| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Möglicherweise Trojaner? http://www.searchqu.com/406Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2011, 10:00
| #16 |
| /// TB-Ausbilder   |  Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Schritt # 1: Peer to Peer oder Filesharing Programme Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall BitTorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Programme deinstallieren und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt # 2: Deinstallation von Programmen
Schritt # 3: Fix mit OTL
Code:
ATTFilter :OTL
SRV - (Bandoo Coordinator) -- C:\PROGRA~2\Bandoo\Bandoo.exe (Bandoo Media Inc.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
[2011.05.21 18:31:59 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.05.30 08:30:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) - c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) - c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\Bandoo\BndHook.dll) - c:\PROGRA~2\Bandoo\BndHook.dll (Discordia Limited)
MsConfig:64bit - StartUpReg: DATAMNGR - hkey= - key= - C:\PROGRA~2\WI371A~1\Datamngr\DATAMN~1.EXE (Discordia, LTD)
[2011.05.30 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Bandoo
[2011.05.30 08:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[2011.05.30 08:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011.05.30 08:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandoo
[2011.05.30 08:32:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
[2011.05.30 08:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011.05.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO
[2011.05.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Conduit
[2011.05.30 08:33:57 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011.05.30 11:45:11 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Bandoo
[2011.03.03 11:17:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\BitTorrent
[2011.05.30 08:34:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bandoo
[2010.09.08 15:40:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2011.05.30 08:31:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011.05.21 18:32:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\XfireXO
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C51B099B-CEEC-4084-A13B-CCC30F757314}" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{099FEBDF-7AE1-47F6-BBEF-84104FC83287}" =-
"{BCB8FA8C-C148-4DBE-896F-BE1B9C9AED6F}" =-
:commands
[Purity]
[Emptytemp]
Schritt # 4: Systemscan mit OTL
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
06.06.2011, 12:16
| #17 | ||
 | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo M-K-D-B
__________________Schritte 1 bis 2 den Vorgaben entsprechend ausgeführt. Schritt 3 Fix. Guckst du hier: Zitat:
Zitat:
|
|
06.06.2011, 12:24
| #18 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Und hier noch die Extras:OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 06.06.2011 13:07:17 - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Michl\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,94% Memory free
12,48 Gb Paging File | 10,81 Gb Available in Paging File | 86,62% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,79 Gb Total Space | 35,73 Gb Free Space | 19,98% Space Free | Partition Type: NTFS
Drive D: | 119,30 Gb Total Space | 34,64 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive E: | 340,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MICHL-PC | User Name: Michl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A4 15 D5 A6 0A 12 CA 01 [binary data]
"VistaSp2" = 56 31 0E B9 8B 12 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178B4D4-AD64-4EE5-A9BC-5E25F9460FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{06B6E1C6-F5F6-498D-843C-04E59A7D07CC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{078CA9E6-2C98-4BB7-A5B0-758B01CD13E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1803F978-7D43-48F5-98CC-4D042A4C23B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{18370743-7A0F-4DE7-97A0-8E98C3AE334E}" = rport=138 | protocol=17 | dir=out | app=system |
"{18B44616-0027-472D-B2FD-2609DF1D77E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EEB1B26-860A-4E78-A75C-FDE45CEEC2F8}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{21471F00-8E9F-46CB-9108-57351DB3F5AF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{3383428B-5880-4077-A1A7-6CC22A99E5C8}" = lport=58638 | protocol=6 | dir=in | name=pando media booster |
"{352120F2-9455-4D70-85AC-47A07A342DE6}" = lport=58638 | protocol=17 | dir=in | name=pando media booster |
"{3C70BE72-855B-4640-8C81-0300D5551127}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{419BA4D8-8047-488F-8500-AD6E10DB62B8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{42F29363-B669-4696-B4B7-3679B516DCD9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{47136509-D612-4127-8186-DCB66363C8E3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{496C096C-B181-4763-A21A-BDEF6BC36020}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{49C13998-AEC0-4FAD-A46A-B0DFB2D3F42F}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |
"{4A40B1E6-3047-475F-8B72-976EA40910CC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{5C7ACC72-FE5A-456A-941C-BE66C82B891B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{5CBF0157-2383-406D-AF54-81A19C1A4C50}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{5F7AB8F2-9E63-4A51-AC02-55B5AAD2994A}" = lport=138 | protocol=17 | dir=in | app=system |
"{61BD9739-A1A2-48D0-AD8B-F053C0FE0842}" = lport=445 | protocol=6 | dir=in | app=system |
"{63284D86-D59A-4A05-AF9F-6434BF0C5F2B}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{63E08E73-0CE6-4456-81E4-34D382A979B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{73A319A2-4498-4195-A694-9DD1D74FD5F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77913F17-FB48-449A-BDAC-4F53E08F5CCF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{79C7B78C-7617-4DF6-99A6-D7F881FCD898}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DEAA28B-0165-4779-B70D-5A052D04BC59}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{7F7915A1-E802-475C-84D7-D43550A35982}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{86C6B99F-030E-4C14-B91A-B32397552A3F}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{ABC1BEB0-1829-4962-80B3-C885851B0EEB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{AFE0887B-9DDE-448E-9E30-427AFB26D9EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B236DA09-E01C-448A-9F62-E947A1995F5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B2EB82F0-E417-4F7B-968A-4E4785C967D4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B49D5A59-4A5F-48B0-8A97-5A0B7827775D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD7EF39F-E33D-4F35-B675-DF219F63B031}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{C1CDB01D-7099-44AC-9973-23481DFB167F}" = lport=58638 | protocol=6 | dir=in | name=pando media booster |
"{C1FB27E6-62F3-4DC6-ACDA-080BC28B44B2}" = lport=58638 | protocol=17 | dir=in | name=pando media booster |
"{C45B4BFB-07FA-48C4-9883-96DD494FB123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4F5990B-FA47-4641-8352-00A43640DB69}" = lport=139 | protocol=6 | dir=in | app=system |
