| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.EPACK.Gen2 auf meinem RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.04.2011, 16:45
| #1 |
| |  TR/Crypt.EPACK.Gen2 auf meinem Rechner OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.04.2011 13:35:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sellmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 104,00 Mb Available Physical Memory | 10,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 76,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Computer Name: SELLMANN-PC | User Name: Sellmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 1
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3811333571-3079259545-4140786328-1002]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016795ED-7B30-45FB-B2B7-B99BF2609040}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{0464D1C5-19A5-43A9-B9CA-6D59F728F99D}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{0A3E5D05-7095-464B-BD46-1ADA744F9933}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{0A435305-3FB7-4BE6-BA98-2C78F7A39EF0}" = rport=5358 | protocol=6 | dir=out | app=system |
"{0A534FE4-AF2F-4BE0-8C3A-454BF9B8A2B1}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{10F68A5C-47EB-430C-919E-A009C8A134D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{12B681FF-9BFD-4B85-8823-6BE3CA96B747}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{16AE8708-A560-431E-8799-024907924AB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1A77CBD5-6230-40B1-81E9-A10A072DB112}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B57C440-7DC3-4C67-9E91-6C6D275EAF23}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{1B951F6C-6CF0-449B-8A43-035823FC27D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2505B1B4-97C1-4049-A28F-2B95B28A7DE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25CCEC2A-08AF-42D4-9121-EB624C4387C2}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{27966C4C-81D9-4BAA-919B-6C2475E379A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{325A51FD-8734-4020-82A0-4ACDF87D15B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{36C60A6D-601B-4FB4-AF8B-F40FB7F83095}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A9E62B8-7B73-48FB-83D8-3B8656F013B0}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{3F2893E8-0F38-45E6-A409-FEFD851A2FE3}" = rport=137 | protocol=17 | dir=out | app=system |
"{4262FABF-E0B2-4CDA-B976-A1BA162E984C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4329129F-3931-4C89-933A-47133908B5E5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46247A2A-2442-4293-A0D2-50813576F285}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{47FDC83D-C6EC-449E-A6FF-A0E806CE4896}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{484B25A5-366E-41E2-BC9E-A5D158247D90}" = lport=5357 | protocol=6 | dir=in | app=system |
"{4AC4AEB4-C7B3-486C-9A6D-16160C69E8DE}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4C81D876-AF97-4579-AE74-F95EFFE5733B}" = rport=1723 | protocol=6 | dir=out | app=system |
"{50347EA9-F34D-4FFE-9D91-714294EE9808}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{52F36BEE-CFFF-460B-9059-438037F343CA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{54ADAF39-2BD1-4050-9314-DB245B8203C5}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{54BB35EA-A8A2-4238-A900-DF0864A915C5}" = lport=1723 | protocol=6 | dir=in | app=system |
"{557FDE3C-8FDB-4D08-83BD-6A039846969A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55D662A2-D4E6-4D40-8FC4-CEBEF577FB0B}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{58000CCE-D3D9-4186-A443-D716AC2224C2}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{596850DE-984F-45A4-97BE-0A9598E8C49F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5ABFD4B2-FADA-4DB2-B96F-91F1FA1DEA6F}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{6260B6A7-BE0A-4839-BA98-49814FB26B1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63FBCCD4-022B-44B2-81EC-78EFD4791AE7}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{65485E31-1C1B-4A27-8D15-6A9A30C0830E}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{671F43FC-39EE-43F2-A98E-FC7EF401BB16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6B386F23-8AF4-457A-BEC9-810179748D20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6B3E7D81-B567-4DD9-9D50-ECD3DB9AB994}" = rport=138 | protocol=17 | dir=out | app=system |
"{6BE051B5-BF4A-4124-BFD7-535CAC09A3C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EC516D2-DC7A-43F2-9BC5-72D973B96204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{75444F92-0724-466C-8F0C-E1406E13E575}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{75E30091-3630-44B1-BEA6-4D8DD50C2D81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{79A61B94-A5D4-4241-99B0-F5DA5D4BDC44}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{80CD8EA2-BDB7-4400-8A51-1BAE8B8189D6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{81C5CE35-2984-42DB-BC92-371A8E8C0ED7}" = lport=4662 | protocol=6 | dir=in | name=127.0.0.1 |
"{8252D6EB-9A86-4638-8C67-D8BE57D1869B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8258DAE4-F2C4-4F57-9BB3-B73120B15EB7}" = rport=445 | protocol=6 | dir=out | app=system |
"{832BE37B-E553-42E2-9B44-6395438DEC44}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{846DB756-C180-4462-AE9E-86E07DE04B9A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{84920034-88FE-4324-90D9-4DC2F68D5969}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{8B34883E-8397-4855-A449-7C380A4A65C7}" = lport=2178 | protocol=6 | dir=in | app=system |
"{8B5EED41-9FFF-4E2A-A890-0E8445040AEA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{8CA8A5A8-1743-4A84-A4B8-9F2870DCC4B5}" = rport=5357 | protocol=6 | dir=out | app=system |
"{8DAC4A45-2FD1-4767-AE63-A2D2A8AE406D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8F0B22E7-8647-45B1-B75D-4D3A7E2054AC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8F24F4AB-A1F8-4912-B10D-BF7E532800C5}" = rport=2178 | protocol=6 | dir=out | app=system |
"{91D6DBB1-8B48-4651-8A80-651DDA2AA069}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{9225D6B9-5D39-4DBE-AF2B-06B9A884E749}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9412CB35-4D42-40B7-BA49-9B21F82F2268}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9649E6CD-624C-4184-8833-C9FE201A533C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{983D934D-CC52-4C29-9ED3-9FC88B94A51E}" = lport=5985 | protocol=6 | dir=in | app=system |
"{98C33C1E-AAD7-4520-BFF7-634FB258E76A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BD7ACEC-2823-41A1-B79E-6A615FA3074D}" = rport=139 | protocol=6 | dir=out | app=system |
"{9C3CB063-5570-4F12-8B77-F74F85E1BB95}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9EC35D60-8DF4-4713-A194-888E96959419}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A44A14C4-3615-4080-89B5-8D974FF6DACD}" = lport=445 | protocol=6 | dir=in | app=system |
"{A66D9397-807E-4D37-952C-5526D7A27AFE}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A6F1641D-9BAE-45D3-83BB-E1FF62C538C2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A74EF3E3-16D3-47AD-B043-958558ED1ECC}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{AE1C34D9-4101-42BE-A536-4341190244BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF70541A-D6E6-4018-B61F-DD1ACD6A3A62}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{B1601CE7-40DC-4D8C-8AD9-4176D2C9F11A}" = lport=1701 | protocol=17 | dir=in | app=system |
