Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Avira" Trojaner/Virus und mehrere iexplore.exen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.05.2012, 18:44   #1
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Guten Abend, liebe Community,

seit heute Morgen öffnet sich bei mir ein verdächtiges Fenster, das sich als ein Update für Avira ausgibt. (Das ganze passierte interessanterweise nachdem ich einen merkwürdigen "Piepton" vernahm und ich einen Avira Virenscan durchführte.) Da der Text sehr verdächtig ist, habe ich natürlich nichts installiert.

"There is an important Updates for Avira Free Antivirus is Ready to Install.
It's Highly Recommended to Start Installation Now."

Man hat die Wahl zwischen "Install now" und "Remind me later". Drückt man zweiteres erscheint das Fenster 10 Sekunden später erneut. Ich bezweifle, dass mich mein deutsches Avira Programm auf englisch danach fragt und vorallem derart Rechtschreibfehler hineinbaut.

Natürlich habe ich vor dem Posten und der Anmeldung hier im Forum die Faq gelesen und würde auch liebend gerne zuerst Logs diesem Post beifügen doch habe ich Angst alles noch zu verschlimmern. Momentan sitze ich am Netbook und habe den PC vom Internet abgeschlossen. Denn nachdem ich den ersten Schnellscan mit Malewarebytes abgeschlossen hatte und zwei infizierte Dateien löschte und danach ein Neustart folgte, entdeckte ich anschließend im Task-Manager ganze 16 iexplore.exen deren Prozesse nicht zu beenden sind, sie erscheinen wieder neu, wenn man sie beendet. (Ich benutze IE nicht und hatte auch nichts geöffnet, es passierte automatisch, allerdings sind keinerlei IE-Fenster geöffnet, nur die Prozesse sind zu sehen.) Jetzt fürchte ich mich etwas davor wieder in das Internet zu gehen, um die Logs hochzuladen.

Als erstes wäre es also nett, wenn mir jemand sagt wie ich es am besten anstelle die Dateien möglichst "sicher", hier hochzuladen. Ich habe leider nicht so viel Ahnung davon und wollte mir zuerst einen Rat einholen und anschließend wäre weitere natürlich auch sehr nett.

Ein großes Danke schon einmal im voraus an alle, die sich meinem Problem annehmen.

Alt 12.05.2012, 18:51   #2
markusg
/// Malware-holic
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



hi
öffne avira, ereignisse, poste fundmeldungen,
öffne avira, berichte, poste logs mit funden.
öffne malwarebytes, logdateien, poste berichte mit funden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 14.05.2012, 12:40   #3
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.05.2012 12:54:44 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Kirelle\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,38% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,55 Gb Free Space | 44,64% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 121,71 Gb Free Space | 14,60% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 7,99 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive G: | 268,56 Gb Total Space | 231,39 Gb Free Space | 86,16% Space Free | Partition Type: NTFS
Drive H: | 9,99 Gb Total Space | 9,03 Gb Free Space | 90,40% Space Free | Partition Type: FAT32
Drive I: | 2,00 Gb Total Space | 1,99 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Drive N: | 1862,89 Gb Total Space | 881,47 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
 
Computer Name: KIRELLE-PC | User Name: Kirelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.11 15:44:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Kirelle\Desktop\OTL.exe
PRC - [2012.05.08 18:05:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:05:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:05:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Kirelle\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- D:\hamachi\hamachi-2-ui.exe
PRC - [2011.12.05 19:45:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.07.06 13:24:37 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011.06.21 03:18:57 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.06 13:24:37 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2011.06.25 17:18:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.06.21 03:18:57 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
MOD - [2009.11.19 14:10:25 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.04 17:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.08 18:05:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:05:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 09:12:08 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.25 16:01:40 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.05 19:45:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.13 18:07:00 | 004,121,080 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 18:05:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 18:05:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.20 14:56:51 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.12.20 14:56:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.02.05 22:50:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.11.04 18:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.28 07:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008.07.26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://plasmoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A E7 4E 65 A3 85 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {62DF0830-5D37-46B6-87A0-841A8B60EB6E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{62DF0830-5D37-46B6-87A0-841A8B60EB6E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/result.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\Haihaisoft Universal Player\Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\Haihaisoft Universal Player\Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
 
[2010.01.20 20:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirelle\AppData\Roaming\mozilla\Extensions
[2012.05.14 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirelle\AppData\Roaming\mozilla\Firefox\Profiles\yn0af9e6.default\extensions
[2011.04.26 23:02:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kirelle\AppData\Roaming\mozilla\Firefox\Profiles\yn0af9e6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 12:52:40 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-1.xml
[2011.06.30 10:23:49 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-2.xml
[2011.07.01 11:31:39 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-3.xml
[2011.10.17 17:33:17 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-4.xml
[2011.11.26 19:40:55 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-5.xml
[2012.01.04 20:06:02 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-6.xml
[2012.02.22 14:59:33 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-7.xml
[2012.02.29 19:44:39 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-8.xml
[2012.03.22 18:21:40 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-9.xml
[2011.06.22 14:51:27 | 000,001,069 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin.xml
[2012.05.14 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.08 18:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.09 17:20:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.09 17:20:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.09 17:20:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.09 17:20:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.09 17:20:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SCX3200_Scan2Pc] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kirelle\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Kirelle\AppData\Roaming\Microsoft Corporation\{4175EF9F-776E-430A-ABAF-11A5AC0715DF}\UpgradeHelper.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490DA6F7-2D9F-49D1-AE86-AFB6D870D849}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.21 19:32:46 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13317a17-1302-11df-a8a5-001d7d9b41ed}\Shell - "" = AutoRun
O33 - MountPoints2\{13317a17-1302-11df-a8a5-001d7d9b41ed}\Shell\AutoRun\command - "" = L:\Startup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2083CF5C-4F67-E02E-5BCD-BF6A2C989796} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.13 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 09:15:13 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kirelle\Desktop\HijackThis.exe
[2012.05.12 09:14:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kirelle\Desktop\dds.com
[2012.05.12 09:14:19 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\Kirelle\Desktop\ccsetup318.exe
[2012.05.12 09:14:19 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Kirelle\Desktop\OTL.exe
[2012.05.11 10:07:02 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Roaming\Malwarebytes
[2012.05.11 10:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 10:06:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 10:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.11 10:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.06 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Local\Kalypso Media
[2012.05.06 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Roaming\Kalypso Media
[2012.04.28 08:17:57 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Local\Risen2
[2012.04.26 07:53:40 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2012.04.16 18:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012.04.16 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\Documents\Dragonica
[2012.04.14 16:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonica
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 12:44:06 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 12:44:06 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 12:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.14 12:35:43 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.13 11:37:57 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 09:32:59 | 000,002,577 | ---- | M] () -- C:\Users\Kirelle\Desktop\Attach.rar
[2012.05.12 09:21:04 | 000,000,174 | ---- | M] () -- C:\Users\Kirelle\defogger_reenable
[2012.05.12 08:55:14 | 001,659,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.12 08:55:14 | 000,711,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.12 08:55:14 | 000,671,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.12 08:55:14 | 000,152,488 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.12 08:55:14 | 000,128,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.12 05:31:55 | 000,435,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.11 17:35:26 | 000,318,369 | ---- | M] () -- C:\Users\Kirelle\Desktop\HiJackThis.zip
[2012.05.11 16:55:52 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\Kirelle\Desktop\ccsetup318.exe
[2012.05.11 16:48:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kirelle\Desktop\dds.com
[2012.05.11 16:48:00 | 000,050,477 | ---- | M] () -- C:\Users\Kirelle\Desktop\Defogger.exe
[2012.05.11 15:44:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Kirelle\Desktop\OTL.exe
[2012.05.11 10:06:38 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.08 18:05:41 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 18:05:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 17:44:40 | 000,001,527 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.04.27 14:31:18 | 000,000,204 | ---- | M] () -- C:\Users\Kirelle\Desktop\Risen 2 - Dark Waters.url
[2012.04.26 07:53:40 | 000,000,674 | ---- | M] () -- C:\Users\Kirelle\Desktop\GDMO.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.13 11:37:57 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 09:32:59 | 000,002,577 | ---- | C] () -- C:\Users\Kirelle\Desktop\Attach.rar
[2012.05.12 09:21:04 | 000,000,174 | ---- | C] () -- C:\Users\Kirelle\defogger_reenable
[2012.05.12 09:14:20 | 000,318,369 | ---- | C] () -- C:\Users\Kirelle\Desktop\HiJackThis.zip
[2012.05.12 09:14:20 | 000,050,477 | ---- | C] () -- C:\Users\Kirelle\Desktop\Defogger.exe
[2012.05.11 10:06:38 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.06 16:28:26 | 000,001,527 | ---- | C] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.04.27 14:31:18 | 000,000,204 | ---- | C] () -- C:\Users\Kirelle\Desktop\Risen 2 - Dark Waters.url
[2012.04.26 07:53:40 | 000,000,674 | ---- | C] () -- C:\Users\Kirelle\Desktop\GDMO.lnk
[2012.04.06 19:53:24 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.03.26 12:18:21 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\2BDD665219.sys
[2012.03.26 12:18:00 | 000,001,056 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.01.08 19:17:41 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.01.08 19:17:22 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2011.12.05 19:45:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.05 19:45:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.28 01:30:39 | 066,911,894 | ---- | C] () -- C:\Users\Kirelle\AppData\Roaming\.minecraft.rar
[2011.07.17 21:22:48 | 000,000,028 | ---- | C] () -- C:\Windows\MyActiveX.INI
[2011.05.22 15:50:10 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.05.18 19:45:41 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\DATA.INI
[2011.02.23 15:22:23 | 003,417,600 | ---- | C] () -- C:\Windows\singles.exe
[2011.01.27 00:15:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2010.12.21 16:39:18 | 000,000,095 | ---- | C] () -- C:\Users\Kirelle\AppData\Local\fusioncache.dat
[2010.12.20 22:17:47 | 001,555,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.28 21:13:17 | 000,036,864 | ---- | C] () -- C:\Users\Kirelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 12:17:48 | 000,152,552 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== LOP Check ==========
 