"{C729F6D3-2C98-45A0-B8B2-5A88143F7C3E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{C778836C-E716-49E3-895C-A53CCDEAE02C}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{CFB1BF22-6A64-4BF3-B66A-6B6353F559CF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{D20A186F-061D-42E3-95C7-7CA177ACB68A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3E46B9A-F26C-4F99-9149-FDB4D4860442}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{D8080320-3CFB-4B58-8BB3-36EAB7A8C65E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{E39EE1E2-F3D1-4517-833F-60717D456368}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E649275A-6140-4816-A167-0064FE18AAF5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{F3D8264C-1CE6-4E47-9325-F04FF34C276A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F85F1DDA-D15A-4BC1-8B65-C1BEC04FC140}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00029D0C-79A4-4BE3-936A-9C1112473605}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{02605633-86CB-40CE-9CCE-6FC14BBA5FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{0607F5C2-C5F8-4BD7-875F-E12F6C05BBD6}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{078CDBB3-0B31-446F-813B-A7A9024632F6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08033F94-67E7-4BBD-B387-6D40BD0D4B67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{09E43FE4-BCA2-4F71-A717-F11CCDC75A6D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{0DF5B17B-A645-4942-ACBE-ED13DB74867E}" = protocol=17 | dir=in | app=d:\ofp2\ofdr.exe |
"{141098F5-1545-4A64-92D0-9FE0AFCD9442}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{15830C7B-9372-4905-9947-F7521CAF8017}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{167FF43E-4E15-4801-A9C9-7AAD1C20A303}" = protocol=6 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe |
"{169DE562-16E4-4EBD-B922-65B8633E0288}" = protocol=6 | dir=in | app=d:\perfect world entertainment\forsaken world de\patcher.exe |
"{1D9C8689-117A-4902-BFA6-0F0128C2CF90}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22D56D7E-8EB7-4DDC-80F2-B4E8454A73E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{262B645C-231F-447B-95F2-95004D8D6CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{29BFD687-5C4B-4F69-8250-B18392756B56}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{2D8D2E32-692E-4793-B61E-2A17408FC90F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{2D982674-D124-43AF-9A39-AC0AE47E3EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{34708BFA-66A9-490B-A241-3106C957BE32}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{36C12581-0273-40B6-B16A-20AE7A2190B9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{3B397BCA-FE7B-40AC-BAB6-FB620AAD4C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{3DA88608-E76E-4B01-A4A1-C77396D746A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{3F9A843E-AFC1-4860-BAB5-0519DEFEBD13}" = protocol=6 | dir=in | app=d:\ofp2\ofdr.exe |
"{461FD8AD-E9F7-4E25-A258-676911408A05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{464EE3FE-B462-4377-9385-1289016952EE}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{4BB4E3EC-82DC-4BF6-9204-77ABE1EFF2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E02A7B4-CE79-4067-841C-3FDDADC1F3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{53713714-09B7-4926-81BB-0345B39818E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat |
"{54393781-7BED-40CE-B984-C8EAAD3D955B}" = protocol=17 | dir=in | app=c:\windows\temp\inode_config.exe |
"{54BB7639-1ACA-4131-85B1-08541566B77F}" = protocol=17 | dir=in | app=d:\perfect world entertainment\forsaken world de\patcher.exe |
"{567CF991-FCE9-4522-BFDC-D44E78E6DCFD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5697000C-120F-4F42-B17C-F7834998FFB6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5810280F-DDE1-41DC-B5E2-5D2C80898F13}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{58875C1A-6050-44EB-84B5-2DE5865B55D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B80EF23-FBF1-4FC0-B842-8B13E51C4321}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{5C1DC662-A491-45DE-B7F9-529CC66D0184}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{5E91D8D3-9E7B-4DDB-ADBE-B43F26F07FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{5F76F72C-EFDD-485B-82E1-6EBC37F2EAFD}" = protocol=17 | dir=in | app=d:\two worlds ii\twoworlds2.exe |
"{60784B9F-C048-4BE9-B85A-F856BB08089C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6400136F-DEA9-461E-A0EF-42746A98FA26}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{66D6E3E4-3959-448C-8945-DB989846ED35}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{6938B234-9CA7-4445-955E-5A48B7AA3056}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{69FD9D73-D103-4F9B-8A74-700778C6260B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6E43AB73-01D0-488F-BB51-800314221953}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{6E7176BD-D032-43A7-B876-10182237C751}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6EFED271-A428-49E4-8D77-106399D165BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{732901EA-432A-412A-BBD5-9D81F27F8836}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{7480314E-C22A-4FD0-97E8-A90187EC6955}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{74A26A45-86FC-4BDE-8351-567D40E3A7EC}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{763B2917-060D-4346-BAD3-64F1AF463F5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{773AC544-1377-452F-8FC5-2F5BA7CFB160}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7BE3D29A-39F8-4053-8072-6FC5B5EF0B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{7C3D183D-2C83-4CD1-8A55-6E2C18A7F55B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{85FCAA85-5800-4CEC-9A00-60F645457A19}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{8930E3C8-1EAD-4795-9CB9-B7A6A27937B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F13C242-EB63-443E-9D1D-68F1604400F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{8FC886BF-7136-4AFA-B17C-71C0812D1100}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{91137021-56FD-4E82-B018-BD0A45BD02C7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe |
"{92587D7B-C5E2-496E-850E-6D7EB95E5FBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93B58710-FAEA-4D09-A5BD-FABF3FCCC5B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{940BE8E6-957A-4057-9D35-D3FAE58EBEC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{950BA699-AA9F-4342-83FE-75D2AF1A7803}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{952E269C-8245-4C7E-BE00-7FA20105D1C9}" = protocol=17 | dir=in | app=d:\bfbc2\bfbc2updater.exe |
"{95DE03B9-09B4-4911-87FA-E28AE85DBBAD}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{973E8290-81D2-4A5F-87DD-F3FE048B810E}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{99FBB628-5DE4-41F8-BC9B-E8F124020A62}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9A97478F-E08E-45EC-9F2C-C7B2A95B5A0D}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{9D0E2728-C66A-485F-AC65-44FA7A00BC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{9D40F525-EB7C-484E-A2D9-D2B53388111C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9EAA830C-267A-44E0-BCD8-1D7ECE17F44E}" = protocol=6 | dir=in | app=d:\two worlds ii\twoworlds2.exe |