"{B23A2299-5154-4C1E-AF6D-81204DF06AA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B3E4AE09-F332-4B6D-8ABB-915220F49BD3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B4B86A43-3685-471A-A398-6A25062F0A47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B57B6A2D-9375-4B03-932F-CD84102828CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B7538422-9B55-43A8-A2A8-AE78A07CD324}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9072A20-F1C9-4309-8E8C-690AA8443B5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BB3F90BF-846D-40C2-8591-181F95A6713E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{BD922457-FAFE-4508-8269-5A506807FDD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C52BFB95-5BA2-428A-AD53-8B6AA386BD12}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{C765C6C2-08AD-447B-9C7E-73E7450C9ADB}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB8BF7EB-F5CC-44E9-9F75-851E5331B338}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{CC9B6414-68F0-4DAD-AA81-28506FBD3F9C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1B83FB1-77E2-4ABD-8B8A-03982D10B081}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{D4497ACE-A3AA-4084-B8F6-A2E171EAA8E6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D7219496-5370-4927-9E5D-BB9BE0C30383}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E1C2586D-F8B9-4F23-8DF5-9F6908D54084}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{EA86B6D4-C3DC-455A-B1A4-A76937FC5730}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F1A6D9D5-A25B-4F56-8346-DA7DA1BAEFD7}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{F303D2CE-69E3-4616-B8B6-BCEF325178DE}" = lport=5358 | protocol=6 | dir=in | app=system |
"{F7CC8961-99BF-4823-8614-B117FEBF3264}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F8148DAD-4E44-468D-8F96-212679E14D1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F875E986-A067-442D-AF7A-9345D6CE590A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FB825729-D8D8-4436-9F9D-1F4AEA77A2BE}" = rport=1701 | protocol=17 | dir=out | app=system |
"{FB848198-A9BF-4663-A3F5-AF143069FBF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FF38E3D8-5C9F-49A8-851E-C85A1A9C3D67}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0466EB72-6993-4A05-93E0-412EC272689B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0CD6AE55-DC65-41C0-BAE5-5333F841234C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{106BE549-DA09-4347-B93F-80A417C0CE44}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{164CD31B-F384-4B62-BBEF-31A038B91DCA}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{175F7B1B-914C-4F0A-A40B-CF7F4EDEABC1}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{177C2D9F-1BFD-4690-A706-97C9AEF29052}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{189889F7-4975-4DD6-95F7-F03A09F9A91B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{1AEBB177-084F-41AA-BE9E-CD15FFC42880}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{1C00923C-7F1A-4B27-98FC-0CE9AB61EC10}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1C849A33-6D6E-4253-9835-F11BB0E540C7}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{1D05EBC2-5B99-4DD9-AD4C-5B776829E855}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1E4D7368-7A87-4AB1-A857-D1437A7B4495}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{1E508D40-A8A1-4A51-92AD-02CC0C1A962F}" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\foldershare\foldershare.exe |
"{2068340D-ABDD-4722-AEA1-38820F1934B4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{22C7A555-4BD4-4813-AB30-3A290FA88F92}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{2F11E128-5982-4004-8C1D-42776535270A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2F3D8AD8-461C-47B1-8051-503694FD8CB3}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{34024190-6F5D-4A81-A461-36E9B08786A6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{341BD55D-D7D1-4FAD-BBF9-6B26CA0FC5F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3539E214-035F-4204-83EB-625B545E6C81}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{399E28B8-EDC3-41F7-A550-E67EFD1F0DFC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3BB013F5-AE41-46EB-9E3F-FAC2B6FEA48E}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{3D47DE79-F864-42E2-909D-8F4E8F3C2649}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D6DDB58-670B-48A1-A2F8-99BC30A0AB83}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{454795DC-6199-4086-AD8E-5B3EB168BB1A}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{4DC6B01C-3744-4BD2-BD65-9AFBE694F44B}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{4F002D31-023D-4B29-A40A-2266C1C773A9}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{59B5789E-1787-4C5A-A753-4E4F266EDE7E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5FB35A56-9526-4FA0-BA21-852F851C0D29}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{682151E1-03FC-4A49-882B-FFBCD7E42F63}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{6B9D4F95-A517-45C5-B3C5-E732F4A09436}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6C2B2056-436E-43CF-92FB-AFB837597F6C}" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\foldershare\foldershare.exe |
"{6C3774DD-8B8F-451F-B1CD-F4F8E79CEDB2}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{70617C99-8502-42A7-B392-A41C59509548}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{74285831-FCA7-4CF9-B579-B8D5862BEAD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{76058906-E1CB-4538-901D-8A2C0011FDAB}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{7A2F5B41-3B6F-4326-9351-84060B376654}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{81C94825-2D50-4F2B-83BB-0B18C3B0A222}" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\foldershare\foldershare.exe |
"{8421C50A-1C72-404F-A3E5-5DF30A917CC3}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{862452DE-84FE-487F-8B2F-DB5FA7451C14}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{8632759F-52FF-4EA4-9915-01C159A5C725}" = dir=in | app=c:\windows\system32\csrspl.exe |
"{89C05A69-A5BE-4686-8F59-941475E09DD5}" = protocol=6 | dir=in | app=c:\program files\emule\linkcreator.exe |
"{8DB983A2-0BFB-46A4-B510-8D4B889F4039}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{92D102F9-E372-4916-85DF-6ACCDDF31133}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{954653E1-41F5-4D84-A031-CE17667E0CB6}" = protocol=6 | dir=out | app=system |
"{97A76780-164D-4DA0-8319-BF5FEE00ABE1}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{993A950E-E4FD-4FA7-A81F-8EC3B784DEDA}" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\foldershare\foldershare.exe |
"{9B4021CA-E326-4618-AE9E-6BFD9936F22A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9EDDF297-8349-4A8B-A2F7-42BDD9758ABC}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{A3112A53-BCA6-4C0A-B5C6-27AB528011C9}" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"{A440F075-4D05-4A0E-9729-EFC5D0313417}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A5C2737E-00C5-45BF-87EA-210E2D1437A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7F0A5F9-E9AB-47DF-A7A4-E8DFC4E1CA6C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{AD4097BC-8861-476B-92D9-F4B9ABD97BBA}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{AE8A677C-A11E-4E27-9608-BB58BC9B95DF}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{B26A125A-5DAE-423A-988D-84022D3C1D01}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B42B39FC-F133-410D-9D56-937F7CC27B7A}" = protocol=6 | dir=out | app=system |