[2011.12.10 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\.minecraft
[2011.11.27 17:15:09 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Bioshock2
[2012.05.13 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\DAEMON Tools Lite
[2011.06.04 09:57:23 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Dragon Age Toolset
[2011.04.26 23:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.12 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Haihaisoft
[2009.12.12 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Haihaisoft Universal Player
[2012.05.07 23:54:33 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ICQ
[2010.08.21 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\IrfanView
[2012.05.06 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Kalypso Media
[2010.04.17 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Leadertech
[2011.08.05 20:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Lionhead Studios
[2012.02.09 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ooVoo Details
[2011.06.27 11:34:35 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\OpenOffice.org
[2009.12.12 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Opera
[2012.03.10 01:09:57 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Origin
[2009.12.25 01:39:59 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ProtectDisc
[2011.12.05 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\PunkBuster
[2011.11.14 17:06:59 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\runic games
[2010.01.16 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Secret of the Solstice
[2010.09.18 16:45:08 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ShanghaiAlice
[2011.05.22 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\SoftMaker
[2012.05.13 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\TS3Client
[2011.05.16 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\XMedia Recode
[2012.03.16 18:42:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.20 14:47:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.12 16:48:54 | 000,000,000 | ---D | M] -- C:\ATI
[2011.06.23 17:39:18 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.08.04 23:42:57 | 000,000,000 | ---D | M] -- C:\data
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.12 15:06:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.13 11:37:56 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.12 10:08:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.05.11 10:06:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.12 15:06:55 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.12 15:06:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.05.14 12:57:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.12.12 15:07:05 | 000,000,000 | R--D | M] -- C:\Users
[2010.07.03 15:01:43 | 000,000,000 | ---D | M] -- C:\VXIPNP
[2012.05.14 12:35:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.12 09:21:04 | 000,000,174 | ---- | M] () -- C:\Users\Kirelle\defogger_reenable
[2012.05.14 13:02:19 | 003,407,872 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT
[2012.05.14 13:02:19 | 000,262,144 | -HS- | M] () -- C:\Users\Kirelle\ntuser.dat.LOG1
[2009.12.12 15:07:08 | 000,000,000 | -HS- | M] () -- C:\Users\Kirelle\ntuser.dat.LOG2
[2009.12.12 16:16:57 | 000,065,536 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.12 16:16:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.12 16:16:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.12.12 15:07:08 | 000,000,020 | -HS- | M] () -- C:\Users\Kirelle\ntuser.ini
[2011.07.14 16:16:19 | 000,008,126 | ---- | M] () -- C:\Users\Kirelle\story2.rtf
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2010.03.24 14:05:12 | 000,048,640 | ---- | M] ()(C:\Users\Kirelle\Documents\Antik?rper.doc) -- C:\Users\Kirelle\Documents\Antik￿rper.doc
[2010.03.24 14:05:12 | 000,048,640 | ---- | C] ()(C:\Users\Kirelle\Documents\Antik?rper.doc) -- C:\Users\Kirelle\Documents\Antik￿rper.doc

< End of report >
         
--- --- ---
__________________

Alt 14.05.2012, 12:42   #4
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.05.2012 12:54:44 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Kirelle\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,38% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,55 Gb Free Space | 44,64% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 121,71 Gb Free Space | 14,60% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 7,99 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive G: | 268,56 Gb Total Space | 231,39 Gb Free Space | 86,16% Space Free | Partition Type: NTFS
Drive H: | 9,99 Gb Total Space | 9,03 Gb Free Space | 90,40% Space Free | Partition Type: FAT32
Drive I: | 2,00 Gb Total Space | 1,99 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Drive N: | 1862,89 Gb Total Space | 881,47 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
 