"{A23AA91B-6B94-4E63-B69A-D155FAAA6A55}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{A512EB83-936D-4CAE-875D-8E97B7698544}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A59E1598-8D5A-4299-91F7-0457617934B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat |
"{A8E75999-A2F4-4C0E-8B61-4A844A4DB27B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{AAC6BAD2-A78E-46AF-BADA-F21DDD7390BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{AB728438-A2F5-41DE-B93F-83D20E1F484A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{B148F639-ED48-4AAE-8DD6-2DBB0AA7296F}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{B5A90F9C-AC46-4550-9801-28EC109FFBB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{B72C18F2-48CF-4DD2-902B-CD94DF8CE288}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{BA9B105A-6C43-4781-8969-9EFAD10ECF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{BC262260-DB18-4E6C-82A5-213BF675CB0A}" = protocol=6 | dir=in | app=d:\bfbc2\bfbc2updater.exe |
"{C1D3C9A4-276D-42F6-A72F-AD8A173443DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{C94AD695-A2E9-4D66-B0D5-EE5151F52E04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D566B7E5-B2F5-4F21-9D4E-F6A9FEC7C479}" = protocol=6 | dir=in | app=d:\bf2\bf2.exe |
"{D791E327-B318-4CB5-A312-22A690354A53}" = protocol=17 | dir=in | app=d:\runes of magic\runes of magic.exe |
"{D7CE760A-167E-4AC1-A305-C165468E1B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DAE9CE5A-423C-4B0B-804F-44E9B4B25D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{DCD1BBDB-5593-47D1-A7C3-17D9642627DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E97ACDCF-4A12-4B3A-AA54-6922D82E14A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{E9E77BA0-4EF2-4F3C-A3DB-B0116BC33713}" = protocol=17 | dir=in | app=d:\bf2\bf2.exe |
"{EB9A0D25-EF1D-40CC-B55A-A7CB0100493F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC1624A8-59EC-4A7D-B479-77D6F547142E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{ED217C9E-7116-45C9-B44E-6D464D238A31}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{ED31015D-6C32-4CFA-9D30-22D98D5E04C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ED602387-BC15-4DB5-96F2-28C397734644}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{EFEE77E5-2E01-42AA-AF62-33B62FFA0456}" = protocol=17 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe |
"{F1DABFDA-156E-4920-B2AB-25B0A296C463}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F200C484-B03E-4EF0-8EBD-4902D68A122F}" = protocol=6 | dir=in | app=c:\windows\temp\inode_config.exe |
"{F3177E61-886E-4840-AF0A-A30B6DAAD705}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{F4B2583B-A440-4ACA-ACB5-917B2DF3D9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F4E3009C-9ED1-4B44-B464-C2E77F7C2206}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe |
"{F5AABC6C-E039-4279-9897-41801E71D9E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F5F0B872-D305-4ED2-9F0D-562858E2838B}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{FAEE944B-15D9-425D-80BB-FC59A787C924}" = protocol=6 | dir=in | app=d:\runes of magic\runes of magic.exe |
"{FE6D3738-0E55-4623-BBE0-FE5606E4C6B9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{FF71266C-14D6-4577-B944-115CBED889EB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"TCP Query User{021E3BE7-6B56-4D4B-BFAD-46EDCAE29543}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{0C40D5F0-802F-4104-8DE3-6FD09AED9E25}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=6 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
"TCP Query User{0C740723-7BA9-439D-A857-93FF9B57114F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{1BF1948B-A10F-4078-983C-DA30B2DEF449}D:\lodro\lotroclient.exe" = protocol=6 | dir=in | app=d:\lodro\lotroclient.exe |
"TCP Query User{2A66C4B6-EA7D-4416-B3E5-1CAC8A9C3923}D:\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno1701\anno1701.exe |
"TCP Query User{41B4320B-A272-4896-ADF8-6A732C51BEA0}D:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=d:\runes of magic\launcher.exe |
"TCP Query User{49D26C21-4F61-46B6-9777-3036507636F1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{50497538-BDE2-4FC7-A5E7-D0C17D4736E5}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{5BEB99B1-2AAF-4566-B0DD-D34ACA3C0914}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"TCP Query User{5F84F074-E32C-4C42-B88C-8E5B31213D98}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{5FFE4FFD-F4CE-4029-87AE-7CF13C218DA5}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe |
"TCP Query User{7082BD35-2E36-4D1D-B295-1E46E3C112F3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{7096C0C2-F500-4753-B908-D55B69671429}C:\program files (x86)\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\ua_lsp_inst.exe |
"TCP Query User{7ABF9005-A1BF-4426-B04D-7D6D25E6806D}D:\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno1701\anno1701.exe |
"TCP Query User{86727DC0-0993-4FD3-A9B6-92349E3A2B12}D:\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{8A936DB5-A57D-4E8E-B5AE-4CBD490DA07C}C:\users\michl\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\tinyumbrella-4.21.01.exe |
"TCP Query User{91DA99A3-0BEF-4938-AAAD-207030F7E8C8}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=6 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
"TCP Query User{9D1F056F-7E56-45EC-91E9-F679E98A9486}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"TCP Query User{ABACBD8C-9A07-4F4C-A8C0-F6BB5BD31BBD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{AFD4C2DC-890D-4F8A-9CFD-9CE4E32D5FE0}C:\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\metin2\metin2.bin |
"TCP Query User{B1D9698D-152C-4F6A-B3C7-E0332D761295}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B24A9DB1-4564-41DA-8CCC-8631DCDFCF84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BCAD3ABD-2946-4345-960A-8F676FC10371}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe |
"TCP Query User{BDB3226E-4053-475A-BDE3-E052E97A4DFC}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{C634798B-DFFD-44ED-8092-AB55FBB0E27B}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{D07767BB-58C1-43E0-8AC5-53FC7BFEBCC3}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{D3CE51E8-5374-412F-9CE4-2066292178B3}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{DABAC4C3-E4E0-4DF6-9867-DC8E8F438D3C}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin |
"TCP Query User{DE41E37F-1070-418C-879C-0FB0012C12F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E3C91F8F-B69D-417E-880C-370C878D5C08}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E778D341-CCBF-4C19-83C0-1DF77ED8B2A6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EC83F4D3-3ADC-42C7-9786-411F9B51ECA0}D:\mtx\mtx.exe" = protocol=6 | dir=in | app=d:\mtx\mtx.exe |
"TCP Query User{F13C48F7-1A7A-4E85-94A8-2980067850E9}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{13448797-7B33-446F-A7BF-A8BCCB06BCFF}C:\users\michl\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\tinyumbrella-4.21.01.exe |