"{B6D4559D-4048-42B3-B893-22224301EDF7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{BF1F6D2E-9899-4194-91D2-CA53255CDAD2}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{C36DB973-7709-474C-83F5-03BC0242B222}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{C8EBFFEB-9D9A-49B9-B567-406A069FB8C2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CED0A61B-7DBF-4D8A-9392-4862204CBD1D}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{CFEFE67E-FBDC-4687-AE64-E74FBE48C1A5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D0B410FA-4121-404A-9646-F3AAC08A4C81}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D0B88312-69D3-4B11-B8DF-9BDD3C55775A}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{D98283E6-3C86-46A8-B0B5-1583E3630F59}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9FA026A-8540-4E39-818D-45C9EAE70A46}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{E1466B0B-386D-4DD6-8AA2-4B0869536EAD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{E36F32D8-61EE-4448-97B7-17EBE128A817}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{E3A17B60-2DFF-44F3-83D0-EB72A937D618}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E463C073-AEA5-4BB4-9287-EBD98A9B83B4}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{EBF8BB14-1F5D-44C5-9467-407A23E64307}" = protocol=17 | dir=in | app=c:\program files\emule\linkcreator.exe |
"{ED0EB026-D2E2-42B7-AFEA-9CD7CEEB2546}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{F212F669-D114-4B56-87F0-267B2514CAC8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{F5A52116-5915-4BF6-BA7A-D4AEAF76DA75}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F67E6010-364F-4DB1-8EB3-F595DE62CBD5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{F8B15043-2808-447C-AE24-13264ACED3AE}" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"{FEED68CD-AF78-44E9-B802-D9673C6A9709}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"TCP Query User{03FBDFB4-94E7-455A-9948-90AB4D683D55}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{088FC1BA-47C0-40B0-95E2-E065F00024A1}C:\users\sellmann\appdata\local\temp\rar$ex01.719\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.719\client\extremmt2.exe |
"TCP Query User{0A831046-D829-4E14-A404-FCC2B0BC72BC}C:\users\sellmann\appdata\local\temp\rar$ex03.016\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex03.016\client\extremmt2.exe |
"TCP Query User{0E700347-49AA-48A7-ABC6-A04D29138E0B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{270FF09E-C2AF-4D49-83AC-016182DB0B3E}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{2C887386-E662-418B-9489-CC5D973C3D54}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{3AC04221-E00C-4ECD-992F-8407AB1DFFE4}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{3D52224C-91F4-42B0-A829-569C165D594A}C:\program files\freetvradio\freetvradio.exe" = protocol=6 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"TCP Query User{3E6F8E27-E37C-4D70-8ABC-DFB98E3D3BF6}C:\users\sellmann\appdata\local\temp\rar$ex01.672\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.672\client\extremmt2.exe |
"TCP Query User{4FE1C0A9-3E6A-4308-8529-E7E2F2503CF5}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{587AB168-6A99-49D1-AA31-B8E63BFD1DA5}C:\program files\amule\amule.exe" = protocol=6 | dir=in | app=c:\program files\amule\amule.exe |
"TCP Query User{656E03A8-B0EC-4C2C-9402-45227EB6D1D0}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6582587D-C690-4FED-B7DC-62A9C485198C}C:\users\sellmann\appdata\local\temp\rar$ex00.781\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex00.781\client\extremmt2.exe |
"TCP Query User{6F0475CC-8885-4653-9C6D-6115770EEC30}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6F0B4EC8-E571-46F0-ADCF-9EA74D699FEA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6F44B5F2-EEFE-4CE0-B7C0-E400FE7E64FB}C:\program files\red clash '93\rc93.exe" = protocol=6 | dir=in | app=c:\program files\red clash '93\rc93.exe |
"TCP Query User{81C0AD2E-FE3B-4519-A982-CEFAC161D2A2}C:\users\sellmann\appdata\local\temp\rar$ex01.188\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.188\client\extremmt2.exe |
"TCP Query User{888EB17E-8F3D-4DDD-A715-EB9839BC0DB2}C:\users\sellmann\appdata\local\temp\rar$ex06.281\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex06.281\client\extremmt2.exe |
"TCP Query User{8988A392-6EA0-4486-A489-E3A68A212487}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{A32C2982-00F1-47AD-83E9-FC8135E74402}C:\users\sellmann\appdata\local\temp\rar$ex13.844\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex13.844\client\extremmt2.exe |
"TCP Query User{AA07CBCD-6F0E-49BA-A747-2DD23C2DBBFA}C:\program files\microsoft games\midtown madness 2\midtown2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\midtown madness 2\midtown2.icd |
"TCP Query User{AA3E8353-4275-45E4-A79B-25A6822DA241}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{AFED0442-932F-45D2-8175-7E6E85EA4C45}C:\users\sellmann\appdata\local\temp\rar$ex00.953\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex00.953\client\extremmt2.exe |
"TCP Query User{CACEF0FA-05DE-4D30-829C-9750EB07434E}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{D3F8E7D2-5AA3-4A37-98DE-9316B518416F}C:\users\sellmann\appdata\local\temp\rar$ex08.266\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex08.266\client\extremmt2.exe |
"TCP Query User{D7C00D31-2B5B-4588-B662-B100C3D909C4}C:\users\sellmann\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\usmt\migwiz.exe |
"TCP Query User{D8790014-367F-4533-A96E-44A60CA0A0FF}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{D8AB5021-F30E-419D-90AF-27F58CA36782}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DD99B602-42E4-4F33-9005-C5554D60EED0}C:\users\public\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\public\phone\skype.exe |
"TCP Query User{DEFBB0B5-0C3B-4F01-960F-C266C78EA40F}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{E7920A6B-D290-42FB-AFAF-15B9C12FFCBD}C:\users\sellmann\desktop\spiele\neuer ordner\extremmt2-alterclient\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\desktop\spiele\neuer ordner\extremmt2-alterclient\client\extremmt2.exe |
"TCP Query User{EA9CAFA4-095D-4D9B-8048-CB40AC894E16}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{EC004B82-1A0A-4722-8772-8625DFF054B3}C:\users\sellmann\appdata\local\temp\rar$ex00.797\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex00.797\client\extremmt2.exe |
"TCP Query User{ED8B2323-94AC-4AAA-9113-F5780229E1F6}C:\users\sellmann\appdata\local\temp\rar$ex01.812\client\extremmt2.exe" = protocol=6 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.812\client\extremmt2.exe |
"UDP Query User{0B04E52E-21A3-4D2A-BA57-DB09617F4F70}C:\users\sellmann\appdata\local\temp\rar$ex01.719\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.719\client\extremmt2.exe |