Computer Name: KIRELLE-PC | User Name: Kirelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02133806-AFAC-4556-BBEC-1DA67C0B5463}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0629BD2E-7AD3-43AF-B6ED-D590E35E1F2F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{099F73C0-E788-4BDF-A852-B3EE483E2BCC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0F0FEB51-4615-4FF5-BBA8-062B0D2C640B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{138DB89F-4501-48CA-BBB3-2374D0DFCAE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21F61A77-1701-45BD-9E31-D17633659AB2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B60AEC6-C5BC-4656-894F-758456F51BEB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35FD8EC9-698C-4303-ABB0-E5C47BA1F5DB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{45BE0117-E7B3-45D5-B6EB-8694317E53A8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{47C7D545-903B-46D9-AE71-8B17C5468727}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4E7C8C91-8C79-4D09-B1B4-55449E722F8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B58BC6E-7E78-42F9-AA83-AA9257AE6619}" = lport=49326 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5F816154-3614-421D-B559-8653229415FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{675AC613-877B-44E5-8238-F22197CCE5CC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6C07EBBA-2987-41C6-84D0-81E967B57B51}" = lport=137 | protocol=17 | dir=in | app=system | 
"{78CBBEAC-CC74-4757-8EF7-0610F11FE8AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7DFFA8A7-0FC6-4A60-A41F-53A9BE336C09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{835228F1-D4D0-488C-B5FC-AFD9F918A849}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{93C7F896-1962-409E-B641-6C155B36E93E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A2DE3F34-BE30-4C0F-A5BB-2AAD342F808D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A3BF5AA6-618E-41C4-BBD3-6B07D93D8623}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2184377-B5B6-48F4-8FA2-C3975BE944A5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD724E9D-A32E-43CD-BBBF-4EEC9F2B2436}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0AB4EDA-CE5B-45CE-9E37-5BB2C685D063}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C6C79E9D-81F4-4D32-9E79-A21010A8B241}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CECEA6A5-0179-40DA-8F5A-989A468F07A8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D2E7FE14-1FD1-4648-98EE-AAF624EE0C7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4FD9E1B-95C6-4387-8D3F-48B401214783}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7884199-11DB-4768-A0D7-004726441D88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DA71BD44-4A0A-4CF5-95C7-BDFC65FD275C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E5C0828A-C560-4498-BB3F-2C39BBA6D17E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E604F8D9-F02B-422E-A616-3CBA6215D2D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E97E85D2-329D-4759-B8BC-5C019E7011E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED8F0185-AE25-4F3C-916E-10344E0A14C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F4EBC9D8-6EAC-4527-8BD0-A660DA2A4612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00231896-92B1-455A-B726-F6AB4CA98C6A}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\dragonagetoolset.exe | 
"{0090FF6B-F8BF-4AC7-86EC-0A1206B7AE95}" = dir=in | app=d:\skype\phone\skype.exe | 
"{015316B0-C9EF-4E70-BD66-DDCC17BA0671}" = dir=in | app=d:\skype\phone\skype.exe | 
"{02271A86-BEA5-41AF-A737-C2C615A4B504}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\uplaybrowser.exe | 
"{022CC925-5C22-47DC-866B-DC7242CEA979}" = dir=in | app=d:\skype\phone\skype.exe | 
"{02D2A215-19C0-4CD9-AED7-E611F610DDCF}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{02DAFBA5-3D7F-4718-B1DF-55A8861E7303}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0481EE7A-D521-4801-BF28-34AFF51E6D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{04C1B3E4-F66E-4FA3-AE8A-8DF49C366C4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{04E814A6-8F0C-49BA-BE8A-F20B998656E8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0649D88F-4AE9-4CF3-A674-76C94D00C6AE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{06AC79FE-5EA8-49E8-8BAB-EF4DB3463E70}" = dir=in | app=d:\skype\phone\skype.exe | 
"{08DA48ED-6B1C-447C-BA9A-D4EF503C7389}" = dir=in | app=d:\skype\phone\skype.exe | 
"{09D48C27-9BC3-43D2-857A-C041374DD749}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0A98867F-B041-45E1-B021-5264255CFD2D}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | 
"{0ACF16BC-7877-4857-98D1-A0A8A5876B88}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0B69A8AD-6CFA-46EB-A990-065AA64EC9EE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0C69C0C0-96A8-4867-BEB3-13D568A996D1}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\acbmp.exe | 
"{0D6BD79E-0CD2-46DE-9317-645388BC2E6C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0E6FE280-09A2-4675-A959-741E350270C3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{0F2F75E9-C96D-47A1-852A-E2676A81A877}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0F5C4B0E-4691-486A-8501-0A6F33D4DC57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F8FA134-C6FD-4382-9638-F4E9E990AF02}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{0FC29CCB-10EF-47FA-A57F-087375EC21B0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{103F0C5D-6F39-4D4F-9030-F40AA3E724AE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1065CE45-17C3-469B-AD23-756A92CA33AF}" = dir=in | app=d:\skype\phone\skype.exe | 
"{116F51EE-B0DC-42B1-AC8A-23B95B13BA2D}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\erfeditor.exe | 
"{122FDF3E-9935-471E-9BBA-BC11E7CB93B6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{12453226-0A46-4E89-808F-E0ED1CC1715E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1485A061-FD1F-418D-A495-7B6DB522A8BA}" = dir=in | app=d:\skype\phone\skype.exe | 
"{156398B4-03AA-4173-A249-4C332309C904}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{15D1364B-72EF-48C6-A043-340593DDF935}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1667B6F0-DBE3-47F9-BFA7-70E8329255B1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{16A4709F-6A69-4F51-82F1-66165AA9F780}" = dir=in | app=d:\skype\phone\skype.exe | 
"{16AD232D-FD8E-46EB-AE55-9B889098FD4C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{17126C1D-5E5A-44FC-8BC1-4526F13E6930}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"{1729F266-7BAF-4C5B-BF41-3AC4014132B2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{178395DF-5760-47CF-95B1-F47955DEEBE8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{187DF2E9-7A8B-40E1-BE29-9896720AE643}" = dir=in | app=d:\skype\phone\skype.exe | 
"{190B442E-91BF-49C5-BE39-C2D5A16670CB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{19861038-E201-4850-8989-E7936D5E2429}" = protocol=6 | dir=in | app=d:\games\civilization 4\warlords\civ4warlords.exe | 
"{19B16ABF-10A5-4ABF-85C1-3A5F20056274}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1ABFD90A-2164-41B0-BFD4-440079F92B36}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1B6CFB35-B8F0-48E1-9CCE-6FB9F5F7781E}" = protocol=17 | dir=in | app=d:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{1B7330E3-F905-487B-91C6-A4B4CEBAD4A8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1C213E0E-2384-4054-8AF0-265E7D70740D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1CA533F2-1B6F-4C32-AE4D-917B4387CF9E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1CC38FBF-846A-4B07-B07C-B23708BD00FC}" = protocol=6 | dir=in | app=n:\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{1D52A436-C79C-4EEF-815B-483B9415CFE2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1D9EDAEC-B51D-484F-8765-00709E8C9B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{1E24EF80-F208-459E-BABA-0931D6077DA6}" = protocol=6 | dir=in | app=d:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{1E2F97F9-9ECA-4BFF-8B60-C613310E4D1B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1E727FF5-8603-4B39-B297-2D5B4BA4DC8C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{1EA78BF8-CFAB-4BCE-BAC3-D77136459558}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{1FDFE605-571A-46AE-AA58-1C1EEE225130}" = dir=in | app=d:\skype\phone\skype.exe | 
"{209C78EA-4D49-497C-B7BA-0A6F7260BCA2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{212DEAE2-A286-41F2-99F5-BAC5C53DF52C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{21C54DA2-504E-4BF7-889A-0A0FA61BF5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{220301F4-9374-46E9-A2BE-73FF9B7EACCE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{22EFDEB5-F2BA-4FE9-ABA3-42AAA24A2EEB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2376EAF3-7333-404D-9305-B80B8EAB3E14}" = dir=in | app=d:\skype\phone\skype.exe | 
"{240217FE-042A-4228-BFF1-AD37C1CFA604}" = dir=in | app=d:\skype\phone\skype.exe | 
"{25FE8329-325A-404B-BBC4-566A7365D937}" = dir=in | app=d:\skype\phone\skype.exe | 
"{26B1BB18-D01E-4EE0-AB88-319F5875BFDD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{27BAEA84-EDBC-49CA-89CA-987107142BD0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{284933A2-BAED-4B9E-817C-89F141FCBE20}" = dir=in | app=d:\skype\phone\skype.exe | 
"{28757887-A514-4E51-8FDB-BD366EC5B784}" = dir=in | app=d:\skype\phone\skype.exe | 
"{28F9E27A-B652-41B8-B107-BE9A311E28DB}" = protocol=17 | dir=in | app=d:\games\age of empires\empires.exe | 
"{2903F92C-00D2-47E4-9247-E5881EF04DC5}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2913D41D-37F2-4406-BC13-2F4A004AEC2D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2916500E-F103-44B8-B675-CD1E966898A2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{297D7E26-E23D-4B36-A632-F2A5007EF23A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{29AEBCE2-0DCE-4E9B-966A-90CFC003E7A8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{29E9DCB4-AB7A-453B-B482-1966160FCB1F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2A7BC8A3-1B11-41BB-ADA6-A4953E9D451C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{2A8996DE-4ACF-415B-9F04-94FBFF85455A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2B414818-A13E-4A3C-99A5-ACB997647381}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2C132EEA-5310-4CBC-923A-C91E9E3F765D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2C1D831E-C319-48CA-BCC2-7C76FF72147D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{2CD3F24E-3452-4D66-B91B-20F93A24F76C}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe | 
"{2CF144A6-FFF5-4B02-AB88-3942E56A0EBB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{308E70B5-E882-440F-ACE4-590811D2D49B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{315FFA11-C9A4-4960-9553-8B33DF38E29F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{31830643-32CF-44A9-B4AC-BF68559B253B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{327B49C5-D62D-4A2D-B82A-99FCD843D516}" = dir=in | app=d:\skype\phone\skype.exe | 
"{32B89411-F710-4919-8701-A1174FAD8C27}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | 
"{335A7E9B-DCD0-4897-93A8-23375542052B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{339CF960-27F4-4921-B23F-4723810DC9C3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{341C368C-EED8-47E8-BD78-9D60821BEBF3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{346B75A2-0F04-462B-9D28-D076D0301E76}" = dir=in | app=d:\skype\phone\skype.exe | 
"{34B81498-920F-4055-A784-253EDF17595B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{34DBFB61-A040-437C-A53F-13E1C18CDFD5}" = dir=in | app=d:\skype\phone\skype.exe | 
"{35C3A619-EAB1-4054-9B84-DB42A7F0863D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{36A68F05-324B-4E29-A5E8-0E3B0BF977A0}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\erfeditor.exe | 
"{36ADF35C-FAEC-43D1-B710-102DC7F294E8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{36BEAA81-D8D1-4F30-9F4B-AA6D560335F6}" = protocol=17 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe | 
"{3713C393-567E-4687-BF99-7070B966F43A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{377BF6EF-057D-4E93-81CD-B729BCC911E9}" = protocol=6 | dir=in | app=n:\portal 2\steamapps\common\risen 2\system\risen2.exe | 
"{38661FE1-7DE3-46FF-A94E-0BB16DCC4502}" = dir=in | app=d:\skype\phone\skype.exe | 
"{38F553BF-0AE3-4A31-99F7-0EB405CA0814}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe | 
"{38FDC4C5-ADB5-480C-92B0-3E2368E49ABE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{3A249DA8-4D58-40DA-8005-D1D4D52071C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{3A8CF2EA-1C3E-436B-8D03-988ACF003421}" = dir=in | app=d:\skype\phone\skype.exe | 