"UDP Query User{15832E9D-8487-4B6C-9273-74EAD637BE8F}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe |
"UDP Query User{15CA0134-A06E-4C39-95B0-ECD1C9C2A5F1}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{1F50BCD9-66D1-46AA-9FAB-9741B0AF2AE9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{24BB21BD-633C-48EE-9C13-6C9642291A8E}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{2FC0B339-6B6D-44B8-918B-D1BC88F6CDE7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5879DAE3-EFC8-495E-8957-CC47CEB082B4}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{5A15C4C7-02B2-4A41-9926-EE73FE7B8EF3}C:\program files (x86)\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\ua_lsp_inst.exe |
"UDP Query User{5B157CEF-8F17-4E5C-B34B-25648DD6E3A7}D:\lodro\lotroclient.exe" = protocol=17 | dir=in | app=d:\lodro\lotroclient.exe |
"UDP Query User{69E3469B-E2EC-49B6-9C2E-555FB1DD2915}D:\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{7635285A-8AB1-477E-B1B6-8B6C2AB7B1AE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{78179CBF-F8D6-4EDC-BBF3-03FAD133E378}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"UDP Query User{7E6F4557-712F-44F1-BC87-1F49958E4890}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8190F411-C2F7-45CC-B001-D77D1E290056}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{83CE00A1-D487-46C4-8D3D-EE72B14238FF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{851AAD07-02F9-4B35-9878-58B320D589A9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8B90CA4C-1E3B-416E-9A99-74BEE55C8B4F}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{942FBA21-B758-4E3E-82EA-DF601A414F8E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A7A6C223-C7BD-4545-8EEB-0A7B10012AE7}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{BD2B0FFA-6E7E-4C1D-BA31-4043A54D59AF}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{C02B110E-44AC-431C-B124-991281F16FA5}D:\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno1701\anno1701.exe |
"UDP Query User{CAC66159-34FC-4DDB-8AF2-F21D7F5A6A0B}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D0228FC4-8247-4982-9162-A6D29976F06C}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=17 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
"UDP Query User{DCC7FB2F-5078-4F22-A913-AF040DC62C8C}D:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=d:\runes of magic\launcher.exe |
"UDP Query User{E12D20A7-30ED-4BB6-BD71-DDD906689870}C:\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\metin2\metin2.bin |
"UDP Query User{E4D574BA-92BC-4E52-8258-9517F453130D}D:\mtx\mtx.exe" = protocol=17 | dir=in | app=d:\mtx\mtx.exe |
"UDP Query User{E8AE60B6-E454-427B-9E90-1D994921677E}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin |
"UDP Query User{E9A29FA6-883E-4A9C-AA70-3F25BF625E89}D:\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno1701\anno1701.exe |
"UDP Query User{EA288B6F-4B4F-48B9-8016-877DCB46FBBA}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe |
"UDP Query User{EC62F14D-DFB5-4270-BA25-E0A8395E8DE1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{EDAE0C52-D923-4A86-A0FB-F171568FA674}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{F3C838D5-B07E-48F1-80A3-B2D29C2C4506}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"UDP Query User{F851E7C2-8540-400D-AD43-841951FECE51}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=17 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MosChip Semiconductor Technology Ltd" = ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; File : PciPorts.inf
;; This inf file configures Pci multi I/O (COM & LPT ) ports
;; (c) Copyright MosChip Semiconductor Technology Limited
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[version]
CatalogFile=Pciports.cat
signature=$Chicago$
Class=Ports
ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
Provider=%ProviderName%
DriverVer=05/22/2008, 1.0.0.6
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[SourceDisksNames]
0=%DiskName%,,
[SourceDisksNames.ia64]
0=%DiskName%,,
[SourceDisksNames.amd64]
0=%DiskName%,,
[SourceDisksFiles]
PciSPorts.sys=0,X86,
PciPPorts.sys=0,X86,
PciPorts.dll=0,X86,
PciIsaSerial.sys=0,X86,
[SourceDisksFiles.ia64]
PciSPorts.sys=0,IA64,
PciPPorts.sys=0,IA64,
PciPorts.dll=0,IA64,
PciIsaSerial.sys=0,IA64,
[SourceDisksFiles.amd64]
PciSPorts.sys=0,AMD64,
PciPPorts.sys=0,AMD64,
PciPorts.dll=0,AMD64,
PciIsaSerial.sys=0,AMD64,
[DestinationDirs]
Common.Files.x86_11 = 11
Sys.Files.x86_12 = 12
Common.Files.x64_11 = 11
Sys.Files.x64_12 = 12
Common.Files.Amd64_11 = 11
Sys.Files.Amd64_12 = 12
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Driver Installation
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Manufacturer]
%ProviderName%=PCIPorts, NTamd64, NTia64
[PCIPorts]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT
[PCIPorts.NTamd64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT
[PCIPorts.NTia64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; COM Port Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; X86 ;;;;
[ISAComPort.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy
[ISAComPort.NT.HW]
AddReg=ComPort.NT.HW.AddReg
[ISAComPort.NT.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; AMD64 ;;;;
[ISAComPort.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy
[ISAComPort.NTamd64.HW]
AddReg=ComPort.NT.HW.AddReg
[ISAComPort.NTamd64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; IA64 ;;;;
[ISAComPort.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy
[ISAComPort.NTia64.HW]
AddReg=ComPort.NT.HW.AddReg
[ISAComPort.NTia64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
; -------------- ISASerial Port Driver install sections
[PCI_ISASerial_Service_Inst]
DisplayName = %PCI.ComPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciIsaSerial.sys
LoadOrderGroup = Extended base
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; EcpPort Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[ISAEcpPort.NT]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg
[ISAEcpPort.NT.Services]
Include=msports.inf
Needs=EcpPort.NT.Services
[ISAEcpPort.NTamd64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg
[ISAEcpPort.NTamd64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services
[ISAEcpPort.NTia64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg
[ISAEcpPort.NTia64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services
[PCI_ISASerial_EventLog_Inst]
AddReg=ISAComPort.DriverParams
[ISAComPort.DriverParams]
HKLM,System\CurrentControlSet\Services\PciIsaSerial, SetRtsOnWake, 0x10001, 1
HKLM,System\CurrentControlSet\Services\PciIsaSerial, RetainPowerOnClose, 0x10001, 1
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI COM Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; X86 ;;;;
[ComCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg
[ComCard.NT.HW]
AddReg=ComCard.NT.HW.AddReg
[ComCard.NT.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; AMD64 ;;;;
[ComCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg
[ComCard.NTamd64.HW]
AddReg=ComCard.NT.HW.AddReg
[ComCard.NTamd64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; IA64 ;;;;
[ComCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg
[ComCard.NTia64.HW]
AddReg=ComCard.NT.HW.AddReg
[ComCard.NTia64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; General Sections for all Installations
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[ComPort.AddReg]
HKR,,PortSubClass,1,01
[ComPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,SerialPortPropPageProvider
[ComPort.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,CUSTNAME,0x00010000,%CustomerName%
[EcpPort.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01
[EcpPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,ParallelPortPropPageProvider
[PCISPorts_EventLog_Inst]
AddReg=ComCard.DriverParams
[ComCard.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,MaskLowBaudToHigh, 0x10001, 0
HKR,,UARTMode, 0x10001, 9
HKR,,RxFIFO, 0x10001, 64
HKR,,TxFIFO, 0x10001, 64
HKR,,RxHighWaterMark, 0x10001, 240
HKR,,RxLowWaterMark, 0x10001, 16
HKR,,EnableHwFlowControl, 0x10001, 0
HKR,,HwFlowControl, 0x10001, 0
HKR,,UseClockPrescalar, 0x10001, 0
HKR,,CPRRegValue, 0x10001, 1
HKR,,UseBaudMultiplier, 0x10001, 0
HKR,,TCRRegValue, 0x10001, 16
HKR,,XOnChar, 0x10001, 17
HKR,,XOffChar, 0x10001, 19
HKR,,TranceiverMode, 0x10001, 0
HKR,,RS485Mode, 0x10001, 1
HKR,,SampleStartBit, 0x10001, 0
HKR,,StartBitLength, 0x10001, 4
HKR,,SampleDataBit, 0x10001, 0
HKR,,DataBitLength, 0x10001, 4
HKR,,TxFifoAmount, 0x10001, 64
HKR,,TxDmaEnable, 0x10001, 0
HKR,,TxDmaLength, 0x10001, 4096
HKR,,RxDmaEnable, 0x10001, 0
HKR,,RxDmaLength, 0x10001, 4096
HKR,,Limit4k, 0x10001, 1
HKR,,SerialDebugLevel, 0x10001, 0
HKR,,PowerUpTime, 0x10001, 1000
HKR,,EnableICG, 0x10001, 0
HKR,,InterCharGap, 0x10001, 0
HKR,,UseCustomBaudrate, 0x10001, 0
HKR,,DLLValue, 0x10001, 0
HKR,,DLMValue, 0x10001, 0
HKR,,InputClock, 0x10001, 0
HKR,,UseExternalClock, 0x10001, 0
HKR,,ExternalClock, 0x10001, 14745600
HKR,,UseExtPCIeClockSource, 0x10001, 0
HKR,,RemoteWakeOn, 0x10001, 0x09000000
HKR,,CUSTNAME,0x00010000,%CustomerName%
[ComCard.DriverParams]
HKLM,System\CurrentControlSet\Services\PciSPorts, EnableTranceiverShutdown, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, UseExtPCIeClockSource, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, RetainPowerOnClose, 0x10001, 1
[ComCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,SerialPortPropPageProvider
[PCISPorts_Service_Inst]
DisplayName = %PCI.SerialPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciSPorts.sys
LoadOrderGroup = Extended base
; -------------- Serenum Driver install section
[Serenum_Service_Inst]
DisplayName = %Serenum.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\serenum.sys
LoadOrderGroup = PNP Filter
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI LPT Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; X86 ;;;;
[LptCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg
[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg
[LptCard.NT.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst
;;;; AMD64 ;;;;
[LptCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg
[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg
[LptCard.NTamd64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst
;;;; IA64 ;;;;
[LptCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg
[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg
[LptCard.NTia64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst
;;; Other sections
[LptCard.NT.HW.AddReg]
HKR,,CUSTNAME,0x00010000,%CustomerName%
[LptCard.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01
[LptCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,ParallelPortPropPageProvider
; -------------- Parallel Port Driver install sections
[PCIPPorts_Service_Inst]
DisplayName = %PCI.ParallelPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE ;; Check
ServiceBinary = %12%\PciPPorts.sys
LoadOrderGroup = Parallel arbitrator
[PCIPPorts_EventLog_Inst]
AddReg = PCIPPorts_EventLog_AddReg
[PCIPPorts_EventLog_AddReg]
HKR,,EventMessageFile,0x00020000,%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\PciPPorts.sys
HKR,,TypesSupported,0x00010001,7
[Uninstall.AddReg]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\PCI Multi-Io Controller\%CustomerName%,VID_PID_NAME1,0,VEN_9710&DEV_9865
[Common.Files.x86_11]
PciPorts.dll
[Sys.Files.x86_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys
[Common.Files.x64_11]
PciPorts.dll
[Sys.Files.x64_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys
[Common.Files.AMD64_11]
PciPorts.dll
[Sys.Files.AMD64_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys
; User readable strings
;----------------------------------------------------------
[Strings]
CustomerName=MOSCHIP
ProviderName=MosChip Semiconductor Technology Ltd
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11B5E957-FCF2-469D-AB66-963C38134231}" = Bluesoleil2.6.0.1 Release 070402
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}" = Quake Live Internet Explorer Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCB2148-4793-4D7B-8269-84C0F0022422}" = HEROLD Marketing CD business 3/2006 - EINZELPLATZ-CD
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9A37B5-717B-4519-8CB3-0F9E01CA9E8D}" = HEROLD Marketing CD Komponenten
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8133D88C-C6F0-4D1A-962E-C3F57D0AB117}" = ODF Add-in for Microsoft Office
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = Speed-Link SL-6534 Dual Vibration Pad
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BEF696DB-9214-46FA-A71B-C2E7BF81D2A7}" = StaticTrainer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ALchemy" = Creative ALchemy
"AnyDVD" = AnyDVD
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"iLivid" = iLivid
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX MP3 Maker 15 D" = MAGIX MP3 Maker 15 10.0.0.257 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MAXCRM V7.11 Testversion_is1" = MAXCRM Trial 7.11
"MediaCoder" = MediaCoder 0.7.2.4535
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"SFBM" = SoundFont-Bank-Manager
"Smart Recorder" = Creative Smart Recorder
"SMPlayer" = SMPlayer 0.6.9
"sm-un1.u32" = TextMaker 2006 (Trial) (C:\Program Files (x86)\SoftMaker Office 2006 (Trial))
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 20920" = The Witcher 2
"Steam App 20930" = The Witcher 2: Bonus Content
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Two Worlds II" = Two Worlds II
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"WaveStudio 7" = Creative WaveStudio 7
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2011 06:59:57 | Computer Name = Michl-PC | Source = System Restore | ID = 8193
Description =
Error - 22.03.2011 07:01:24 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 22.03.2011 07:01:24 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 22.03.2011 11:33:44 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 11:33:44 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.03.2011 10:39:24 | Computer Name = Michl-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x80010108).
[ OSession Events ]
Error - 05.08.2009 10:42:08 | Computer Name = Michl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 588
seconds with 420 seconds of active time. This session ended with a crash.