"UDP Query User{1C94C9C7-8CE1-4141-B24F-6C9DCA36AD25}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{1CB3B912-4CE1-4CDF-9C36-58E4C25FE282}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{2A3C69AE-5524-468C-8447-6FABA67D8BF8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2C88ABC5-2D01-47F7-8CCF-4C72AA325D2B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{388FA26B-EE11-4958-A48C-59186629D1CD}C:\users\sellmann\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{3E4B11EC-4123-4384-923A-4D9EEC0C3E71}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{477D8F2D-6F06-43E7-8BD4-9A12F1A58018}C:\users\public\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\public\phone\skype.exe |
"UDP Query User{4807DC37-921B-4130-A888-25C5CD7949E2}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{496B5D5F-2A71-4821-9330-D5D453B99054}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4A856E9A-F713-4432-A0CB-527912F387B6}C:\users\sellmann\appdata\local\temp\rar$ex00.781\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex00.781\client\extremmt2.exe |
"UDP Query User{4EA82BFF-47E0-4546-B9DF-B767C081355B}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{53A0BFD9-741D-4E9C-9996-07C8E6B32A8D}C:\users\sellmann\appdata\local\temp\rar$ex06.281\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex06.281\client\extremmt2.exe |
"UDP Query User{57ABBA2D-20FB-4861-84D0-9B5028E074D0}C:\users\sellmann\appdata\local\temp\rar$ex08.266\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex08.266\client\extremmt2.exe |
"UDP Query User{5B844E58-A150-4B96-91F2-2CFE3EC9543E}C:\users\sellmann\appdata\local\temp\rar$ex01.188\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.188\client\extremmt2.exe |
"UDP Query User{5BB40506-0C01-41C0-A29F-B0CB6FC58385}C:\users\sellmann\appdata\local\temp\rar$ex13.844\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex13.844\client\extremmt2.exe |
"UDP Query User{642F6801-B11B-4FDE-B9ED-F0B1C81FC6AC}C:\users\sellmann\appdata\local\temp\rar$ex01.672\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.672\client\extremmt2.exe |
"UDP Query User{71D09E0E-47CB-4DD1-8B4B-628B2986DC9B}C:\users\sellmann\appdata\local\temp\rar$ex00.953\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex00.953\client\extremmt2.exe |
"UDP Query User{76592BD5-399D-440D-9BAF-93FD66B850EB}C:\program files\freetvradio\freetvradio.exe" = protocol=17 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"UDP Query User{8019645D-07D4-4010-A689-6648164A7FD8}C:\users\sellmann\appdata\local\temp\rar$ex03.016\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex03.016\client\extremmt2.exe |
"UDP Query User{89CDE052-8CF2-442E-AB1A-7DC5AD81EE39}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{8BB59825-1E97-4C9F-B0FF-BFFB3F635AAB}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{909532DB-A33F-4830-93E4-1C7674A9357F}C:\program files\amule\amule.exe" = protocol=17 | dir=in | app=c:\program files\amule\amule.exe |
"UDP Query User{96F71D99-27C7-4736-BC3F-93C3F87411A3}C:\users\sellmann\appdata\local\temp\rar$ex01.812\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex01.812\client\extremmt2.exe |
"UDP Query User{98C923B5-BA7F-49C8-A6EE-81F4B9C27707}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A042CEF3-27D9-4CE0-92BF-E9D50A975936}C:\users\sellmann\desktop\spiele\neuer ordner\extremmt2-alterclient\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\desktop\spiele\neuer ordner\extremmt2-alterclient\client\extremmt2.exe |
"UDP Query User{A88B4C62-8DAA-4162-BB36-5FC23B0370C7}C:\program files\microsoft games\midtown madness 2\midtown2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\midtown madness 2\midtown2.icd |
"UDP Query User{ACE719C0-4965-4D8B-BA65-E382C212D5D8}C:\users\sellmann\appdata\local\temp\rar$ex00.797\client\extremmt2.exe" = protocol=17 | dir=in | app=c:\users\sellmann\appdata\local\temp\rar$ex00.797\client\extremmt2.exe |
"UDP Query User{B69D9A19-9693-4FCF-B0F3-2A15B830A3DF}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{CAFAE562-206A-4381-96DE-476C0B2D9A44}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{D2345451-D89B-4F89-AD51-84E652D9C6C9}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{E9998B9E-65C9-4FEC-A6C2-451363E4F8F9}C:\program files\red clash '93\rc93.exe" = protocol=17 | dir=in | app=c:\program files\red clash '93\rc93.exe |
"UDP Query User{FA3D7293-B747-4240-B044-77E46AB061FB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{FB918105-3B4E-4D16-A227-84AE35D51EDB}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}" = Digimax Converter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90260407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1D5EC14-C943-4F78-A914-BA89D6BC8B2A}" = Windows Live FolderShare Beta
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5322
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CREATOR9" = Creator 9
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flashplayer" = Flash Player plugins 9
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"Google Updater" = Google Updater
"Infocentre" = Infocentre Rev. 2.0
"Lexmark 1200 Series" = Lexmark 1200 Series
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NIS2007_DE" = NIS2007
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"oqibc" = Favorit
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Rekkaturvat" = Truck Dismount (remove only)
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave
"SKYPE" = Skype 2.5.2.151
"SysDoc1_is1" = ArchiCrypt System Doctor Version 1.2.3.2231
"Updator" = Packard Bell Updator
"VIDEO_NVIDIA" = Video NVIDIA v97.46
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WChat" = Westwood Online
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2005Setup" = Setup-Start von Microsoft Works 2005
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.04.2011 13:35:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sellmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 104,00 Mb Available Physical Memory | 10,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,88 Gb Total Space | 76,35 Gb Free Space | 33,95% Space Free | Partition Type: NTFS
Computer Name: SELLMANN-PC | User Name: Sellmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sellmann\Desktop\OTL(2).exe (OldTimer Tools)
PRC - C:\Windows\Temp\Fvt.exe ()
PRC - C:\Windows\Temp\Fvs.exe ()
PRC - C:\Windows\Temp\Fvr.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Users\Sellmann\Desktop\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (csrspl.exe) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (BlueSoleil Hid Service) -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Start BT in service) -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (BELKIN) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation. )
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbd) -- C:\Windows\System32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\Tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.17 22:08:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.03 18:31:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.03 12:11:57 | 000,000,000 | ---D | M]
[2011.04.03 12:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellmann\AppData\Roaming\mozilla\Extensions