"{3AFF7AC4-2335-4C3F-B60D-0123B8841BF4}" = dir=in | app=d:\skype\phone\skype.exe | 
"{3B6C7D06-0922-4DCB-A779-52689EB04765}" = dir=in | app=d:\skype\phone\skype.exe | 
"{3BC7BBC4-5B48-4549-9A5F-DC1B50E9961C}" = protocol=17 | dir=in | app=d:\games\civilization 4\beyond the sword\civ4beyondsword.exe | 
"{3BD68951-DC2C-4A8D-AF97-24B9A7B27144}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe | 
"{3D293682-6982-4026-8B46-CCE60CB1BCDB}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe | 
"{3D9210B8-6655-415A-96C3-14C98FC2276E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3DE63980-3B4F-4CA1-A987-92CD6E7515C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E5E2BA3-099C-40A1-9929-6B3D4CB241E1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{3F020EF2-D857-4D75-B24B-C190989BF965}" = protocol=17 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe | 
"{3F27E3F8-0F1F-422F-8F4B-7963429CCD13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40139B6D-4D7B-4412-8093-204DAB310E74}" = dir=in | app=d:\skype\phone\skype.exe | 
"{402A0394-4681-4B25-8483-D310A9A323AE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{418DCDD5-AD84-44D7-A3CC-E436EB0C31B9}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\lightmapper\eclipseray.exe | 
"{421AE707-6656-4C23-A910-FB2EE8BED323}" = dir=in | app=d:\skype\phone\skype.exe | 
"{425BA976-F3C6-4B01-AB00-050A58D68465}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"{4272F673-51C0-4EFB-B904-05817E2E1CEE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{42E04A4F-6618-438D-8406-5D834FA410D2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{43208C98-CB70-46CB-8D9A-69C64E8BD221}" = protocol=6 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe | 
"{4375138D-7801-4A65-A4EA-09448A17BF6E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{43BA411F-7E23-4ED0-A8E7-24F69870A14A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{44A34DB3-CE65-40EA-87BD-1625F01C71FB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{451DFED2-6346-42FB-B8BF-F40E7A11DD7A}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe | 
"{46C304BB-B0FD-4053-A5C5-ECB683D2CDC4}" = dir=in | app=d:\skype\phone\skype.exe | 
"{474F0BDB-3A27-43F6-864D-B27F55DE0A77}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4856C848-19CE-4530-A02D-D82BE53119C9}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4896B269-7494-4FF8-B07D-6901756A2070}" = dir=in | app=d:\skype\phone\skype.exe | 
"{48C9D3AB-3F5C-4E04-A583-CC6A72A315D9}" = dir=in | app=d:\skype\phone\skype.exe | 
"{49C9E716-0C89-4FE1-AB82-4CDC254C9DC7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{49F541B3-54B9-47A9-856F-45430BF1AD3B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4A583123-BD51-4E34-B21A-FBC24B897ABA}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4AE0E348-5AE5-4FA8-8833-B5A0C18C6747}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4B1F0B5C-442C-47BA-B672-B12A657F8BCE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4D589A1D-1DFC-46AD-B7EE-5C27FCBB4BF9}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4DB521D8-0114-4D74-8540-63DD849EA33C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4DBDDBF8-CA71-4268-BF2C-13D0FCC70F4A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4E101FD8-E368-4353-AA86-092FF6DB879F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4F301B7F-CE72-48BF-85B4-58EC57EC47CD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{4F913B5D-B949-40B1-96A5-FCD5D8424974}" = dir=in | app=d:\skype\phone\skype.exe | 
"{51FAEF3A-BF34-4425-8E66-484AB1199D5A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{55837C12-2A9E-47A6-8A94-0B5E0A43CACE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{55B7D609-3867-45CD-B589-73889C918AED}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{57DC1E1A-6733-42F3-9091-873B0316CAC7}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"{58D58C67-5304-4F89-9838-459E69EBEF9C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5928ABE5-82CF-44B1-9104-6DA5B9735936}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5933F271-92B4-4F3C-88B4-92D61CBFA5DE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5973B929-1161-4D91-8AFD-A65916748E9E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5AE9E334-2660-4C2C-BF7B-BD79A8C84EAB}" = protocol=17 | dir=in | app=n:\portal 2\steam.exe | 
"{5C0C53B9-F00C-4FB1-8726-7935703C6739}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5CDBB38E-0B36-455F-84C1-121B782314F8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5E9AAF13-F3FC-4C67-8DA6-2B59AF8E7D91}" = dir=in | app=d:\skype\phone\skype.exe | 
"{5F234758-D6E3-4840-8264-E2C24B4F66A8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6011772D-B789-4028-9B73-9AF6221A9F25}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6055E635-4958-4F77-9F4B-CDDD9140A14E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60AD3584-E966-4C77-BC1B-35CEB8FC09BF}" = dir=in | app=d:\skype\phone\skype.exe | 
"{60C73F46-7DE2-4644-9A25-B0F95D27394B}" = dir=in | app=n:\port royale 3\portroyale3.exe | 
"{62C62772-F0FC-4555-86D1-3001E1566C24}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6358B7E5-ED37-45C0-BED8-7A6FEABAA943}" = dir=in | app=d:\skype\phone\skype.exe | 
"{63945C05-9CA5-4483-9BC1-0E8470ADD162}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6544E09A-034C-4DD4-A473-5E5971ACB3E6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{65EAE8B7-AE60-4072-86D0-FF89E7B9B1D1}" = protocol=17 | dir=in | app=d:\games\secretofsolstice\sosclient.exe | 
"{6614013F-4FA5-4FAE-8920-1B5FC2FB9E69}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6663E1D6-F5CE-4614-BAF7-BAF03A9F3A39}" = protocol=6 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe | 
"{668089D8-5CDB-4D2F-A02C-EFA9D2C7C4E0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{668C3DC8-27A8-4E23-847C-69F5A4C2CF64}" = dir=in | app=d:\skype\phone\skype.exe | 
"{670C5870-1B4D-4E0B-862A-6C812CD91230}" = dir=in | app=d:\skype\phone\skype.exe | 
"{67AD1634-FA98-4114-B7AA-858C22DB1CC0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{67FBB088-3EB8-438E-9E4F-87D645E04417}" = dir=in | app=d:\skype\phone\skype.exe | 
"{68326734-8888-450E-9F9F-BC642F33C775}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6873083A-8867-4CF3-9E05-F5E099389ACA}" = dir=in | app=d:\skype\phone\skype.exe | 
"{68A3A1D3-7616-4C10-93B3-4489BF84B8D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{68AAC4D2-960E-436D-89A7-2B349F2730AC}" = dir=in | app=d:\skype\phone\skype.exe | 
"{690CF7B0-B562-4155-BB09-BA5E87614565}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\rpu.exe | 
"{690F12FB-B0CC-4A78-87FA-91246470CA6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{694A68CA-EDC0-433E-A597-C3C1F7C9284A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{69530313-433C-4FE5-9E72-13B3DF16F363}" = protocol=17 | dir=in | app=c:\program files (x86)\haihaisoft universal player\hmplayer.exe | 
"{6969EDEB-21EC-45B1-9545-11542D6D1EE7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{69EC6E4E-38D5-45E4-A01C-EF24B357D464}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"{6BC4A477-765A-4114-85EF-96D3CF8B35B3}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\uplaybrowser.exe | 
"{6C1D2F13-1936-4619-A875-A62C6DA72A4B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6D685BF3-E335-4C3B-9755-56C658F44A62}" = protocol=17 | dir=in | app=n:\portal 2\steamapps\common\portal 2\portal2.exe | 
"{6D8CCDD2-C176-4A5C-9057-D72BC20CA3C1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6E305782-7A9D-4A20-8407-13C90B11B883}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E868AD0-6AFB-4497-81D2-02DEB3D37AA1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6EF1C134-C5FF-4EF0-A461-059670E8A8E5}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\acbmp.exe | 
"{6F06F740-A92E-413D-9241-4816E31DE91E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F28D66F-A5D9-4CFE-85DF-27D8C681A1A7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6F499FD2-EF01-4DBB-A030-0C1E9FFB96D6}" = protocol=6 | dir=in | app=n:\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{6F6C3799-D7AE-4E5A-A74D-150A4B789F97}" = dir=in | app=d:\skype\phone\skype.exe | 
"{6F727EB0-1D1A-404E-9865-B4DCF30C8F9C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{7010282E-E45E-47AB-A247-C238E00EFD40}" = dir=in | app=d:\skype\phone\skype.exe | 
"{703E60FD-C890-4A3A-8BE0-EAC2F6723585}" = protocol=17 | dir=in | app=n:\portal 2\steamapps\common\risen 2\system\risen2.exe | 
"{7057EFC3-09AD-48C8-88F2-CD1CF9F1805E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{70E79ECA-5C23-42DC-ACE7-C87A325517F0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{71DEB212-93A2-4D1A-BBAD-64A5A114F237}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe | 
"{72584C1E-90BE-475D-8BC3-20DE093710AA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{72616059-B028-462E-A7C1-203B2DCF5813}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"{729B041E-C37A-4BBF-A2E8-8CE5621B0CFC}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\gffeditor.exe | 
"{72F7D1AB-6007-4F41-8E79-8691CD9A1DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{73FDB828-DFEF-4136-8E7A-A667E8A62555}" = dir=in | app=d:\skype\phone\skype.exe | 
"{7491F562-DCE3-4268-93DF-9176077E6B02}" = dir=in | app=d:\skype\phone\skype.exe | 
"{75D1696E-F028-4738-8CBC-D40A96AB9558}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"{76B76B2F-C85F-4F9A-A7E1-1F445CD862A5}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\gffeditor.exe | 
"{76CD9E1E-6F46-401D-B510-7801ACD5C126}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{76DA7E96-E40D-40DC-9742-E2BD172490EB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{76DDCA7D-29E6-4F5A-9730-550EF237FFE7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{78ED6893-13C2-456A-A50B-07912D9DB42C}" = protocol=17 | dir=in | app=c:\users\kirelle\appdata\local\akamai\netsession_win.exe | 
"{79274D4D-7AA0-4C71-9BD5-2A2D2F5B4BD0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{79740063-B9EB-40FD-A012-228B3E4EFE58}" = protocol=6 | dir=in | app=n:\portal 2\steamapps\common\portal 2\portal2.exe | 
"{79B89332-E2AD-48BD-B75D-CBF063A66333}" = dir=in | app=d:\skype\phone\skype.exe | 
"{79DE50F3-AD9C-4CA7-91AC-A6FC67AC7320}" = dir=in | app=d:\skype\phone\skype.exe | 
"{7A6D9D7D-BFAC-442E-8690-4B4DD247B796}" = dir=in | app=d:\skype\phone\skype.exe | 
"{7ABA68A2-D7CF-4604-B691-7A3D414CD93F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{7AE9178E-1692-4B1C-835F-438D9F8FDB06}" = protocol=58 | dir=in | app=system | 
"{7D05E633-12A6-4DE3-8974-76160FF5839C}" = protocol=17 | dir=in | app=d:\games\civilization 4\warlords\civ4warlords.exe | 
"{7F2BFA55-DE91-409C-B92C-9FBB18C2B273}" = dir=in | app=d:\skype\phone\skype.exe | 
"{7FA56E46-65D2-4ACB-8262-76F8EE33A078}" = dir=in | app=d:\skype\phone\skype.exe | 
"{8012EA63-2A9A-427C-A4D3-9DB3F800CB09}" = dir=in | app=d:\skype\phone\skype.exe | 
"{8032807E-21BF-4F19-9C6E-4A3B985A39B8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{80601A5D-523F-47E8-A03D-A91DF51BDA13}" = dir=in | app=d:\skype\phone\skype.exe | 
"{80B770F1-BB55-4D5D-B301-988288FE0841}" = dir=in | app=d:\skype\phone\skype.exe | 
"{835CD0D8-2F95-4623-A249-BF463285C5F7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{83623DC5-4634-46D0-807E-7CE362F79CA6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{839DCA55-22E3-440B-991B-5AE3DD914112}" = dir=in | app=d:\skype\phone\skype.exe | 
"{8444C08E-5457-48B4-9375-48E603DF22B7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{85054250-BBA5-4E58-A90C-611A2BA4CE76}" = dir=in | app=d:\skype\phone\skype.exe | 
"{85A82670-A2F7-4107-B545-D9702D16B0BE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{85EE2412-8BC8-4E46-9432-EFDE6102E5AD}" = protocol=17 | dir=in | app=d:\games\dragon age 2\dragonage2launcher.exe | 
"{87210C4E-4590-4818-A599-8117988D1B3C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{874BBC86-6689-47F0-9F9F-32E603C3E208}" = dir=in | app=d:\skype\phone\skype.exe | 
"{875A79CA-2EF2-45DB-BFCF-B066A7EDB264}" = dir=in | app=d:\skype\phone\skype.exe | 
"{87CA4A55-C7D4-450E-A12F-943925002159}" = dir=in | app=d:\skype\phone\skype.exe | 
"{881A2E30-B483-4D0F-9BAE-199C4DB3F551}" = dir=in | app=d:\skype\phone\skype.exe | 
"{885AE3DA-207C-4C5F-8B5D-846C63B601B1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{893609CC-AE14-4A25-B127-75D3C99D27CC}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{89908234-A3A5-4346-A0AA-B445655D3740}" = protocol=6 | dir=in | app=d:\games\age of empires\empires.exe | 
"{8BAD78DB-E5A6-42CD-B3C9-922A27FB7F9C}" = protocol=6 | dir=in | app=n:\portal 2\steam.exe | 