Error - 27.03.2011 11:37:21 | Computer Name = Michl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 52
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.06.2011 12:39:45 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.06.2011 06:39:57 | Computer Name = Michl-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 06.06.2011 06:40:53 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2011 06:40:53 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2011 06:40:53 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.06.2011 06:49:10 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 06.06.2011 06:53:01 | Computer Name = Michl-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 06.06.2011 06:53:50 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2011 06:53:50 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2011 06:53:50 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
06.06.2011, 13:23
| #19 | ||
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, du hast mir zweimal den OTL-Fix und einmal die Datei Extras.txt hochgeladen. Bitte füge noch das Logfile OTL.txt an. Zitat:
Zitat:
An Avast haben wir keine Änderungen vorgenommen. |
|
06.06.2011, 18:28
| #20 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Uuuups...hier die OTL Datei! OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2011 13:07:17 - Run 4 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Michl\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 59,94% Memory free 12,48 Gb Paging File | 10,81 Gb Available in Paging File | 86,62% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 178,79 Gb Total Space | 35,73 Gb Free Space | 19,98% Space Free | Partition Type: NTFS Drive D: | 119,30 Gb Total Space | 34,64 Gb Free Space | 29,03% Space Free | Partition Type: NTFS Drive E: | 340,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MICHL-PC | User Name: Michl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michl\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG) ========== Modules (SafeList) ========== MOD - C:\Users\Michl\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG) SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\fbserver.exe (MAGIX®) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\Drivers\btnetBus.sys () DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\Drivers\IvtBtBus.sys (IVT Corporation.) DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\Drivers\BtHidBus.sys (IVT Corporation.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\DRIVERS\PciPPorts.sys () DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\DRIVERS\PciSPorts.sys () DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\Drivers\btcusb.sys (IVT Corporation.) DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.) DRV:64bit: - (BT) -- C:\Windows\SysNative\DRIVERS\btnetdrv.sys (IVT Corporation.) DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\Drivers\VcommMgr.sys (IVT Corporation.) DRV:64bit: - (VComm) -- C:\Windows\SysNative\DRIVERS\VComm.sys (IVT Corporation.) DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\DRIVERS\blueletaudio.sys (IVT Corporation.) DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd) DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd) DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x64\sandra.sys (SiSoftware) DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.05.31 10:45:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.09 07:20:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.16 15:28:13 | 000,000,000 | ---D | M] [2011.05.30 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions [2009.11.15 12:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder [2010.02.04 12:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX [2009.11.15 12:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard [2011.06.06 12:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions [2010.04.27 14:56:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.20 22:33:01 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\battlefieldheroespatcher@ea.com [2011.05.30 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.16 15:28:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.17 12:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.09 07:20:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.09 07:20:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.09 07:20:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.09 07:20:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.09 07:20:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.09 07:20:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.09 07:20:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.30 22:56:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.58.160.194 195.58.161.122 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.23 08:13:31 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2010.07.19 01:50:37 | 002,834,432 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.04.10 18:32:30 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.06 12:49:10 | 000,000,000 | ---D | C] -- C:\_OTL [2011.06.06 12:45:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Michl\Desktop\OTL.exe [2011.06.04 07:28:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.06.03 18:31:00 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Malwarebytes [2011.06.03 18:30:53 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.03 18:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.03 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.03 18:30:49 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.03 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.03 17:09:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.06.03 16:56:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.06.03 16:52:33 | 004,112,250 | R--- | C] (Swearware) -- C:\Users\Michl\Desktop\ComboFix.exe [2011.05.30 23:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.05.30 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.05.30 22:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.30 22:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.30 22:40:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.30 22:40:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.30 20:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonitorDriver [2011.05.30 20:49:05 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\InstallShield [2011.05.30 20:12:21 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2011.05.30 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Electronics Ltd [2011.05.30 20:11:45 | 000,000,000 | ---D | C] -- C:\Programme\MagicTune Premium [2011.05.30 20:06:43 | 000,000,000 | ---D | C] -- C:\Samsung [2011.05.30 11:54:24 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011.05.30 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Ilivid Player [2011.05.30 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid [2011.05.30 08:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid [2011.05.30 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\PackageAware [2011.05.28 07:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.05.28 07:14:43 | 003,040,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2011.05.28 07:14:43 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2011.05.28 07:14:38 | 006,289,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2011.05.28 07:14:38 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2011.05.28 07:14:38 | 000,794,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2011.05.28 07:14:38 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2011.05.28 07:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.05.28 07:07:12 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.05.28 07:07:12 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.05.28 07:07:12 | 008,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011.05.28 07:07:12 | 006,555,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.05.28 07:07:12 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2011.05.28 07:07:12 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.05.28 07:07:12 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.05.28 07:07:11 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.05.28 07:07:11 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.05.28 07:07:11 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.05.28 07:07:11 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.05.28 07:07:11 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.05.28 07:07:11 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.05.28 07:07:11 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.05.28 07:07:11 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.05.28 07:07:11 | 002,644,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.05.28 07:07:11 | 002,335,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.05.28 07:07:11 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.05.28 07:07:11 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.05.28 07:07:11 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2011.05.28 07:07:11 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.05.26 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\PDF24 [2011.05.26 17:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24 [2011.05.21 18:31:30 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Xfire [2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire [2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire [2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire [2011.05.21 07:32:37 | 000,000,000 | ---D | C] -- C:\Users\Michl\Documents\3DMark 11 [2011.05.21 07:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\IsolatedStorage [2011.05.21 07:32:06 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Futuremark_Corporation [2011.05.21 07:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2011.05.21 07:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Futuremark [2011.05.18 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\Documents\Witcher 2 [2011.05.18 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\The Witcher 2 [2011.05.17 12:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.05.17 12:31:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.05.17 12:31:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.05.17 12:31:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.05.16 15:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.05.16 15:28:13 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.05.15 18:28:00 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.15 14:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.05.15 14:41:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.05.15 14:41:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.05.15 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.05.15 14:39:45 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.05.15 14:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.05.11 