[2011.04.03 12:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellmann\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.04.08 18:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sellmann\AppData\Roaming\mozilla\Firefox\Profiles\x45uizjg.default\extensions
[2010.11.30 09:40:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sellmann\AppData\Roaming\mozilla\Firefox\Profiles\x45uizjg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.03 12:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.08.02 21:54:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.06.16 14:10:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.03 12:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.03 12:11:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.02.28 16:27:16 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.11.29 01:00:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.29 01:00:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.29 01:00:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.29 01:00:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.29 01:00:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.07.28 12:36:07 | 000,317,952 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10907 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKU\.DEFAULT..\Run: [W5E7SH31DG] C:\Windows\Temp\Fvs.exe ()
O4 - HKU\S-1-5-18..\Run: [W5E7SH31DG] C:\Windows\Temp\Fvs.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002..\Run: [3EFB0E1E7E2F52CE] C:\YouMeetWeWo\YouMeetWeWo.exe (Kclpilsala Gmxkqw)
O4 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002..\Run: [Mtopuf] C:\Users\Sellmann\AppData\Local\ogohetiqaquhe.dll (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002..\Run: [Xbuguqoqiwog] C:\Users\Sellmann\AppData\Local\KBtogape.dll (FileZilla Project)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunServices: [SSDPSRV] C:\Windows\System32\ssdpsrv.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3811333571-3079259545-4140786328-1002\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sellmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sellmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: CollaborationHost - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - c:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: kycig - hkey= - key= - File not found
MsConfig - StartUpReg: Nemobar - hkey= - key= - C:\Programme\NemoBar\Nemobar.exe (EFD Software)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: VX3000 - hkey= - key= - File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: Windows Live FolderShare - hkey= - key= - C:\Users\Sellmann\AppData\Local\FolderShare\FolderShare.exe (Microsoft Corporation)
MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011.04.09 12:43:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sellmann\Desktop\OTL(2).exe
[2011.04.09 11:50:51 | 007,109,120 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Sellmann\Desktop\registrybooster.exe
[2011.04.09 11:36:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sellmann\Desktop\OTL.exe
[2011.04.09 10:55:28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.07 20:43:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\1441A05E61B5CCABF2D20B2B73E67851
[2011.04.06 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Local\{515086EB-3989-47D6-8DD7-46B28379B61E}
[2011.04.06 17:05:59 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Roaming\kock
[2011.04.04 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Roaming\Lexware
[2011.04.03 12:56:18 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Roaming\Haufe Mediengruppe
[2011.04.03 12:56:18 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Local\Haufe Mediengruppe
[2011.04.03 12:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer
[2011.04.03 12:16:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Haufe
[2011.04.03 12:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2010
[2011.04.03 12:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.04.03 12:14:04 | 000,000,000 | ---D | C] -- C:\Programme\Lexware
[2011.04.03 12:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.04.03 12:12:38 | 000,000,000 | ---D | C] -- C:\Programme\Haufe
[2011.04.03 12:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.04.03 12:11:57 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.03 12:11:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.03 12:11:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.03 12:11:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.03 12:06:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Lexware
[2011.04.03 12:06:53 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Local\Lexware
[2011.03.23 19:40:35 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 19:40:34 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.13 16:33:50 | 000,000,000 | ---D | C] -- C:\Users\Sellmann\AppData\Roaming\Apple Computer
[2011.03.13 16:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.13 16:31:59 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.13 16:31:57 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.13 16:29:02 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.13 16:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.13 16:23:04 | 080,298,280 | ---- | C] (Apple Inc.) -- C:\Users\Sellmann\Desktop\iTunesSetup.exe
[2009.09.24 13:40:51 | 000,370,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Sellmann\AppData\Local\ogohetiqaquhe.dll
[2009.09.24 13:40:51 | 000,087,552 | ---- | C] (FileZilla Project) -- C:\Users\Sellmann\AppData\Local\KBtogape.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\Sellmann\Documents\*.tmp files -> C:\Users\Sellmann\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.09 14:00:10 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2011.04.09 14:00:09 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2011.04.09 13:58:22 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.09 13:53:21 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.09 13:50:53 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.04.09 13:44:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.09 12:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sellmann\Desktop\OTL(2).exe
[2011.04.09 12:36:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.09 12:33:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.09 12:33:03 | 000,071,157 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.09 12:33:01 | 000,071,157 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.09 12:32:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.09 12:32:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.09 12:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.09 11:51:33 | 007,109,120 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Sellmann\Desktop\registrybooster.exe
[2011.04.09 11:36:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sellmann\Desktop\OTL.exe
[2011.04.09 09:57:23 | 225,249,886 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.09 09:54:02 | 000,194,560 | ---- | M] () -- C:\Windows\System32\test.exe
[2011.04.09 09:49:41 | 000,000,120 | ---- | M] () -- C:\Users\Sellmann\AppData\Local\Osureruqap.dat
[2011.04.09 09:49:03 | 000,000,000 | ---- | M] () -- C:\Users\Sellmann\AppData\Local\Qmabogajimonob.bin
