-4BB3-B307-8153C83BEB0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FD70CC3E-7D34-42C3-8A92-6085264B66BC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FF04F263-D16E-4128-BE51-4EF25A060B52}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{FF79A443-EEC1-4C0A-B8BC-89BD20A82A11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{05BADC51-D359-4B05-AD94-6D6EEC348198}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe | "TCP Query User{0854EAEC-CF45-4CD4-BAB0-D1484DC9FCAE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "TCP Query User{0FB786EA-182E-41CA-A796-127DC3DF9C6E}C:\users\tobias\appdata\local\temp\7zs844.tmp\hl.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\7zs844.tmp\hl.exe | "TCP Query User{154A75F0-B7B7-4A98-B91E-BE3396622AA1}C:\program files\littlefighter2\lf2_v2.0\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0\lf2.exe | "TCP Query User{250EF89B-AADC-45EE-91E3-3A90DA155578}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{2D7EFC09-B287-4020-BD09-4964E9CBFAAE}C:\users\tobias\downloads\yuleech-runesofmagic2_0_1_1821-de.exe" = protocol=6 | dir=in | app=c:\users\tobias\downloads\yuleech-runesofmagic2_0_1_1821-de.exe | "TCP Query User{301ECD48-21FD-4DA6-93A1-FA7BED9DC9A8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{4A2C4267-7959-4B7B-A81B-650501606E82}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{4B57DDE1-88BD-41E2-9CB3-873F66ECE3DE}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{4C1B9AC5-A21A-49CF-AC06-36E3D3BA5A5E}C:\users\tobias\appdata\local\temp\7zs8d32.tmp\hl.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\7zs8d32.tmp\hl.exe | "TCP Query User{4FF16205-513D-4CAD-BC15-1B229A3198D1}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe | "TCP Query User{5AA48F30-0466-469D-9011-2FC73CDADBA6}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{5B42C2EF-0BAC-452D-9E4C-D11CD9BAD5D0}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{6B561602-27B3-4CBA-8778-15EF7B3C60EB}C:\program files\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\sacred.exe | "TCP Query User{6C50B3C2-AB35-4796-9076-74FF62E8D1ED}C:\users\tobias\appdata\local\temp\rar$ex00.391\volley.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\rar$ex00.391\volley.exe | "TCP Query User{6C79556B-1F3E-4D72-B824-BDD461F2BE5A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{75E06BD1-80DD-453D-AFF3-C693D15787D5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{760F8E97-6133-4DC2-A49E-D9F37646C5D3}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{7E464E76-B14C-42AD-964F-A73FFFD1B660}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | "TCP Query User{7EE56D18-C9C9-4798-8B2F-83FDF46DF556}C:\program files\gamigo games\smash online\smashonline.exe" = protocol=6 | dir=in | app=c:\program files\gamigo games\smash online\smashonline.exe | "TCP Query User{84270D30-56F5-4656-BB49-913F1C58591D}C:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\java portable\jdk\bin\java.exe" = protocol=6 | dir=in | app=c:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\java portable\jdk\bin\java.exe | "TCP Query User{8B5A2185-9670-46C3-A403-2373C02EC722}C:\program files\congstar webradio\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\congstar webradio\ps_olect.exe | "TCP Query User{8E85F7B8-05A4-4FA5-9CF5-100E68C18201}C:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\apache2\bin\apache_16.exe | "TCP Query User{90C6AC0F-3A97-477F-A27E-79F7840B2EEB}C:\users\tobias\appdata\local\temp\7zsf0bd.tmp\hl.exe" = protocol=6 | dir=in | app=c:\users\tobias\appdata\local\temp\7zsf0bd.tmp\hl.exe | "TCP Query User{91629796-F03C-44A8-A18F-A72A10522328}C:\program files\blobby volley 2.0 alpha 6\blobby-server.exe" = protocol=6 | dir=in | app=c:\program files\blobby volley 2.0 alpha 6\blobby-server.exe | "TCP Query User{97084190-A27B-4517-A7D9-3FB3C4405FB5}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{9BD36B40-FF5C-444F-9448-7C6CA22207ED}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{ABC18E0A-6266-4C9B-9540-B3B648D6FE1C}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{B359707B-8156-4D8F-A869-9B9527A48B1C}C:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\mysql\bin\mysqld-opt.exe | "TCP Query User{BCCC8756-0C10-490F-8EBC-96377B004EC1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{BF259B30-29D9-47E8-87D8-CC90CDD0E5D4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{D4C5EE72-7BBD-4E98-99F0-EE187852A7FF}C:\users\gast\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\gast\program files\dna\btdna.exe | "TCP Query User{D766B075-6202-4D2B-959C-16F970362E7D}C:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "TCP Query User{DE7C9953-E417-407B-911B-4DEF7C0D58C8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{DF0B0D1B-7ECE-4C6D-ADDB-40111657498B}C:\program files\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\gameserver.exe | "TCP Query User{E785C909-0D97-4905-BF0A-6342A605EAEC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{F7124DBB-85BE-4654-9572-3ACF5541571C}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{05EDAB25-812B-469E-A245-106412AC3A15}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{06FFB845-A650-4A6F-A911-680BA4E3074D}C:\users\tobias\appdata\local\temp\7zs844.tmp\hl.