23:47:38 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2011.05.11 23:47:36 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2011.05.11 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kuma Games [2011.05.11 11:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2011.05.11 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kuma Games [2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.06 12:56:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.06 12:53:29 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.06.06 12:53:21 | 000,005,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 12:53:21 | 000,005,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.06 12:53:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.06 12:53:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.06 12:53:09 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys [2011.06.06 12:53:02 | 001,773,881 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.06.06 12:52:12 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx [2011.06.06 12:52:12 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx [2011.06.06 12:52:12 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx [2011.06.06 12:46:05 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job [2011.06.06 12:45:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michl\Desktop\OTL.exe [2011.06.03 18:30:53 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.03 16:56:14 | 004,112,250 | R--- | M] (Swearware) -- C:\Users\Michl\Desktop\ComboFix.exe [2011.06.03 10:23:01 | 000,018,453 | ---- | M] () -- C:\Users\Michl\Desktop\Combo Fix Fehler.jpg [2011.06.01 13:20:40 | 000,057,344 | ---- | M] () -- C:\Users\Michl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.31 10:45:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.05.30 22:56:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.05.30 20:49:17 | 000,001,477 | ---- | M] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk [2011.05.30 20:11:45 | 000,001,431 | ---- | M] () -- C:\Users\Public\Desktop\MagicTunePremium.lnk [2011.05.30 11:54:24 | 000,000,524 | ---- | M] () -- C:\Users\Michl\Desktop\Fraps.lnk [2011.05.30 08:31:59 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.28 07:12:33 | 000,001,460 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d9caps64.dat [2011.05.28 07:12:13 | 000,001,356 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d9caps.dat [2011.05.28 07:02:53 | 000,001,100 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d8caps.dat [2011.05.26 17:19:52 | 000,580,689 | ---- | M] () -- C:\Users\Michl\Desktop\Typenschein Peugeot 206.pdf [2011.05.26 17:17:52 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.05.26 09:42:01 | 001,598,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.26 09:42:01 | 000,685,890 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.26 09:42:01 | 000,643,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.26 09:42:01 | 000,150,290 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.26 09:42:01 | 000,123,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.23 18:02:19 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.05.23 10:55:00 | 000,408,698 | ---- | M] () -- C:\Users\Michl\Documents\UPC.pdf [2011.05.23 10:55:00 | 000,389,945 | ---- | M] () -- C:\Users\Michl\Documents\UPC3.pdf [2011.05.23 10:55:00 | 000,380,536 | ---- | M] () -- C:\Users\Michl\Documents\UPC 2.pdf [2011.05.23 09:42:40 | 000,032,613 | ---- | M] () -- C:\Users\Michl\Desktop\Tastaturbelegung Witcher 2.jpg [2011.05.23 08:25:53 | 000,000,980 | ---- | M] () -- C:\Users\Michl\Desktop\Scheidung.lnk [2011.05.21 18:31:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk [2011.05.21 07:25:57 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2011.05.19 20:41:18 | 000,000,221 | ---- | M] () -- C:\Users\Michl\Desktop\The Witcher 2.url [2011.05.19 19:43:25 | 004,710,557 | ---- | M] () -- C:\Users\Michl\Desktop\The Witcher 2 Manual - German.pdf [2011.05.16 15:53:04 | 000,000,129 | ---- | M] () -- C:\Users\Michl\jagex_runescape_preferences2.dat [2011.05.16 15:50:00 | 000,000,046 | ---- | M] () -- C:\Users\Michl\jagex_runescape_preferences.dat [2011.05.16 15:21:19 | 000,304,828 | ---- | M] () -- C:\Users\Michl\Desktop\Nirolift.pdf [2011.05.16 11:10:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.15 18:28:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.15 14:41:51 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.14 06:27:00 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.05.14 06:27:00 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.05.14 06:27:00 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.05.14 06:27:00 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.05.14 06:27:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.05.14 06:27:00 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.05.14 06:27:00 | 008,865,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011.05.14 06:27:00 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.05.14 06:27:00 | 006,555,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.05.14 06:27:00 | 006,289,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2011.05.14 06:27:00 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.05.14 06:27:00 | 003,040,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2011.05.14 06:27:00 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.05.14 06:27:00 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.05.14 06:27:00 | 002,644,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.05.14 06:27:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2011.05.14 06:27:00 | 002,335,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.05.14 06:27:00 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.05.14 06:27:00 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.05.14 06:27:00 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2011.05.14 06:27:00 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2011.05.14 06:27:00 | 000,794,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2011.05.14 06:27:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2011.05.14 06:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.05.14 06:27:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2011.05.14 06:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.05.14 06:27:00 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.05.14 06:27:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2011.05.11 23:47:38 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2011.05.11 23:47:36 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2011.05.11 11:59:16 | 000,001,718 | ---- | M] () -- C:\Users\Michl\Desktop\Kuma Games.lnk [2011.05.10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.05.10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.05.10 14:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.05.10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.05.10 14:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.05.10 14:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.05.10 13:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.05.10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.05.10 13:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.03 18:30:53 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.03 10:23:01 | 000,018,453 | ---- | C] () -- C:\Users\Michl\Desktop\Combo Fix Fehler.jpg [2011.05.30 22:40:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.30 22:40:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.30 22:40:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.30 22:40:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.30 22:40:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.30 20:49:17 | 000,001,477 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk [2011.05.30 20:11:45 | 000,001,431 | ---- | C] () -- C:\Users\Public\Desktop\MagicTunePremium.lnk [2011.05.30 11:54:24 | 000,000,524 | ---- | C] () -- C:\Users\Michl\Desktop\Fraps.lnk [2011.05.30 08:31:59 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk [2011.05.28 07:21:35 | 4293,451,776 | -HS- | C] () -- C:\hiberfil.sys [2011.05.28 07:07:11 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011.05.26 17:19:51 | 000,580,689 | ---- | C] () -- C:\Users\Michl\Desktop\Typenschein Peugeot 206.pdf [2011.05.26 17:17:52 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.05.23 10:55:00 | 000,408,698 | ---- | C] () -- C:\Users\Michl\Documents\UPC.pdf [2011.05.23 10:55:00 | 000,389,945 | ---- | C] () -- C:\Users\Michl\Documents\UPC3.pdf [2011.05.23 10:55:00 | 000,380,536 | ---- | C] () -- C:\Users\Michl\Documents\UPC 2.pdf [2011.05.23 09:42:40 | 000,032,613 | ---- | C] () -- C:\Users\Michl\Desktop\Tastaturbelegung Witcher 2.jpg [2011.05.21 18:31:29 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk [2011.05.21 07:25:57 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2011.05.19 20:41:18 | 000,000,221 | ---- | C] () -- C:\Users\Michl\Desktop\The Witcher 2.url [2011.05.19 19:43:25 | 004,710,557 | ---- | C] () -- C:\Users\Michl\Desktop\The Witcher 2 Manual - German.pdf [2011.05.16 15:21:18 | 000,304,828 | ---- | C] () -- C:\Users\Michl\Desktop\Nirolift.pdf [2011.05.15 14:41:51 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.11 11:59:16 | 000,001,718 | ---- | C] () -- C:\Users\Michl\Desktop\Kuma Games.lnk [2011.05.09 07:20:43 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.17 21:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.01.24 13:32:41 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.12.02 18:32:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.08 15:39:07 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.09.04 15:58:30 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.09.04 15:58:30 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.09.04 15:58:24 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.06.28 14:31:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.06.28 11:49:09 | 000,000,091 | ---- | C] () -- C:\Windows\BsMobileModel.ini [2010.06.28 11:32:23 | 000,002,114 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI [2010.06.28 11:31:11 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2010.06.28 11:28:16 | 000,006,532 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2010.06.28 11:28:16 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2010.06.27 21:11:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI [2010.04.20 18:22:44 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 14:27:38 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.01.07 19:09:25 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\StrStorage.dll [2009.12.14 13:30:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.10.25 11:44:56 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.10.25 11:40:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.03 19:40:42 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2009.10.01 11:19:32 | 000,000,093 | ---- | C] () -- C:\Users\Michl\AppData\Local\fusioncache.dat [2009.09.21 22:03:47 