[2011.04.08 21:00:22 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Sellmann.job
[2011.04.07 20:54:46 | 000,011,421 | ---- | M] () -- C:\Windows\System32\GnuHashes.ini
[2011.04.07 20:43:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\aclnet.dll
[2011.04.07 13:11:11 | 001,530,725 | ---- | M] () -- C:\Users\Sellmann\Desktop\wrar400d.exe
[2011.04.06 21:16:39 | 000,659,854 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.06 21:16:39 | 000,622,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.06 21:16:39 | 000,143,280 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.06 21:16:39 | 000,117,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.03 20:58:20 | 000,015,346 | ---- | M] () -- C:\Users\Sellmann\Desktop\ostrov-proklyatyih+[torrentino.com+212492].torrent
[2011.04.03 12:16:56 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Hilfesammlung 2010.lnk
[2011.04.03 12:15:07 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2010.lnk
[2011.04.03 12:11:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.03 12:11:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.03 12:11:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.03 12:11:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.31 22:41:40 | 000,159,232 | ---- | M] () -- C:\Users\Sellmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.20 21:38:50 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.13 16:33:02 | 000,001,667 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.13 16:23:27 | 080,298,280 | ---- | M] (Apple Inc.) -- C:\Users\Sellmann\Desktop\iTunesSetup.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\Sellmann\Documents\*.tmp files -> C:\Users\Sellmann\Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.09 13:52:06 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.09 13:35:45 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.04.09 13:20:23 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.09 09:54:02 | 000,194,560 | ---- | C] () -- C:\Windows\System32\test.exe
[2011.04.07 20:54:46 | 000,011,421 | ---- | C] () -- C:\Windows\System32\GnuHashes.ini
[2011.04.07 20:43:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\aclnet.dll
[2011.04.07 18:21:53 | 225,249,886 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.07 13:11:09 | 001,530,725 | ---- | C] () -- C:\Users\Sellmann\Desktop\wrar400d.exe
[2011.04.06 17:20:22 | 000,000,120 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\Osureruqap.dat
[2011.04.06 17:20:22 | 000,000,000 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\Qmabogajimonob.bin
[2011.04.03 20:57:56 | 000,015,346 | ---- | C] () -- C:\Users\Sellmann\Desktop\ostrov-proklyatyih+[torrentino.com+212492].torrent
[2011.04.03 12:16:56 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Hilfesammlung 2010.lnk
[2011.04.03 12:15:07 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2010.lnk
[2011.03.13 16:33:02 | 000,001,667 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.13 16:29:04 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.02.10 12:06:11 | 000,000,100 | ---- | C] () -- C:\Windows\lexstat.ini
[2011.02.10 12:05:40 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE
[2011.02.10 12:05:39 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
[2011.02.10 12:05:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2010.05.16 00:41:51 | 000,000,552 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\d3d8caps.dat
[2010.04.02 09:43:46 | 000,071,157 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.02 09:43:46 | 000,071,157 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.24 13:40:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 13:40:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.26 09:20:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.03 13:52:08 | 000,000,093 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\oqibc.bat
[2008.09.09 09:39:05 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.08.02 20:51:18 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008.06.20 21:19:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.19 18:05:41 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.03.21 22:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.12.01 22:55:57 | 000,000,096 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\fusioncache.dat
[2007.11.05 16:36:54 | 000,000,680 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\d3d9caps.dat
[2007.09.28 22:33:10 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2007.09.28 22:33:05 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2007.09.28 22:33:04 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2007.09.27 17:46:35 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2007.09.27 17:46:34 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.08.31 18:30:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.08.31 18:30:22 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2007.08.31 18:30:20 | 000,544,768 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.06.28 15:45:34 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll
[2007.06.28 15:29:12 | 000,000,142 | ---- | C] () -- C:\Windows\ktel.ini
[2007.05.23 18:15:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.05.11 17:10:12 | 000,000,127 | ---- | C] () -- C:\Windows\compedia.ini
[2007.03.04 18:08:41 | 000,025,600 | ---- | C] () -- C:\Windows\System32\jesterss.dll
[2007.02.26 19:35:26 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2007.02.25 18:39:58 | 000,001,345 | ---- | C] () -- C:\Windows\disney.ini
[2007.02.20 21:40:19 | 000,159,232 | ---- | C] () -- C:\Users\Sellmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.01.25 02:54:16 | 000,659,854 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.01.25 02:54:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.01.25 02:54:16 | 000,143,280 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.01.25 02:54:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.24 18:17:22 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.01.24 18:15:26 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006.12.21 12:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,512,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,622,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,117,620 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 001,197,056 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2006.01.30 14:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2004.12.02 15:20:18 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2004.07.20 17:04:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2004.01.15 14:43:28 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TBTMonUI.dll
[2000.12.11 15:46:41 | 000,011,616 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
========== LOP Check ==========
[2008.09.01 10:47:03 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Ace
[2010.06.12 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\ArchiCrypt System Doctor
[2011.04.03 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Azureus
[2009.02.19 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\digital publishing
[2011.04.07 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\F-Secure
[2010.03.08 01:50:04 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Fighters