"{8DB28B67-83F8-4466-8CE1-4A5A77115629}" = dir=in | app=d:\skype\phone\skype.exe | 
"{8F7A5575-7943-444C-9FA3-4FB5DE7AF54E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{90816646-CAA0-4F71-9A0C-4927E0829689}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9093BC51-B185-49C4-9B42-2BA0D31C17B6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{91578976-12A1-45FF-8911-24076E88FED8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{915ABA3E-87E1-4157-BC33-A16F1EAA9312}" = dir=in | app=d:\skype\phone\skype.exe | 
"{92015D14-4D39-48E1-A222-BEF2879DC500}" = dir=in | app=d:\skype\phone\skype.exe | 
"{920FA46D-62ED-4D03-A63F-689912210AF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92425BAB-D929-4F59-91E5-9E6B646FC3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{92BD854B-B34D-427C-A65A-2F6B0D5739AD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9368391E-E299-4260-99D1-8068CDC05FD4}" = dir=in | app=d:\skype\phone\skype.exe | 
"{965AF936-04C5-4029-8D2F-A22C5928D7CE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{98B7152D-F089-43B7-A835-4033E8FDED98}" = dir=in | app=d:\skype\phone\skype.exe | 
"{99653123-5E59-4D63-8FC5-12FE4BA2EC08}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{997E2E1A-4C39-4B38-AF9D-C1DE0970D9F7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9A453A44-C362-49F7-9492-FD6DE4CEA995}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9AAFE260-F598-4E37-86C8-50156C6658A4}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9B777565-C9E9-4A41-847F-F91EA48912AF}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9D1149EE-4C42-4513-B1C8-8937CD299596}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9D778FEE-56F2-4337-BE0A-35BF24A06BF6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9DAF7689-D5A4-4D6E-8D98-84EBBF2F7A46}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9DFE4002-1D4D-4822-9379-B68BA9B962AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9E73FD0A-719D-4B2B-BFE0-FE569DFA443A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{9EA23BCA-D865-4475-B159-5CA7B620256C}" = protocol=17 | dir=in | app=n:\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{9F183F88-70A5-4B93-8A85-9D53101433AD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A015884F-D684-48DC-9E61-AD62E69A3992}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A04353A2-98A9-465A-BCC1-3D5A46DEA45D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"{A0A42BA7-898E-4D90-B792-63F58E250DEF}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A175FE13-E575-4080-96AC-260AB00792A5}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A18B0BE0-9802-411A-9DB1-41EB60462690}" = protocol=6 | dir=in | app=d:\games\civilization 4\beyond the sword\civ4beyondsword.exe | 
"{A211D630-4664-4645-AE56-AEC24D393083}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A256ADAF-D636-4712-B07A-315FB405AFCF}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A27600F3-10BF-4108-AC65-CBD2E5C7CBC7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A37C77A6-A49F-49A8-828D-102C4B5BE579}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A38A9F1F-32BB-47A5-AD07-5D39EA9E0E03}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A3986E90-DCC0-4A06-98BC-7F7F58F91BD8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A5A07D1D-2D5E-452D-847D-0CC9FDD8D589}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A5D1A2F9-B474-4EB2-B16B-9F811D5F5533}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A6F2C4FC-6911-40D6-8F39-88EA2A37BC1C}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"{A76A03B1-CA70-4F04-A0D5-7D14F1A4BBBB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A7E1EA21-E428-44BD-BF7D-4E425E5BE7BF}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A876C6B5-5D9A-4615-9E8B-80DAD5D2CD4F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A88F7E4F-021A-4A38-BFA4-637A5FD9ECA9}" = dir=in | app=d:\skype\phone\skype.exe | 
"{A97B8BE2-7140-4892-B497-B862C3ABE1F1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{AB29691E-828B-403C-A100-F38568AE0585}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe | 
"{AB2AF849-1A47-41C3-8F61-3CF24D2C3704}" = dir=in | app=d:\skype\phone\skype.exe | 
"{AB2DB52C-FB08-415A-A614-0B43CC28C239}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB57A4D0-4F60-430E-824D-00F8A0634AA0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{ABCAEA93-2DC7-4555-B1D6-AC6E05AFF3EC}" = dir=in | app=d:\skype\phone\skype.exe | 
"{ABD09E14-FE22-498D-9A6F-4BC754C084AA}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\acbsp.exe | 
"{AC1D2D6B-B0C5-44D4-A5E6-83D8EE0A85B3}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"{ACE92A35-02D0-4DD4-A981-C019B63E1EA7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{AD569C7C-5A62-49DE-BEB7-2D2599BAE9B6}" = protocol=6 | dir=out | app=system | 
"{AD9C31FF-0AEF-4B8F-90BE-3CE0C94691C7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{AE4CB53A-E2E9-40C1-8E91-D763E4D4C293}" = dir=in | app=d:\skype\phone\skype.exe | 
"{AEEA19DF-6B1F-41FD-9EAE-D5CCA1905546}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\rpu.exe | 
"{AF1049C2-E7F4-46F5-AF32-0766D9F0D058}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B0AC7201-0DEA-4EFE-B3FC-D1A803F14AF1}" = protocol=6 | dir=in | app=d:\games\secretofsolstice\sosclient.exe | 
"{B0F17BCF-F359-41F1-A1C9-06DA4C57B7B3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B19A71B6-3B0D-4B77-AE68-802B0C7BC051}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B1C7E1DB-2477-461F-867A-CDFAF4E14F67}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B32471BE-2159-4DD3-98EF-22A7284200CD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B3610780-7DE3-4B06-BD39-3056E88F7266}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B3DF23A0-E775-46F3-86B7-41B086F08256}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B4514333-E663-4257-BE15-B147FF08B668}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B48510D0-AFEE-4F46-8744-A3197647B98D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B4BF66A0-92FB-4C76-9C56-32C3E894AABD}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"{B65FD277-E8FB-48FA-B181-59C2440739B6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B6804069-B6BA-4B6B-A8D5-E6F1D1326B58}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B7127EFA-E6F7-45E0-9CD2-BC013E06AB82}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"{B8AAED2A-72B0-4751-8A75-DC1C8C28B48E}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe | 
"{B8B2E4EF-490A-4F75-BD72-965A594729F1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B8BC8B24-79AA-4F0D-8EBF-1A0AEF9B515B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B93BFE76-CF7A-4CAE-96AB-9EEDF6AE7AB2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{B9A9FC51-4AC8-48D9-82C7-866E05EACEF2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{BA3A9508-AD25-46BA-887B-7BD326C694F9}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe | 
"{BA3FABF1-EFB5-4FCF-8A89-7EED4E81A1AB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{BA695D3A-660C-4FBC-9309-C8E961E936E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BA81DA0B-D17A-41B2-918F-61BC9CCE4A3F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{BD342A1B-D947-4235-85B1-EF61CC341CCA}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe | 
"{BE312CA9-736F-417D-87A1-D45A782D00D0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{BF61893C-0032-42E2-A29B-43EED6FB7F4C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{C016C55A-385B-4136-BE1F-F9DF018DC5CD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{C1328E99-F149-473F-9738-D087B699EE7C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{C302820D-DE9F-45BC-8DF8-27B626EFB3B7}" = dir=in | app=d:\skype\phone\skype.exe | 
"{C3289017-2306-4D48-A816-0D55EC046985}" = protocol=6 | dir=in | app=c:\users\kirelle\appdata\local\akamai\netsession_win.exe | 
"{C418A12E-ABD7-42EE-9521-DE1BEB472AE4}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\acbsp.exe | 
"{C544859D-067A-447A-A205-870504DF3386}" = dir=in | app=d:\skype\phone\skype.exe | 
"{C5A4638C-8B30-4365-B7FE-5C77E42A256A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C6132614-DFF5-4C8F-AA51-584B8C8E2752}" = dir=in | app=d:\skype\phone\skype.exe | 
"{C91C3491-43A7-46DD-B9B5-C48C6C7094CE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CAAF4D97-EF8A-40C4-9FAC-74ED33BD1B62}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CAE4BAC7-731E-4167-AE15-F585F6FDE449}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CB852DC0-F4BF-43EE-93AB-4BB19972DDFA}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CC342703-C768-466E-9C40-429E783C9A8A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CCAC4284-2C97-4EBD-85B2-0F418E0698D1}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CD2024DF-8D4D-468A-A97B-847442B60340}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CD3A1190-F2DC-4DED-AD73-8BEEF741500F}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CD4C9FD7-4A1B-4170-BC3E-2CEDCE2F9158}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CD82C6AA-B0F9-4B5B-A587-B5C28B09A899}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CDA5AFBC-8D5C-4934-9312-3FB44DC1AD0E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CEA730AA-284C-40EA-8DD9-18E066A81F68}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CEADA119-34FF-4CFC-82E7-F630ED88C115}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CF5BFFE4-6CB3-48C2-939E-E1A0A477AFA3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CF99142A-CD00-4FCE-B8B3-FA9888DD7909}" = dir=in | app=d:\skype\phone\skype.exe | 
"{CF9C6E9D-2BD3-4C6D-9912-FDD96EDA5659}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D03F4594-E5AA-4DC4-9955-5B9243D83F7B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D04C15D2-8749-4512-968F-01AD27DE5963}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D0CE7478-4D19-4ADC-BC1A-B844371A5E64}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D10BAADE-BEAC-4D33-91BF-B82558413698}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D1A40EB4-D6E4-4363-9B52-8D289846BEE2}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D339923B-7E13-49A7-8CFF-D33F6B300DAC}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D3876623-76CD-4B7E-99B1-41FC58D7AC4A}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\dragonagetoolset.exe | 
"{D3B5FCFB-0D9D-4115-A7DF-C68BCFF14002}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D46312F9-5EE1-4DA8-94D0-CE5F58C61017}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D49C9BC3-C210-40A7-8D87-7500983B9FD3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D4CDCA8F-A131-402B-A2DC-69668166F690}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D4F4705E-3006-46F0-905A-2C0FFD09636D}" = protocol=17 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe | 
"{D6AAF2F0-5BEE-4417-AC8B-11247F9E81B8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D6E18BDB-A25F-4B2B-AE0A-B0884E7A8E4B}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\assassinscreedbrotherhood.exe | 
"{D7648957-9218-4FC3-948A-4F488A162EF9}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D79395E0-D585-4049-B138-B299F384F010}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D7A0B3CE-B96E-4888-ACB7-BE99A0887FA3}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D7B9626B-9742-49D3-90CA-8C0111BE2381}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D7FC0FD1-D68F-45C6-BAA0-A8FDDCEF475D}" = protocol=17 | dir=in | app=n:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{D8948A75-5DB5-4CFC-A965-AFB8E5CF9E68}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D8B95E78-5065-4F08-8437-3708AB631195}" = dir=in | app=d:\skype\phone\skype.exe | 
"{D9735D3D-0D9E-4C17-A805-884BE350A4B8}" = protocol=17 | dir=in | app=d:\games\fable3.exe | 
"{DA02F651-4271-49EB-902B-C483D74EE9B6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{DA09467D-55D3-43F8-9467-9B1A57719E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe | 
"{DC5F0018-66F2-446F-AED5-58EBAF68926D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{DCCD1FAC-73E4-4E0E-8DAA-5A9E651EC041}" = dir=in | app=d:\skype\phone\skype.exe | 
"{DDBE1316-1F2B-41CF-BE2E-90E4F7A51BD0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{DF4FC55F-196B-4367-B8C9-832C3498501C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{DF8D4DAD-A3A5-47C3-B61D-13E0756A7853}" = protocol=6 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe | 
"{E00102DB-1269-432A-8DBD-72BAB0D23F0B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E0380EB1-897D-41E0-995E-696143236C49}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E1336688-E92A-4E26-B9A7-94A6B8264927}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\lightmapper\eclipseray.exe | 