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.16 15:59:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.07 17:01:45 | 001,562,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.08.25 16:04:29 | 000,001,086 | ---- | C] () -- C:\Users\Michl\AppData\Local\F1C3C386.il [2009.08.25 16:04:29 | 000,000,280 | ---- | C] () -- C:\Users\Michl\AppData\Local\IndexIE_F1C3C386.il [2009.08.22 10:44:18 | 000,038,423 | ---- | C] () -- C:\Users\Michl\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2009.08.13 09:27:24 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.08.13 09:26:18 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.08.11 17:19:36 | 010,452,992 | ---- | C] () -- C:\ProgramData\sandra.mda [2009.08.10 21:26:41 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.08.10 21:26:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.08.10 21:26:19 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.08.07 13:36:18 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2009.08.01 11:24:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.08.01 11:23:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.08.01 11:23:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.08.01 11:23:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.07.31 23:41:11 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009.07.31 23:41:11 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.31 23:41:11 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.07.31 23:41:11 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.07.31 23:41:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.07.31 23:41:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.07.31 23:23:24 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat [2009.07.31 23:23:24 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat [2009.07.31 23:23:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL [2009.07.31 23:22:09 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.07.31 23:20:53 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.07.31 23:20:53 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.07.31 19:45:20 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2009.07.31 18:55:58 | 000,001,100 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d8caps.dat [2009.07.31 18:55:52 | 000,001,356 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d9caps.dat [2009.07.31 18:51:34 | 000,057,344 | ---- | C] () -- C:\Users\Michl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.31 18:50:10 | 000,001,460 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d9caps64.dat [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.06.04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2009.06.04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2007.03.05 09:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE [2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.10.09 15:29:22 | 000,032,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys [2005.10.04 17:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL ========== LOP Check ========== [2011.03.19 18:07:28 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\.minecraft [2009.11.15 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Broad Intelligence [2011.01.11 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Canneverbe Limited [2009.08.20 08:41:47 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\EPSON [2009.08.05 18:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\GrabPro [2010.12.30 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\gtk-2.0 [2009.10.01 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\HEROLD Business Data [2009.09.14 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\IrfanView [2011.02.23 20:32:19 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Kalypso Media [2010.08.15 17:41:13 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\MAGIX [2010.09.26 11:59:53 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Need for Speed World [2009.11.15 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\OpenCandy [2009.08.07 11:08:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Orbit [2009.12.12 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\ProtectDisc [2011.02.16 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\RIFT [2010.11.15 20:51:56 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\runic games [2011.02.13 11:42:08 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SAMSUNG [2009.09.09 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SecondLife [2009.11.06 12:07:51 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SoftMaker [2010.04.23 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\TS3Client [2011.03.07 13:06:16 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Ubisoft [2011.06.06 12:51:51 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.06 12:46:05 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job ========== Purity Check ========== < End of report > |
|
06.06.2011, 18:50
| #21 |
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Deine Logfiles sehen schon viel besser aus.  Bevor wir zum Abschluss kommen, bitte ich dich meine Fragen von vorhin zu beantworten. Ferner interessiert mich, ob du nach der Abarbeitung der folgenden Schritte noch Probleme hast: Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{91137021-56FD-4E82-B018-BD0A45BD02C7}" =-
"{F4E3009C-9ED1-4B44-B464-C2E77F7C2206}" =-
:commands
[reboot]
Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Schritt # 3: Java deinstallieren/neu installieren
Schritt # 4: Wichtige Updates
Schritt # 5: ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\log.txt"
Schritt # 6: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 7: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
07.06.2011, 12:32
| #22 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 So M-K-D-B Zu deinen Fragen. Meine personalisierte iGoogle-Seite sieht jetzt aus wie das Pic welches ich dir beigefügt habe. Es kommt jetzt zwar nicht mehr serchqu. sonden die von mir angelgete Seite aber die Adds/Gadgets fehlen. Zu AVAST. Ich habe es nicht mehr unten auf der Rechten Seite als gestartet angezeigt. (Ebenfalls Pic) Wenn ich es manuel starte ist es auf einmal da. Pic 3 Da habe ich gleich mal ein Frage zu. Welchen Virenprogramm empfehlt ihr den? Nod32 hatte ich mal. Kaspersky Scurity habe letztes Jahr das Abo nicht erneuert. Nun zu deinen letzten Anweisungen. OTL Fix durchgeführt. Hier ist die Fix Datei: ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91137021-56FD-4E82-B018-BD0A45BD02C7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91137021-56FD-4E82-B018-BD0A45BD02C7}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4E3009C-9ED1-4B44-B464-C2E77F7C2206} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E3009C-9ED1-4B44-B464-C2E77F7C2206}\ not found. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.23.0 log created on 06072011_085328 MBAM durchgeführt. Hier die Datei: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6794 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 07.06.2011 09:08:49 mbam-log-2011-06-07 (09-08-49).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 185571 Laufzeit: 4 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Securitycheck durchgeführt. Hier die Datei: Results of screen317's Security Check version 0.99.12 Windows Vista (UAC is enabled) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Fire<awall Check: avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.3.181.14 Adobe Reader X (10.0.1) - Deutsch ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe ``````````End of Log```````````` Die Javadateien habe ich weisungsgemäss deinstalliert und die neuen installiert. Nun zum Onlinescann. Die von dir angeführte Eingabe funktioniert nicht. Die fehlermeldung habe ich dir als ESTET Fehler bzw. Onlinescann angehängt. Ich hoffe du kannst etwas damit anfangen. Die Scanns habe ich sowohl mit IE9 als auch mit Firefox gemacht und bin bei beiden zu selben Ergebnis gekommen. |
|
07.06.2011, 12:53
| #23 | ||||
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Schritt # 1: Beantwortung deiner Fragen Zitat:
Zitat:
 Eine Deinstallation und anschließende Neuinstallation könnte das Problem beheben. Zitat:
Avast ist ein guter Virenscanner.Security Suiten bremsen das System oft unnötig aus und bieten nicht zwangsläufig mehr Schutz. Zitat:
Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt # 2: ComboFix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücken. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt # 3: Systembereinigung mit OTL Als Nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 4: Programme deinstallieren/löschen
Schritt # 5: Adobe Flash Player aktualisieren
Schritt # 6: Windows Update aktivieren Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
Schritt # 7: Schutz vor weiteren Infektionen Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
Schritt # 8: Deine Rückmeldung Bitte gib mir kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann. |
|
08.06.2011, 09:32
| #24 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo M-K-D-B Zunächst vieeeeelem Dank für deine Hilfe! Habe alle Schritte wie von dir vorgegeben abgearbeitet. Beim deinstallieren von Combofix ist allerdings die Meldung gekommen das der Pfad nicht gefunden wurde. Guckst du Pic. Auch habe ich dir ein Bild vom Secunia Onlinescanner übermittelt. Da kommt die Meldung das es Probleme mit meiner Javaversion gibt oder geben könnte! Es tut sich auch nix wenn ich den Scannbutton drücke! Vielleicht magst mir da ja noch helfen. Nochmals vielen Dank. lg Oberonaut  |
|
08.06.2011, 15:40
| #25 | |||
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Zitat:
 Zitat:
Du erwähntest ja, dass du alle Schritte abgearbeitet hast. In der Regel wird ComboFix auch bei der Bereinigung mit OTL entfernt. Um sicher zu gehen, dass ComboFix wirklich vollkommen entfernt wurde, führe bitte diese Tool aus: Downloade dir bitte CF_UNINST.exe und speichere diese auf deinem Desktop.
Anschließend kannst du dieses Tool auch selbst löschen. Zitat:
Ich bitte um Rückmeldung. Vielen Dank. |
|
09.06.2011, 18:03
| #26 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Hi M-K-D-B Jetzt sollten wir fertig sein. CF Uninstall ist durchgelaufen. Java habe ich vorschriftsmässig entfernt und die angegeben Dateien installiert. Secunia hat 2 Programme gefunden welche ich sofort upgedatet habe. Vielen Dank nochmal. |
|
09.06.2011, 18:04
| #27 | |
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406Zitat:
Ich bin froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Möglicherweise Trojaner? http://www.searchqu.com/406 |
| antivirus, avast, combofix, converter, defender, desktop, fehler, firefox, firfoxfehler, helper, hijack, hijackthis, http://www.searchqu.com/406, ilivid, internet, internet explorer, logfile, mozilla, nvidia update, port, problem, scan, searchplugins, software, studio, svchost.exe, system, syswow64, trojaner, trojaner?, updates, windows |
Textbox.
Button.
Linear-Darstellung