[2010.06.05 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\FissaSearch
[2010.06.05 17:30:37 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\freeTVRadio
[2011.04.03 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Haufe Mediengruppe
[2008.04.10 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\ICQ
[2007.06.28 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\klickTel
[2011.04.06 17:05:59 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\kock
[2007.10.16 13:12:45 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Leadertech
[2011.04.04 15:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Lexware
[2008.06.09 11:10:33 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Mra
[2011.02.28 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\OpenCandy
[2007.12.01 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Packard Bell
[2007.11.19 11:40:23 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\PeerNetworking
[2008.11.22 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Power Mixer
[2007.08.31 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Samsung
[2008.05.07 09:43:48 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Toshiba
[2011.02.28 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Uniblue
[2011.04.09 14:00:09 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job
[2011.04.09 14:00:10 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator.job
[2011.04.09 11:11:00 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.15 18:27:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{96ABF0D9-8631-4115-9782-45E3096DD773}.job
[2011.04.09 13:53:21 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.04.09 13:58:22 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.09 13:50:53 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2008.09.01 10:47:03 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Ace
[2011.04.06 17:18:13 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Adobe
[2007.09.21 14:23:45 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\AdobeUM
[2007.03.06 16:53:31 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Ahead
[2009.01.02 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\AOL
[2011.03.13 16:35:05 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Apple Computer
[2010.06.12 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\ArchiCrypt System Doctor
[2010.09.19 10:48:48 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Avira
[2009.07.31 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\AVS4YOU
[2011.04.03 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Azureus
[2009.02.19 18:03:17 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\digital publishing
[2010.06.10 22:29:35 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\DivX
[2010.12.05 19:44:08 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\dvdcss
[2011.04.07 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\F-Secure
[2010.03.08 01:50:04 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Fighters
[2010.06.05 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\FissaSearch
[2010.06.05 17:30:37 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\freeTVRadio
[2008.02.16 12:17:09 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Google
[2009.02.16 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Hamachi
[2011.04.03 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Haufe Mediengruppe
[2008.04.10 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\ICQ
[2007.02.20 19:19:52 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Identities
[2009.01.02 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\InstallShield
[2007.06.28 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\klickTel
[2011.04.06 17:05:59 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\kock
[2007.10.16 13:12:45 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Leadertech
[2011.04.04 15:46:42 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Lexware
[2007.02.26 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Media Center Programs
[2010.12.30 23:40:56 | 000,000,000 | --SD | M] -- C:\Users\Sellmann\AppData\Roaming\Microsoft
[2008.08.28 22:29:45 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Mozilla
[2008.06.09 11:10:33 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Mra
[2009.07.31 16:46:16 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\NCH Software
[2011.02.28 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\OpenCandy
[2007.12.01 22:55:16 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Packard Bell
[2007.11.19 11:40:23 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\PeerNetworking
[2008.11.22 18:04:06 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Power Mixer
[2007.03.17 00:50:29 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Roxio
[2007.08.31 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Samsung
[2011.03.09 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Skype
[2009.05.21 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\skypePM
[2009.03.21 15:39:11 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Talkback
[2008.05.07 09:43:48 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Toshiba
[2011.02.28 17:05:56 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\Uniblue
[2011.04.07 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\vlc
[2009.07.31 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\Sellmann\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010.12.05 16:29:44 | 000,469,304 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\cdrecord.exe
[2010.12.05 16:29:48 | 000,123,856 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\dvdauthor.exe
[2010.12.05 16:29:49 | 000,449,720 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\mkisofs.exe
[2010.12.05 16:29:50 | 000,349,632 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\mpeg2enc.exe
[2010.12.05 16:29:50 | 000,194,496 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\mplex.exe
[2010.12.05 16:29:50 | 000,173,504 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\p2y.exe
[2010.12.05 16:29:50 | 000,095,696 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\spumux.exe
[2010.12.05 16:29:51 | 000,051,648 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azburn_v\bin\vzspath.exe
[2010.01.31 15:00:30 | 010,686,001 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
[2010.11.22 19:01:50 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2010.12.05 16:29:19 | 007,288,256 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
[2010.12.05 16:29:20 | 004,146,688 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
[2010.06.03 15:01:46 | 000,006,656 | ---- | M] (Aedgency) -- C:\Users\Sellmann\AppData\Roaming\FissaSearch\FissaUninstaller.exe
[2009.02.06 15:15:46 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Sellmann\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.02.28 17:05:15 | 000,415,816 | ---- | M] () -- C:\Users\Sellmann\AppData\Roaming\OpenCandy\OpenCandy_2BF4751B072C487C82FC28A35A07645B\LatestDLMgr.exe