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\7zs844.tmp\hl.exe | "UDP Query User{08E55A0D-E001-49D0-9683-1EE00DD41A8D}C:\program files\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\sacred.exe | "UDP Query User{09EF8D30-504D-4A28-B4D5-0BE6FA6B4F5A}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{0D7AB41B-E428-4A40-9F32-5E619F118407}C:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | "UDP Query User{18AA9E4A-083D-49B7-98E3-D2CC26860BB3}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{1A80EFF7-901F-43D0-A1AD-0A2322D908FD}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{20601EB6-51E9-4A5E-821E-1CEDD6709D58}C:\program files\gamigo games\smash online\smashonline.exe" = protocol=17 | dir=in | app=c:\program files\gamigo games\smash online\smashonline.exe | "UDP Query User{219734C4-9506-480E-932C-F8619A0D64D0}C:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\java portable\jdk\bin\java.exe" = protocol=17 | dir=in | app=c:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\java portable\jdk\bin\java.exe | "UDP Query User{2A62C4CB-661F-41A0-935C-819189A809E1}C:\program files\blobby volley 2.0 alpha 6\blobby-server.exe" = protocol=17 | dir=in | app=c:\program files\blobby volley 2.0 alpha 6\blobby-server.exe | "UDP Query User{33D17527-2222-4B35-A465-336D4993C068}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{47DF5660-2FD3-4AA3-9849-57EF4AB09DBE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{55217F21-E645-4EB7-AB11-D82976AD72B6}C:\program files\congstar webradio\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\congstar webradio\ps_olect.exe | "UDP Query User{55F1921A-CF13-4B16-8371-D258EC45308A}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{580E9F6F-EB00-4B7B-B7BD-D3398A2D0E11}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{59964542-0EB0-46FE-BCE1-2BA937D1E4EF}C:\program files\littlefighter2\lf2_v2.0\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0\lf2.exe | "UDP Query User{59D07884-18FD-46AC-A258-1FACE4974DF4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{64AFFDE6-944A-4CFB-983A-D16D5E854B13}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | "UDP Query User{6C2D330E-C201-4C6D-9693-64EDF5B565F5}C:\users\tobias\appdata\local\temp\7zsf0bd.tmp\hl.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\7zsf0bd.tmp\hl.exe | "UDP Query User{6C5D866B-D205-4BB6-B7C4-0DA2DEDF45C4}C:\users\tobias\downloads\yuleech-runesofmagic2_0_1_1821-de.exe" = protocol=17 | dir=in | app=c:\users\tobias\downloads\yuleech-runesofmagic2_0_1_1821-de.exe | "UDP Query User{72CD431C-C8AD-44C5-8342-9DF4499D51F6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{78C0AFD8-29D4-41E9-85D0-190ED2229FAD}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe | "UDP Query User{796DD58D-EE86-41D2-AC4F-6A262B2AF013}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{8210B104-3946-4AA6-81B4-431E41CCA237}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{86845BA3-C7B7-4B45-8004-5BC27EAF7A06}C:\program files\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred underworld\gameserver.exe | "UDP Query User{900AD234-0CEE-4BA8-BAD8-349554494E89}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{92F6B3F6-60AD-4F64-9D59-48A94F753957}C:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\mysql\bin\mysqld-opt.exe | "UDP Query User{9773758B-0E81-4688-8BA6-17BE3545FC96}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe | "UDP Query User{B15E6B38-44B2-472F-830D-671A0E8888F6}C:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\users\tobias\downloads\aion emulator\novos_easy_aionunique_emulator_repack_0.1.3\aionemulator\usr\local\apache2\bin\apache_16.exe | "UDP Query User{BE61808C-A11B-4D91-8751-195101E6CAFB}C:\users\gast\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\gast\program files\dna\btdna.exe | "UDP Query User{C015EEB5-EA55-4D23-B95A-C597C49DFA3D}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{C68A6ECC-61F7-4F57-B731-492F0BD9EB01}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe | "UDP Query User{CDA97522-A0CE-4EAA-B266-178F8FB8AF40}C:\users\tobias\appdata\local\temp\7zs8d32.tmp\hl.