"{E168221D-F400-4920-80A4-E45B3919F4F9}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E180AFEC-7ECC-4204-BA51-3AAEC34486B6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E2456D4D-E209-4F1E-9D63-D5E104B0D9C5}" = protocol=17 | dir=in | app=d:\games\civilization 4\civilization4.exe | 
"{E2D0643D-76A7-4EAD-B89F-EACF8FEB5E44}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E2EB4D4D-25B0-40D3-9A3F-96B90DDD6F7A}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{E2F4FFDA-975A-4B4A-9AD2-ACC08B214CD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E332FD06-6132-403E-88F8-5B1005143FDB}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{E419E289-2CAB-4C98-A293-C0CAEF032D56}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E4724042-FAB1-40B9-831D-1375CC534ECA}" = protocol=17 | dir=in | app=n:\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{E6B86477-9EBC-4A63-ABE1-E2182E5911D6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E7AD61F7-727E-40C0-AE5A-278AA5674B6A}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E8251F03-16CA-4076-B8C9-00BD4288232D}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E92D06DF-244C-4E39-A989-AD2CA6699713}" = dir=in | app=d:\skype\phone\skype.exe | 
"{E93DEBCD-FADA-4583-BE24-70764DB99516}" = protocol=6 | dir=in | app=d:\games\dragon age 2\dragonage2launcher.exe | 
"{E95A2C25-50A2-4BF5-986E-4695EF253F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E9C6CF6C-AD9C-4DCC-B421-9DB2B96FC0CD}" = dir=in | app=d:\skype\phone\skype.exe | 
"{EB734171-575D-4229-9389-5480FF014437}" = dir=in | app=d:\skype\phone\skype.exe | 
"{EC22406F-A30C-4D50-B4F5-4193F489FD35}" = protocol=6 | dir=in | app=c:\program files (x86)\haihaisoft universal player\hmplayer.exe | 
"{ED7D4533-13FA-4F48-968C-0C555E1B9267}" = dir=in | app=d:\skype\phone\skype.exe | 
"{EDA3075A-F5FA-4E24-8C3B-1122CD833E97}" = dir=in | app=d:\skype\phone\skype.exe | 
"{EDD08F90-812B-4EDD-8811-24C6C5C66A88}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\assassinscreedbrotherhood.exe | 
"{EE87FFC8-C238-4933-ACAF-029FDDD5E984}" = protocol=17 | dir=in | app=n:\315884197 saine\elsword_de\data\x2.exe | 
"{EF369491-5483-42EF-A735-200D6A8E51C0}" = dir=in | app=d:\skype\phone\skype.exe | 
"{EFCF6F5C-4FA2-4ABB-86D8-15D9591EA27F}" = protocol=6 | dir=in | app=d:\games\fable3.exe | 
"{EFDD119D-E40B-4DBB-AEDC-6AFE97B4EC38}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F267A1DB-7BA0-457B-A85F-82CC90A9916A}" = protocol=6 | dir=in | app=n:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{F48B68CA-BE4F-4276-9F72-7634205608D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F493C264-18C3-4B7A-98C3-9635FC086D98}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F5322A16-F00B-4569-B8AE-D4362ECF6AA6}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F54B28DA-2E96-4961-9EB3-5E2125AD3032}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F561BFED-1079-4DB3-ACB1-93628AB93DFA}" = protocol=6 | dir=in | app=d:\games\civilization 4\civilization4.exe | 
"{F64689C4-8EB5-4927-976B-1ACD229F9DA5}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"{F655A45E-728F-447D-8C93-96B5E805506F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F69DDFA9-0883-4AF2-804C-B0721E71F7EE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F7CE2DE1-82E1-4143-8B5A-02099FE1FD9C}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F8236F82-6C82-4F2B-A958-5D5A5ECAF76B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F8C66C54-C760-425D-A746-D62BCB01A1DE}" = dir=in | app=d:\skype\phone\skype.exe | 
"{F92C365E-96D6-4A92-A7B7-7331869A666E}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FA1DF70F-3049-4B86-8953-DCC2E563E0FC}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FA2C9F59-1D53-4E36-9D5C-F0B6F50D65F5}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{FB3E9C69-75C7-4E86-8A93-3A849618C197}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FB48CD48-6D5A-49B0-BD98-F4CF65FE630B}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FB57D1B2-A120-4041-B870-B2BB26A618E8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FC086C2C-FF33-489B-B9E3-0B53E5DB3E22}" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe | 
"{FC44F263-4895-43C3-91A9-1923C9EEE958}" = protocol=6 | dir=in | app=n:\315884197 saine\elsword_de\data\x2.exe | 
"{FC8424F5-00FE-423F-82EA-146D95E258F8}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FE3E0704-340D-4FB7-9889-60616F776385}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FEE2CC0F-AFA1-4551-A2FD-EDFD3D4006FB}" = dir=in | app=d:\skype\phone\skype.exe | 
"{FFF23C5E-61A2-483A-A315-4BAA9B13946A}" = dir=in | app=d:\skype\phone\skype.exe | 
"TCP Query User{08CA2520-603D-4EE5-A292-DDD55746680A}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{16C42685-63A7-4AD8-B3CB-37CEE6B4361F}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"TCP Query User{1AB29601-EF12-454E-B499-C9727B05827B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{1EAB6E13-0CB3-4A5C-A2F8-D607B40B9581}C:\windows\syswow64\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe | 
"TCP Query User{4433F127-07BB-49C7-B4E7-4DEE87E60970}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{4595AE97-8625-4DEE-B10E-FF800772E056}D:\games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=d:\games\age of empires\empiresx.exe | 
"TCP Query User{79B0363A-5873-45DC-A17C-B7C46CB77B28}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{849AB037-B077-410E-A890-BE506A30E100}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{9BBD67F5-48D6-4FD7-9213-3665681224D0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"TCP Query User{AE7CC6CD-F628-4183-A853-CA3C67AD1777}N:\portal 2\steamapps\kireille\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=n:\portal 2\steamapps\kireille\team fortress 2\hl2.exe | 
"TCP Query User{C202B28C-57C2-4102-B809-6D68F3F6187D}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{C8AF9E86-94B8-4DEA-945C-D9C614A18BFC}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe" = protocol=6 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe | 
"TCP Query User{CF97EDB9-D570-4377-9FA9-C696D18CCA47}N:\portal 2\steamapps\kireille\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe | 
"TCP Query User{D5C03BDA-7E5D-4C78-83C8-1936300920E6}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe" = protocol=6 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe | 
"TCP Query User{E554C061-5BD2-4723-BF46-AE9F45FE2573}D:\games\age of empires\empires.exe" = protocol=6 | dir=in | app=d:\games\age of empires\empires.exe | 
"TCP Query User{E6F6B40D-A135-4BBE-8D4E-5E6F7C1EEFCF}D:\games\touhou 12.3 unthinkable natural law\th123\th123.exe" = protocol=6 | dir=in | app=d:\games\touhou 12.3 unthinkable natural law\th123\th123.exe | 
"UDP Query User{01FB098E-15B6-43B7-8469-1A87423875B5}N:\portal 2\steamapps\kireille\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=n:\portal 2\steamapps\kireille\team fortress 2\hl2.exe | 
"UDP Query User{0A15F45A-CFE8-4A0C-9841-8A51D6040BF3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0FB92DF3-8C14-48B7-9F92-F04C92E6166D}D:\games\age of empires\empires.exe" = protocol=17 | dir=in | app=d:\games\age of empires\empires.exe | 
"UDP Query User{41655082-9A15-4EE2-9436-DB0B21F57206}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{48C472D7-85F6-453B-9FE6-B76C5997BDDE}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{5D489D9D-6317-476C-957D-FA27129EA257}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe" = protocol=17 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe | 
"UDP Query User{71469710-2F4E-4324-B275-A78EE65D8960}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{74D132D7-7897-4940-B57A-F31D62748018}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{8E62ABBE-B63C-4591-8EA2-57AC1DFFF765}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe" = protocol=17 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe | 
"UDP Query User{8FBBAEB4-9D18-4149-945B-9303DE44C52D}D:\games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=d:\games\age of empires\empiresx.exe | 
"UDP Query User{BB73488C-8455-4E4C-A9F5-5671B030AB30}D:\games\touhou 12.3 unthinkable natural law\th123\th123.exe" = protocol=17 | dir=in | app=d:\games\touhou 12.3 unthinkable natural law\th123\th123.exe | 
"UDP Query User{C7876A5C-04FE-42FD-86F2-72670E79D04E}N:\portal 2\steamapps\kireille\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe | 
"UDP Query User{EF32ADEF-6B6A-4591-BD66-718901861C74}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{F070ABF0-96FF-4CFE-B300-4756463F15C0}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{F085375E-BDF7-431A-A0E8-23D151E70A2A}C:\windows\syswow64\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe | 
"UDP Query User{F5A32378-0E56-408F-B9B1-EA098D312A1D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D483C640-09C0-CA54-007D-20BE9FA99C72}" = ccc-utility64
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F4EAF98E-197C-E203-FB2C-9FCAB5337473}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B96515-9EF9-12B5-8A9A-B409E967BDBB}" = Catalyst Control Center Graphics Previews Vista
"{088C8B98-3D9F-4CBD-B37B-A32D9580C4EE}" = LEGO MINDSTORMS NXT Driver
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{19FCAF1A-AD28-C086-B5A6-8E7A6DAB9B7B}" = ccc-core-static
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{257C7A78-535E-1450-C720-AE353876C816}" = Catalyst Control Center InstallProxy
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D79E5F9-A5BA-4162-AAF4-D1BC8C5A83FF}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{430F9E74-B8B1-496C-9684-AF791320DC9F}" = S4 League_EU
"{45CAC750-E555-6DE3-078F-C9A4C2DF8A3E}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5628829F-3318-4DDA-988D-D301832F1611}" = Singles Patch 1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6AC4E434-8126-4840-BBD3-6B1EB78BBFF5}" = Solstice
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74DEA59C-41C7-1B77-291F-43108DFBAB14}" = Catalyst Control Center Core Implementation
"{752DE3AC-8AE4-4028-85F9-AAE53B6DE469}" = ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ[ƒiEƒRƒ“ƒvƒŠ[ƒgƒtƒH[ƒ€
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E4B682-219A-2656-44E1-18DF1F57EAE1}" = Catalyst Control Center Graphics Full Existing
"{8C5C2D4E-5027-AC93-0531-B72C5625A0DD}" = CCC Help English
"{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = “Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{95B4269C-7ED9-2E32-0E3D-3F446B495540}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1463F00-4E89-402E-7DD3-3CF0CE98F1FA}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D9965A-A5F8-6CF6-33E7-A1EECC2E585B}" = Catalyst Control Center HydraVision Full
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E5348080-5B89-40BE-908B-41A4784E0EDE}_is1" = Dragonica
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V Ver1.06
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DMO" = GDMO
"Doppler's Essence Mod_is1" = v1.0
"Drakensang_is1" = Drakensang
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Grotesque-Tactics" = Grotesque-Tactics 1.0.0.4
"Haihaisoft Universal Player" = Haihaisoft Universal Player
"HijackThis" = HijackThis 2.0.2
"Hisoutensoku English" = NSIS Hisoutensoku English
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.5
"KnightShift - RPG" = KnightShift - RPG
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Maristice English" = NSIS Maristice English
"MediaMonkey_is1" = MediaMonkey 3.0
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"OpenAL" = OpenAL
"Opera 11.62.1347" = Opera 11.62
"Origin" = Origin
"PHANTASY STAR UNIVERSE Ambitionen des Illuminus_is1" = PHANTASY STAR UNIVERSE Ambitionen des Illuminus
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 620" = Portal 2
"SWR English" = NSIS SWR English
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TextMaker Viewer" = TextMaker Viewer
"The I of the Dragon" = The I of the Dragon
"Uninstall_is1" = Uninstall 1.0.0.1
"Venetica_is1" = Venetica
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XBCD 360" = XBCD 360 0.2.5
"XMedia Recode" = XMedia Recode 2.3.2.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 13:43:01 | Computer Name = Kirelle-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.0.5.0, Zeitstempel:
 0x4b64ae05  Name des fehlerhaften Moduls: vlc.exe, Version: 1.0.5.0, Zeitstempel:
 0x4b64ae05  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001749  ID des fehlerhaften Prozesses:
 0x15a8  Startzeit der fehlerhaften Anwendung: 0x01cd2bafa81f43ec  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: ec9afaeb-97a2-11e1-86a8-001d7d9b41ed
 