[2010.03.05 23:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Sellmann\AppData\Roaming\OpenCandy\OpenCandy_2BF4751B072C487C82FC28A35A07645B\registrybooster(9).exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.10 21:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008.01.10 21:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.10 21:23:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.14 08:42:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.14 08:42:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.09.18 18:01:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.18 18:01:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010.12.18 08:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2008.01.19 09:37:11 | 000,009,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wship6.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
========== Files - Unicode (All) ==========
[2011.04.03 21:14:20 | 000,015,358 | ---- | M] ()(C:\Users\Sellmann\Desktop\[FireBit.org]_?????????-2011-dvdrip-??-firebit-films.torrent) -- C:\Users\Sellmann\Desktop\[FireBit.org]_выкрутасы-2011-dvdrip-от-firebit-films.torrent
[2011.04.03 21:13:28 | 000,015,358 | ---- | C] ()(C:\Users\Sellmann\Desktop\[FireBit.org]_?????????-2011-dvdrip-??-firebit-films.torrent) -- C:\Users\Sellmann\Desktop\[FireBit.org]_выкрутасы-2011-dvdrip-от-firebit-films.torrent
[2011.03.29 23:44:58 | 000,014,967 | ---- | M] ()(C:\Users\Sellmann\Desktop\[FireBit.org]_?????-??????-??????????-?????-1-4-??-4-2001-dvdrip.torrent) -- C:\Users\Sellmann\Desktop\[FireBit.org]_тайны-ордена-тамплиеров-серии-1-4-из-4-2001-dvdrip.torrent
[2011.03.29 23:44:49 | 000,014,967 | ---- | C] ()(C:\Users\Sellmann\Desktop\[FireBit.org]_?????-??????-??????????-?????-1-4-??-4-2001-dvdrip.torrent) -- C:\Users\Sellmann\Desktop\[FireBit.org]_тайны-ордена-тамплиеров-серии-1-4-из-4-2001-dvdrip.torrent
[2010.02.18 16:07:39 | 000,000,000 | ---D | M](C:\Users\Sellmann\Documents\???????) -- C:\Users\Sellmann\Documents\Рецепты
[2009.12.18 00:00:32 | 000,026,112 | ---- | M] ()(C:\Users\Sellmann\Documents\???????? ?????? ??? ??????? ? ????? ?? ????? ?????? ??????? ? ???????? ???.doc) -- C:\Users\Sellmann\Documents\Укрепить волосы вам поможет и маска из смеси тертой моркови и крепкого чая.doc
[2009.12.18 00:00:30 | 000,026,112 | ---- | C] ()(C:\Users\Sellmann\Documents\???????? ?????? ??? ??????? ? ????? ?? ????? ?????? ??????? ? ???????? ???.doc) -- C:\Users\Sellmann\Documents\Укрепить волосы вам поможет и маска из смеси тертой моркови и крепкого чая.doc
[2009.07.27 00:38:10 | 000,000,162 | -H-- | M] ()(C:\Users\Sellmann\Documents\~$ ?????? ?.doc) -- C:\Users\Sellmann\Documents\~$ мнению Б.doc
[2009.07.27 00:38:10 | 000,000,162 | -H-- | C] ()(C:\Users\Sellmann\Documents\~$ ?????? ?.doc) -- C:\Users\Sellmann\Documents\~$ мнению Б.doc
[2009.06.23 22:14:05 | 000,032,768 | ---- | M] ()(C:\Users\Sellmann\Documents\???????????? ? ???? ???????? ???????.doc) -- C:\Users\Sellmann\Documents\Поздравления с днем рождения подруге.doc
[2009.06.09 11:34:17 | 000,032,768 | ---- | C] ()(C:\Users\Sellmann\Documents\???????????? ? ???? ???????? ???????.doc) -- C:\Users\Sellmann\Documents\Поздравления с днем рождения подруге.doc
[2009.02.23 17:26:38 | 000,027,648 | ---- | M] ()(C:\Users\Sellmann\Documents\????????? ????????? ? ?????????.doc) -- C:\Users\Sellmann\Documents\Цыганские пословицы и поговорки.doc
[2009.02.23 17:26:36 | 000,027,648 | ---- | C] ()(C:\Users\Sellmann\Documents\????????? ????????? ? ?????????.doc) -- C:\Users\Sellmann\Documents\Цыганские пословицы и поговорки.doc
[2009.02.07 18:12:57 | 000,022,528 | ---- | M] ()(C:\Users\Sellmann\Documents\????????.doc) -- C:\Users\Sellmann\Documents\Сценарий.doc
[2009.01.31 18:03:23 | 000,000,000 | ---D | M](C:\Users\Sellmann\Desktop\DISKO-POPA-?? ????) -- C:\Users\Sellmann\Desktop\DISKO-POPA-За тебя
[2009.01.31 18:02:44 | 000,000,000 | ---D | C](C:\Users\Sellmann\Desktop\DISKO-POPA-?? ????) -- C:\Users\Sellmann\Desktop\DISKO-POPA-За тебя
[2009.01.23 15:40:57 | 000,027,648 | ---- | M] ()(C:\Users\Sellmann\Documents\????????? ????.doc) -- C:\Users\Sellmann\Documents\Бабушкины руки.doc
[2009.01.23 15:40:49 | 000,022,528 | ---- | C] ()(C:\Users\Sellmann\Documents\????????.doc) -- C:\Users\Sellmann\Documents\Сценарий.doc
[2009.01.22 22:20:15 | 000,027,648 | ---- | C] ()(C:\Users\Sellmann\Documents\????????? ????.doc) -- C:\Users\Sellmann\Documents\Бабушкины руки.doc
[2008.03.19 21:55:56 | 000,027,136 | ---- | M] ()(C:\Users\Sellmann\Documents\?? ?????? ?.doc) -- C:\Users\Sellmann\Documents\По мнению Б.doc
[2008.03.19 21:55:52 | 000,027,136 | ---- | C] ()(C:\Users\Sellmann\Documents\?? ?????? ?.doc) -- C:\Users\Sellmann\Documents\По мнению Б.doc
[2007.11.27 18:01:31 | 000,020,992 | ---- | M] ()(C:\Users\Sellmann\Documents\???????????? ? 30 ?????? ???????.doc) -- C:\Users\Sellmann\Documents\Поздравление с 30 летним юбилеем.doc
[2007.11.27 18:01:22 | 000,020,992 | ---- | C] ()(C:\Users\Sellmann\Documents\???????????? ? 30 ?????? ???????.doc) -- C:\Users\Sellmann\Documents\Поздравление с 30 летним юбилеем.doc
[2007.11.01 13:49:35 | 000,000,000 | ---D | C](C:\Users\Sellmann\Documents\???????) -- C:\Users\Sellmann\Documents\Рецепты
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Sellmann\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sellmann\Documents\My Stationery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sellmann\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sellmann\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sellmann\Documents\Bluetooth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Sellmann\Documents\Allianz:Roxio EMC Stream
< End of report >
|
|
09.04.2011, 16:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.EPACK.Gen2 auf meinem Rechner Was soll das hier werden ohne genaue Problembeschreibung?
__________________
__________________ |
|
09.04.2011, 20:12
| #3 |
| | TR/Crypt.EPACK.Gen2 auf meinem Rechner Hallo zusammen,
__________________ich habe ein Problem mit einem Trojaner namens TR/Crypt.EPACK.Gen2. Antivir meldet mir unentwegt, dass dieses Programm auf meinem Rechner ist. Ich habe versucht, das Ding zu löschen, aber Antivir scheint das nicht zu meistern. Ich habe mich auch ein bisschen informiert, aber viele Tipps hier im Forum schienen neben dem Runterladen von speziellen Programmen auch noch ein kleines bisschen Expertenwissen und -hilfe bei der Beseitigung des Trojaners zu benötigen. Wäre dankbar für jede Hilfe, weil ich absolut keine Ahnung davon habe, wie ich den Trojaner wieder loswerden kann. Danke,Betscha |
|
09.04.2011, 20:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.EPACK.Gen2 auf meinem Rechner Wo sind die Logs von AntiVir? Gibt es welche von Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu TR/Crypt.EPACK.Gen2 auf meinem Rechner |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, ?????, alternate, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, error, excel, excel.exe, flash player, format, google, google earth, home, iexplore.exe, install.exe, intranet, lexware, location, logfile, media center, metin2, microsoft office word, mozilla, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, packard bell, plug-in, policyagent, realtek, registry, rundll, safer networking, saver, scan, sched.exe, searchplugins, security, security update, senden, server, services.exe, shell32.dll, skype.exe, software, start menu, svchost.exe, system doctor, tcp, tr/crypt.epack.gen, udp, video converter, vista, wrapper |
Linear-Darstellung