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\7zs8d32.tmp\hl.exe | "UDP Query User{CE129915-2AE1-4AB2-9B4D-95F523A4BDD2}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{D5B3F91E-CF46-4080-A968-359647557E42}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{E848BDA1-E8D1-4D33-9486-B4E398D4A8B8}C:\users\tobias\appdata\local\temp\rar$ex00.391\volley.exe" = protocol=17 | dir=in | app=c:\users\tobias\appdata\local\temp\rar$ex00.391\volley.exe | "UDP Query User{EDD9EAA9-5F56-4AAB-BBED-2B236C897646}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer) "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists) "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu "{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress) "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher "{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5 "{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front "{8EDCE870-7A65-4448-B8CB-8045659F79CC}" = Chemicus II "{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{9BB98644-282F-4B35-8851-1E04F6E1A33C}" = Microsoft DirectX 9.0 SDK "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components) "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B593FA46-32FA-4464-A786-A853F979EE3A}_is1" = Gear Full Circle 10/31/2010 Build "{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™ "{BA96A695-E9CE-4B2A-919A-540B73E7A78E}" = Microsoft Platform SDK (3790.1830) "{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE111B5C-27F5-B74D-C15A-CAFDD2E21837}" = Reg (DOFUS Audio Subsystem) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CECB5CA0-6908-45EA-B18E-64C61B11DA99}" = Family Tree Maker 2008 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs "{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy) "{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry) "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU "{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE) "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface "ASIO4ALL" = ASIO4ALL "Ask Toolbar_is1" = Ask Toolbar "Audacity_is1" = Audacity 1.2.6 "Blender" = Blender (remove only) "Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1 "Clever" = Clever "C-Media CM106 Like Sound Driver" = SPEED-LINK Medusa 5.1 USB "Collab" = Collab "Dragonica(DE)" = Dragonica(DE) "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "EADM" = EA Download Manager "FormatFactory" = FormatFactory 2.30 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0 "Free YouTube Download_is1" = Free YouTube Download 2.8 "GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove) "Grand Fantasia" = Grand Fantasia "Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.6.10-rc1 "HyperCam 2" = HyperCam 2 "ICQToolbar" = ICQ Toolbar "Icy Tower v1.4_is1" = Icy Tower v1.4 "IL Download Manager" = IL Download Manager "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{CECB5CA0-6908-45EA-B18E-64C61B11DA99}" = Family Tree Maker 2008 "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "lgx4.lgx.server" = G DATA Logox 4 Speechengine "lvdrivers_11.50" = Logitech QuickCam-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU "Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU "Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU "Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU" = Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "PoiZone" = PoiZone "RegTesting.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Reg (DOFUS Audio Subsystem) "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "StarCraft II" = StarCraft II "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TiEmu" = TiEmu 3.02a "TmNationsForever_is1" = TmNationsForever Update 2010-03-15 "TmUnitedForever_is1" = TmUnitedForever "Two Worlds" = Two Worlds "Uninstall_is1" = Uninstall 1.0.0.1 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 0.9.8a "Warcraft III" = Warcraft III "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "ws4.webspeech" = G DATA WebSpeech 4 "XMedia Recode" = XMedia Recode 2.1.1.1 "XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1 "Yenka" = Yenka ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "3d2559ee28c0dad9" = Notenplaner "Arkadion-X" = Arkadion-X "b75c21f1821527a0" = NosTale Wahrscheinlichkeitsprogramm "BitTorrent DNA" = DNA "CreepSmash.com" = CreepSmash.com "Move Media Player" = Move Media Player "PlanetWerks" = PlanetWerks "SimAquarium" = SimAquarium ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.03.2010 12:44:20 | Computer Name = Tobias-PC | Source = SecurityCenter | ID = 3 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error - 01.03.2010 12:46:51 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 01.03.2010 12:46:51 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 01.03.2010 16:43:29 | Computer Name = Tobias-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung icytower14.exe, Version 0.0.0.0, Zeitstempel 0x4a1e445f, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x0003b15f, Prozess-ID 0xdb8, Anwendungsstartzeit 01cab97edf07ba8c. Error - 02.03.2010 09:01:10 | Computer Name = Tobias-PC | Source = SecurityCenter | ID = 3 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error - 02.03.2010 15:15:25 | Computer Name = Tobias-PC | Source = SecurityCenter | ID = 3 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error - 03.03.2010 13:10:40 | Computer Name = Tobias-PC | Source = SecurityCenter | ID = 3 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error - 04.03.2010 12:52:45 | Computer Name = Tobias-PC | Source = SecurityCenter | ID = 3 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen. Error - 04.03.2010 12:55:14 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 04.03.2010 12:55:15 | Computer Name = Tobias-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = [ Media Center Events ] Error - 10.01.2009 14:20:00 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide Error - 02.05.2009 12:44:12 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.05.2009 14:31:54 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.05.2009 14:31:56 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.05.2009 14:32:38 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.05.2009 14:37:06 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 30.07.2009 04:08:45 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 09.09.2009 13:33:28 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 20.03.2010 10:13:48 | Computer Name = Tobias-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 11.03.2011 09:01:34 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 12.03.2011 09:02:44 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 12.03.2011 09:02:44 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 4, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 12.03.2011 09:02:44 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 12.03.2011 19:03:40 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 12.03.2011 19:03:40 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 4, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 12.03.2011 19:03:40 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 13.03.2011 07:30:23 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 13.03.2011 07:30:23 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 4, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. Error - 13.03.2011 07:30:23 | Computer Name = Tobias-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz 6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung zu erhalten. < End of report > Ich hoffe ihr könnt mir helfen. mfg Tobi |
13.03.2011, 17:52 | #2 |
/// Malware-holic | Schädling zwint Internet Explorer auf tja wer keine windows updates instaliert, muss sich nicht wundern :-(
__________________machst du onlinebanking oder einkäufe oder sonst was wichtiges mit dem pc?
__________________ |
13.03.2011, 18:03 | #3 |
| Schädling zwint Internet Explorer auf Nein, eigentlich nicht.
__________________Ziehe mir gerade alle Windows Updates^^ |
13.03.2011, 18:15 | #4 |
/// Malware-holic | Schädling zwint Internet Explorer auf na jetzt brauchst dus nicht machen. der pc ist ja schließlich mit malware befallen. was heißt eigendlich, entweder man macht onlinebanking, einkäufe etc oder nicht. kann man doch klar beantworten denke ich. :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.03.2011, 19:04 | #5 |
| Schädling zwint Internet Explorer auf Onlinebanking mache ich an diesem PC nicht und das letzte mal etwas eingekauft habe ich vor ca. 3 Monaten auf Amazon. Seit dem Befall aber hab ich mich bei nichts wichtigem mehr angemeldet. |
13.03.2011, 19:09 | #6 |
/// Malware-holic | Schädling zwint Internet Explorer auf ja aber du wirst den pc in zukunft wieder fürs einkaufen nutzen? dann würde ich ihn neu aufsetzen, da wir nicht garantieren können das wir ihn wirklich sauber bekommen. da du sowieso kaum updates etc gemacht hast, ist ein neu anfang für dieses system sowieso günstig, dann können wir ihn diesmal vernünftig absichern
__________________ --> Schädling zwint Internet Explorer auf |
13.03.2011, 19:16 | #7 |
| Schädling zwint Internet Explorer auf Ok Und wenn ich ihn neu aufsetze, welche Möglichkeiten habe ich dann, meine Daten bzw. Teile davon zu sichern, ohne dabei das neue System gleich zu infizieren? |
13.03.2011, 19:42 | #8 |
/// Malware-holic | Schädling zwint Internet Explorer auf du kannnst alle dokumente bilder musik etc auf ne externe festplatte sichern, das ist kein problem. danach wieder melden bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.03.2011, 21:29 | #9 |