Error - 06.05.2012 20:07:58 | Computer Name = Kirelle-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.2.0.3525, Zeitstempel:
 0x4d2389db  Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16443, Zeitstempel:
 0x4f4c3300  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00478af8  ID des fehlerhaften Prozesses:
 0x1434  Startzeit der fehlerhaften Anwendung: 0x01cd2b9257dfe84a  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\ICQ7.2\ICQ.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\mshtml.dll
Berichtskennung:
 b37e1c86-97d8-11e1-86a8-001d7d9b41ed
 
Error - 11.05.2012 04:30:05 | Computer Name = Kirelle-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8117.416,
 Zeitstempel: 0x4bc935af  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00038df9  ID des fehlerhaften
 Prozesses: 0x8d0  Startzeit der fehlerhaften Anwendung: 0x01cd2f3d8ab1c2bf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 82476c4c-9b43-11e1-8682-001d7d9b41ed
 
[ Media Center Events ]
Error - 14.06.2011 06:05:08 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 12:05:08 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 20.06.2011 17:09:34 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 23:09:34 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)  
 
Error - 20.06.2011 17:12:19 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 23:12:11 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)  
 
Error - 07.07.2011 04:25:49 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 10:25:49 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 12.05.2012 03:48:02 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.05.2012 03:48:46 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.05.2012 03:56:51 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.05.2012 03:58:01 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.05.2012 04:09:02 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 12.05.2012 04:09:37 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 13.05.2012 05:23:55 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 13.05.2012 05:24:39 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 14.05.2012 06:36:02 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 14.05.2012 06:36:47 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---


malewarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kirelle :: KIRELLE-PC [Administrator]

Schutz: Aktiviert

11.05.2012 10:11:13
mbam-log-2012-05-11 (10-11-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202366
Laufzeit: 9 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Kirelle\Downloads\SoftonicDownloader_fuer_haihaisoft-universal-player.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kirelle\AppData\Local\Temp\.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Avira Funde:

Code:
ATTFilter
In der Datei 'C:\Users\Kirelle\AppData\Local\Opera\Opera\cache\dcache4.url'
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen2' [virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
         
Code:
ATTFilter
Die Datei 'C:\Users\Kirelle\AppData\Local\Temp\jar_cache1748299144970956868.tmp'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56e453a3.qua' verschoben!
         
Leider keine Logs von Avira vorhanden aus irgendeinem Grund.

Alt 14.05.2012, 15:17   #5
markusg
/// Malware-holic
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.05.2012, 16:35   #6
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-14.02 - Kirelle 14.05.2012  16:52:21.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2046.785 [GMT 2:00]
ausgeführt von:: c:\users\Kirelle\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jce06_SP.pp
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
N:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-14 bis 2012-05-14  ))))))))))))))))))))))))))))))
.
.
2012-05-14 15:04 . 2012-05-14 15:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-14 10:42 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E8A6B02-82EB-47F7-B131-CC0B56005C0A}\mpengine.dll
2012-05-13 09:37 . 2012-05-13 09:37	--------	d-----w-	c:\program files\CCleaner
2012-05-11 08:07 . 2012-05-11 08:07	--------	d-----w-	c:\users\Kirelle\AppData\Roaming\Malwarebytes
2012-05-11 08:06 . 2012-05-11 08:06	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-11 08:06 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-11 08:06 . 2012-05-11 08:06	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 07:58 . 2012-03-30 11:09	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-11 07:58 . 2012-04-02 05:26	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 07:58 . 2012-04-02 05:24	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:58 . 2012-04-02 04:40	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:58 . 2012-04-02 05:24	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 07:58 . 2012-04-02 05:24	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 07:46 . 2012-03-03 06:29	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-05-11 07:46 . 2012-03-03 06:29	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-11 07:46 . 2012-03-03 06:29	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-11 07:46 . 2012-03-03 05:40	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-11 07:46 . 2012-03-03 05:40	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 07:46 . 2012-03-03 06:29	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-11 07:46 . 2012-03-03 06:29	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-05-11 07:46 . 2012-03-03 05:40	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-05-11 07:46 . 2012-03-03 05:40	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-05-11 07:46 . 2012-03-03 05:40	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-05-11 07:39 . 2012-04-02 05:34	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-11 07:39 . 2012-04-02 03:01	3143680	----a-w-	c:\windows\system32\win32k.sys
2012-05-11 07:39 . 2012-04-02 04:46	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 07:39 . 2012-04-02 04:46	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 06:59 . 2012-03-17 07:55	75632	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-06 15:02 . 2012-05-06 15:02	--------	d-----w-	c:\users\Kirelle\AppData\Local\Kalypso Media
2012-05-06 14:58 . 2012-05-06 14:58	--------	d-----w-	c:\users\Kirelle\AppData\Roaming\Kalypso Media
2012-04-28 06:17 . 2012-04-28 06:17	--------	d-----w-	c:\users\Kirelle\AppData\Local\Risen2
2012-04-28 06:17 . 2012-04-28 06:17	--------	d-----w-	c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-16 16:34 . 2012-04-16 16:34	--------	d-----w-	c:\programdata\Nexon
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:05 . 2012-02-27 15:36	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:05 . 2012-02-27 15:36	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-10 04:15 . 2012-03-10 04:15	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-10 04:15 . 2012-03-10 04:15	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-03-10 04:15 . 2012-03-10 04:15	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-10 04:15 . 2012-03-10 04:15	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-03-10 04:15 . 2012-03-10 04:15	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-03-10 04:15 . 2012-03-10 04:15	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-03-10 04:15 . 2012-03-10 04:15	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-03-10 04:15 . 2012-03-10 04:15	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-03-10 04:15 . 2012-03-10 04:15	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-03-10 04:15 . 2012-03-10 04:15	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-03-10 04:15 . 2012-03-10 04:15	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-03-10 04:15 . 2012-03-10 04:15	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-03-10 04:15 . 2012-03-10 04:15	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-03-10 04:15 . 2012-03-10 04:15	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-03-10 04:15 . 2012-03-10 04:15	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-03-10 04:15 . 2012-03-10 04:15	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-03-10 04:15 . 2012-03-10 04:15	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-03-10 04:15 . 2012-03-10 04:15	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-10 04:15 . 2012-03-10 04:15	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-10 04:15 . 2012-03-10 04:15	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-03-10 04:15 . 2012-03-10 04:15	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-10 04:15 . 2012-03-10 04:15	222208	----a-w-	c:\windows\system32\msls31.dll
2012-03-10 04:15 . 2012-03-10 04:15	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-10 04:15 . 2012-03-10 04:15	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-10 04:15 . 2012-03-10 04:15	12288	----a-w-	c:\windows\system32\mshta.exe
2012-03-10 04:15 . 2012-03-10 04:15	114176	----a-w-	c:\windows\system32\admparse.dll
2012-03-10 04:15 . 2012-03-10 04:15	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-10 04:15 . 2012-03-10 04:15	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-03-10 04:15 . 2012-03-10 04:15	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-03-10 04:15 . 2012-03-10 04:15	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-03-10 04:15 . 2012-03-10 04:15	448512	----a-w-	c:\windows\system32\html.iec
2012-03-10 04:15 . 2012-03-10 04:15	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-10 04:15 . 2012-03-10 04:15	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-03-10 04:15 . 2012-03-10 04:15	160256	----a-w-	c:\windows\system32\wextract.exe
2012-03-04 10:34 . 2012-03-04 10:34	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-01 06:54 . 2012-04-13 03:00	22896	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-13 03:00	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-13 03:00	80896	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-13 03:00	5120	----a-w-	c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-13 03:00	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-13 03:00	158720	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-13 03:00	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 03:05	2311168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 03:05	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 03:05	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 03:05	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 03:05	1799168	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 03:05	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 03:05	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 03:05	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2009-12-12 13:43	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-19 11:01 . 2011-11-20 13:36	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 06:27 . 2012-03-14 04:30	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 04:30	826368	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 04:30	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 04:30	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\skype\Phone\Skype.exe" [2010-04-06 26105128]
"Akamai NetSession Interface"="c:\users\Kirelle\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-21 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dump_wmimmc;dump_wmimmc;n:\sega\PHANTASY STAR UNIVERSE Illuminus\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\Kirelle\AppData\Local\Temp\0012B5E.tmp [x]
R3 X6va006;X6va006;c:\users\Kirelle\AppData\Local\Temp\006BAE3.tmp [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://plasmoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/result.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-UpgradeHelper - c:\users\Kirelle\AppData\Roaming\Microsoft Corporation\{4175EF9F-776E-430A-ABAF-11A5AC0715DF}\UpgradeHelper.exe
AddRemove-Age of Empires Expansion 1.0 - g:\aoeger\UNINSTX.EXE
AddRemove-Maristice English - d:\games\Maristice\[@N-Factory] Maristice\[@N-Factory] Maristice \??????\uninstall_maristice_e.exe
AddRemove-SWR English - d:\games\Touhou Scarlet Weather Rhapsody\TH10.5 ~ Scarlet Weather Rhapsody\Scarlet Weather Rhapsody\uninstall_th105e.exe
AddRemove-{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1 - d:\games\Touhou Scarlet Weather Rhapsody\TH10.5 ~ Scarlet Weather Rhapsody\Scarlet Weather Rhapsody\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Kirelle\AppData\Local\Temp\0012B5E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Kirelle\AppData\Local\Temp\006BAE3.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3649425916-2671288558-1417801097-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,44,a5,1a,b1,4e,69,ba,8d,58,55,51,91,fe,a3,9e,d9,e6,22,9a,3a,ea,bb,
   1e,17,0c,26,d4,a2,f3,31,ec,f3,4e,8e,42,a5,2a,ab,d0,ce,20,20,ff,04,d2,3d,7e,\
"??"=hex:34,97,19,04,a0,a5,3e,ed,1f,b8,8d,9f,67,04,82,79
.
[HKEY_USERS\S-1-5-21-3649425916-2671288558-1417801097-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,ee,d4,61,a1,f6,38,d2,4b,c0,2b,a0,2d,6e,46,69,a9,3c,b4,06,5e,
   a4,b5,84,15,71,c2,8d,11,a2,b4,df,ce,89,97,38,51,ed,6b,5f,2d,b5,bd,7c,fe,bd,\
"rkeysecu"=hex:21,44,d9,09,dc,ac,10,5c,43,9d,11,1e,e9,28,36,96
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
d:\hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-14  17:26:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-14 15:26
.
Vor Suchlauf: 9 Verzeichnis(se), 46.580.600.832 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 48.667.041.792 Bytes frei
.
- - End Of File - - 8F824B6F761692997BF95C37EE5305F5
         