| Schädling zwint Internet Explorer auf So, alle Bilder Dokumente und sonstiges sind gesichert. |
14.03.2011, 12:28 | #10 |
/// Malware-holic | Schädling zwint Internet Explorer auf http://www.trojaner-board.de/96344-a...-new-post.html bitte dieses hier komplett umsetzen, außer die tipps die für xp ausgeschrieben sind natürlich :-) bei problemen oder erfolg melden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.03.2011, 12:46 | #11 |
| Schädling zwint Internet Explorer auf Angenommen, ich würde den PC nicht neu aufsetzen, welche Gefahren bestehen und was kann noch passieren? Welche Möglichkeiten hätte ich dann zur Bereinigung des Systems? |
14.03.2011, 15:57 | #12 |
/// Malware-holic | Schädling zwint Internet Explorer auf keine. - pc wird zum spam versand genutzt, dein provider schrenkt dann den internet zugriff ein. - pc wird in ein botnetz aufgenommen, damit werden straftaten begangen und du wirst erst mal als erster verdächtiger vernommen und der pc wird zur beweissicherung mitgenommen, und das dauert.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.03.2011, 07:23 | #13 |
| Schädling zwint Internet Explorer auf So, habe jetzt das System komplett neu aufgesetzt und die meisten Tipps deines Guides befolgt: - Updates werden jetzt automatisch gezogen und ich bin mit SP2 auf dem neuesten Stand - Als Nutzerkonto habe ich trotzdem ein Adminkonto genommen, da ich sehr oft mal etwas installiere - SEHOP ist über die Registry aktiviert worden (also den einen Wert erstellt und auf 0 gesetzt) - UAC ist eingeschaltet - Das Tool zum sicheren konfigurieren und Abschalten der Windows-Dienste wollte ich benutzen, aber hingegen deiner Anleitung meint das Programm, es wäre nur für XP und Server, mache ich irgendwas falsch? - Datenausführungsverhinderung ist aktiv, sollte mal was nicht funktionieren weiß ich ja wie ich es aktiviere - Avira habe ich nach Anleitung installiert und konfiguriert - Opera ist auch installiert, bloß das mit dem Werbeblocker funktioniert bei mir nicht, er findet die Datei nicht, die ich als CSS Filter laden soll. Was könnte da los sein? - Sandboxie ist auch drauf - Autorun habe ich komplett abgeschaltet, wenn ich was ausführen will, kann ich das ja auch selber Panda ist auch drauf, bloß verstehe ich nicht ganz, was das Programm machen soll, kannst du das bitte noch mal erklären - sowohl Secunia als auch FileHippo sind drauf und leisten ihre Arbeit, mal ne Frage, FileHippo wird immer als AutostartProgramm geblockt und ich muss es manuell ausführen, kann ich das iwie umgehen, weil mit der Aufgabenplanung hat er es nicht in der Taskleiste gehabt. - Paragon Backup habe ich auch installiert und bereits ein Komplettbackup und eine bootbare Notfall CD erstellt Zu guter Letzt noch eine letzte Frage: Ich habe in der msconfig eingestellt, das mein Computer mit 4 Kernen hochfährt und seitdem will Windows msconfig immer beim Systemstart starten, was ja eigentlich Unfug ist. Beim Defender kann ich es nicht löschen, wie kriege ich es wieder aus dem Autostart? |
16.03.2011, 08:17 | #14 |
| Schädling zwint Internet Explorer auf Ok, Problem mit msconfig hat sich gelöst, beim Ausführen des Programms kam eine Meldung, um das Programm wieder aus dem Autostart zu entfernen. |
18.03.2011, 07:41 | #15 |
| Schädling zwint Internet Explorer auf Ja, hallo nochmal, also ich glaube, dass die Malware jetzt zwar von meinem Rechner ist, aber sich vorher noch auf meine Festplatte kopiert hat. Auf dieser finde ich nämlich seit kurzem eine Autorun.inf Zum Glück wurde deren Ausführung ja dank deines Tutorials verhindert, doch da ich die Festplatte auch an anderen Rechnern nutzen möchte, wäre eine Bereinigung wünschenswert. Laut Avira handelt es sich um den Wurm W32/Stanit. Anbei ist die Logdatei, die Avira bei einem Suchlauf der entsprechenden Festplatte ausgab. Die infizierten Dateien habe ich, wie in der Logdatei sichtbar, erst einmal in Quarantäne verschoben. Avira AntiVir Personal Erstellungsdatum der Reportdatei: Freitag, 18. März 2011 07:05 Es wird nach 2499944 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : Tobias Computername : TOBIAS-PC Versionsinformationen: BUILD.DAT : 10.0.0.635 Bytes 07.03.2011 12:02:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:22:56 AVSCAN.DLL : 10.0.3.0 56168 Bytes 10.01.2011 13:23:14 LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:03 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 20:19:52 VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 20:19:52 VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 20:19:52 VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 20:19:52 VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 20:19:52 VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 20:19:52 VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 20:19:52 VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 20:19:52 VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 20:19:52 VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 20:19:52 VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 20:19:52 VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 20:19:54 VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 20:19:55 VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 20:19:57 VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 20:19:58 VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 20:19:59 VBASE018.VDF : 7.11.3.251 159232 Bytes 28.02.2011 20:20:00 VBASE019.VDF : 7.11.4.33 148992 Bytes 02.03.2011 20:20:02 VBASE020.VDF : 7.11.4.73 150016 Bytes 06.03.2011 20:20:03 VBASE021.VDF : 7.11.4.108 122880 Bytes 08.03.2011 20:20:03 VBASE022.VDF : 7.11.4.150 133120 Bytes 10.03.2011 20:20:05 VBASE023.VDF : 7.11.4.183 122368 Bytes 14.03.2011 20:20:06 VBASE024.VDF : 7.11.4.228 123392 Bytes 16.03.2011 06:04:45 VBASE025.VDF : 7.11.4.229 2048 Bytes 16.03.2011 06:04:45 VBASE026.VDF : 7.11.4.230 2048 Bytes 16.03.2011 06:04:45 VBASE027.VDF : 7.11.4.231 2048 Bytes 16.03.2011 06:04:45 VBASE028.VDF : 7.11.4.232 2048 Bytes 16.03.2011 06:04:45 VBASE029.VDF : 7.11.4.233 2048 Bytes 16.03.2011 06:04:45 VBASE030.VDF : 7.11.4.234 2048 Bytes 16.03.2011 06:04:45 VBASE031.VDF : 7.11.4.248 43008 Bytes 17.03.2011 06:04:45 Engineversion : 8.2.4.188 AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51 AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 18.03.2011 06:04:48 AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49 AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:22:49 AERDL.DLL : 8.1.9.8 639346 Bytes 14.03.2011 20:20:33 AEPACK.DLL : 8.2.4.12 520567 Bytes 14.03.2011 20:20:30 AEOFFICE.DLL : 8.1.1.17 205177 Bytes 14.03.2011 20:20:27 AEHEUR.DLL : 8.1.2.87 3371383 Bytes 18.03.2011 06:04:47 AEHELP.DLL : 8.1.16.1 246134 Bytes 14.03.2011 20:20:14 AEGEN.DLL : 8.1.5.3 397684 Bytes 18.03.2011 06:04:46 AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42 AECORE.DLL : 8.1.19.2 196983 Bytes 14.03.2011 20:20:12 AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41 AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:22:55 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:22:55 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:22:56 AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:22:51 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:22:54 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.01.2011 13:23:15 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\Tobias\AppData\Local\Temp\7776526e.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: J:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Freitag, 18. März 2011 07:05 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'J:\' <VERBATIM> J:\Musik\musik2\Christoph\demo_musicmaker2007deluxe_de.exe [FUND] Enthält Code des Windows-Virus W32/Stanit J:\Musik\musik2\Christoph\muma11_59mb_us.exe [FUND] Enthält Code des Windows-Virus W32/Stanit J:\Musik\musik2\Christoph\Railroads.exe [FUND] Enthält Code des Windows-Virus W32/Stanit Beginne mit der Desinfektion: J:\Musik\musik2\Christoph\Railroads.exe [FUND] Enthält Code des Windows-Virus W32/Stanit [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bd959ec.qua' verschoben! J:\Musik\musik2\Christoph\muma11_59mb_us.exe [FUND] Enthält Code des Windows-Virus W32/Stanit [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '534a7650.qua' verschoben! J:\Musik\musik2\Christoph\demo_musicmaker2007deluxe_de.exe [FUND] Enthält Code des Windows-Virus W32/Stanit [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '01152ca8.qua' verschoben! Ende des Suchlaufs: Freitag, 18. März 2011 07:34 Benötigte Zeit: 27:32 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 7019 Verzeichnisse wurden überprüft 75412 Dateien wurden geprüft 3 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 75409 Dateien ohne Befall 920 Archive wurden durchsucht 0 Warnungen 3 Hinweise |
Themen zu Schädling zwint Internet Explorer auf |
0x00000001, akamai, askbar, audacity, backdoor, bonjour, computer, conduit, converter, device driver, error, excel, excel.exe, failed, firefox, flash player, google, home, install.exe, location, logfile, media center, metin2, mp3, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, opera.exe, otl.exe, otl.txt, plug-in, programdata, realtek, saver, scan, schädling, searchplugins, security, security update, server, shell32.dll, skype.exe, software, start menu, studio, system, teamspeak, tower, trojan.spyeyes, trojaner-board, virus, vista, visual studio, windows-sicherheitscenter |