--- --- ---

Alt 20.05.2012, 12:30   #7
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Mein Problem ist leider irgendwie in Vergessenheit geraten. Also die Symptome haben schon aufgehört, ich würde nur gerne wissen, ob noch irgendetwas zu tun ist, also ob mein Rechner nun wirklich sauber ist.

Alt 22.05.2012, 16:33   #8
markusg
/// Malware-holic
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



lade den CCleaner standard:
CCleaner Download - CCleaner 3.18.1707
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.05.2012, 18:46   #9
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Code:
ATTFilter
7-Zip 4.65		13.02.2010	benötigt	
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	19.11.2011	6,00MB	11.1.102.55  benötigt
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	18.02.2012	6,00MB	11.1.102.62  benötigt
Adobe Photoshop CS2	Adobe Systems, Inc.	07.08.2010		9.0  benötigt
Adobe Reader X (10.0.1) - Deutsch	Adobe Systems Incorporated	14.02.2011	115,9MB	10.0.1  benötigt
Akamai NetSession Interface		22.02.2012  unbekannt		
Akamai NetSession Interface Service		22.02.2012  unbekannt		
Apple Application Support	Apple Inc.	21.07.2011	52,8MB	1.4.1
Apple Software Update	Apple Inc.	22.07.2011	2,16MB	2.1.1.116
Assassin's Creed Brotherhood	Ubisoft	04.12.2011  		1.03  benötigt
ATI Catalyst Install Manager	ATI Technologies, Inc.	11.12.2009	20,7MB	3.0.750.0  benötigt
Avira Free Antivirus	Avira	07.05.2012	109,3MB	12.0.0.1125  benötigt
BioShock 2	2K Games	25.11.2011		1.00.0000  benötigt
Canon CanoScan Toolbox 4.1		22.06.2011	unbekannt	
CCleaner	Piriform	12.05.2012		3.18  benötigt
Counter-Strike: Source	Valve	17.03.2012	494MB	1.0.0.0  benötigt
Divinity II - Ego Draconis	dtp	26.05.2011		benötigt
Dragon Age II	Electronic Arts, Inc.	22.08.2011	1.942MB	1.03  benötigt
Dragon Age Toolset	Electronic Arts, Inc.	03.06.2011	2.170MB	1.01  benötigt
Dragon Age: Origins	Electronic Arts, Inc.	29.05.2011	3.629MB	1.04  beötigt
Dragonica	GALA Networks Europe Limited	13.04.2012	2.552MB	Neuer Mythos  benötigt
Drakensang	dtp	24.12.2009	benötigt	
Fable III	Microsoft Game Studios	04.08.2011		1.0.0000.131  benötigt
Free M4a to MP3 Converter 6.2	ManiacTools.com	23.07.2011	3,92MB	nicht nötig
GameSpy Comrade	GameSpy	19.12.2010	16,7MB	1.4.3.154 benötigt
Grotesque-Tactics 1.0.0.4		28.01.2012	benötigt	
Haihaisoft Universal Player	Haihaisoft	16.07.2011		1.5.7.0  benötigt
Heroes of Might & Magic V: Hammers of Fate		05.04.2012  benötigt		
Heroes of Might and Magic V		05.04.2012		benötigt
Heroes of Might and Magic V - Tribes of the East		05.04.2012 benötigt		
HijackThis 2.0.2	TrendMicro	11.05.2012		2.0.2 benötigt
ICQ Toolbar	ICQ	25.10.2010		3.0.0 nicht nötig
ICQ7.2	ICQ	25.10.2010		7.2  benötigt
ILLUSION ジンコウガクエン	ILLUSION	04.08.2011	1.250MB	1.00.0000  benötigt
ILLUSION ジンコウガクエン きゃらめいく	ILLUSION	04.08.2011	223MB	1.00.0000  benötigt
IrfanView (remove only)		11.12.2009  benötigt		
Jade Empire	BioWare Corp.	21.09.2011  benötigt		
Java(TM) 6 Update 22	Sun Microsystems, Inc.	14.01.2010	95,0MB	6.0.220  benötigt
JDownloader 0.9	AppWork GmbH	22.06.2011		0.9  benötigt
K-Lite Mega Codec Pack 3.7.5		06.02.2008		3.7.5 unbekannt
KnightShift - RPG		06.01.2012 benötigt		
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket	The LEGO Group	02.07.2010	21,2MB	1.0.439.0 benötigt
LEGO MINDSTORMS NXT Driver	LEGO	02.07.2010	1,52MB	1.1.770  benötigt
Logitech GamePanel Software 3.03.133	Logitech Inc.	11.12.2009	17,9MB	3.03.133 benötigt
Logitech SetPoint	Logitech	20.04.2011	17,00KB	4.80 benötigt
LogMeIn Hamachi	LogMeIn, Inc.	02.03.2012		2.1.0.166  benötigt
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.05.2012	18,0MB	1.61.0.1400 benötigt
Mass Effect	Electronic Arts, Inc.	21.08.2011		1.00  benötigt
Mass Effect 2	Electronic Arts, Inc.	17.01.2012		1.02  benötigt
Mass Effect™ 3	Electronic Arts	09.03.2012		1.0.0.0  benötigt
MediaMonkey 3.0	Ventis Media Inc.	12.12.2009		3.0  benötigt
Messenger Plus! Live & Sponsor (CiD)	Patchou	11.12.2009		4.60 (build 326) benötigt
Microsoft .NET Framework 1.1	Microsoft	19.12.2010	34,8MB	1.1.4322
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	38,8MB	4.0.30319
Microsoft Age of Empires Expansion		19.08.2010  benötigt		
Microsoft AppLocale	MS	12.09.2010	3,62MB	1.0.0  benötigt
Microsoft DirectX SDK (August 2009)	Microsoft Corporation	22.12.2009		9.27.1734.0 benötigt
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	25.11.2011	31,3MB	3.5.92.0 benötigt
Microsoft Games for Windows Marketplace	Microsoft Corporation	04.08.2011	6,04MB	3.5.50.0  benötigt
Microsoft SQL Server 2005	Microsoft Corporation	03.06.2011		
Microsoft SQL Server Native Client	Microsoft Corporation	03.06.2011	5,84MB	9.00.5000.00
Microsoft SQL Server Setup Support Files (English)	Microsoft Corporation	04.06.2011	25,1MB	9.00.5000.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	03.06.2011	1,10MB	9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	12.12.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	22.04.2011	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	11.12.2009	0,69MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	03.06.2011	0,57MB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	24.04.2011	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	12.12.2009	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	28.01.2012	1,71MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	23.04.2011	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	24.06.2011	0,23MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	07.01.2012	0,22MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	11.12.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.06.2011	0,22MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	10.03.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	27.02.2012	12,3MB	10.0.40219
Microsoft Windows Application Compatibility Database		12.09.2010		
Mozilla Firefox (3.6.28)	Mozilla	18.03.2012		3.6.28 (de) benötigt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	09.01.2012	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	09.01.2012	1,33MB	4.20.9876.0
NSIS Hisoutensoku English		03.09.2010 benötigt		
NSIS Maristice English		21.08.2010 benötigt		
NSIS SWR English		03.09.2010 benötigt		
NVIDIA PhysX	NVIDIA Corporation	09.03.2012	86,1MB	9.11.1107 benötigt
ooVoo	ooVoo LLC.	09.02.2012	23,6MB	3.0.7040 nicht nötig
OpenAL		28.01.2012	unbekannt	
OpenOffice.org 3.3	OpenOffice.org	24.06.2011	415MB	3.3.9567 benötigt
Opera 11.62	Opera Software ASA	29.03.2012		11.62.1347  benötigt
Origin	Electronic Arts, Inc.	09.03.2012		8.5.0.4554  benötigt
Overlord	Codemasters	03.03.2012		1.00.0606  benötigt
Pando Media Booster	Pando Networks Inc.	14.01.2010	5,47MB	2.3.3.5  unbekannt
PHANTASY STAR UNIVERSE Ambitionen des Illuminus	SEGA SONIC TEAM	14.03.2012  benötigt		
Port Royale 3	Gaming Minds Studios GmbH	05.05.2012	628MB	1.1.1.0  benötigt
Portal 2	Valve	15.01.2012	benötigt	
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	24.12.2009		11.0.0.12  unbekannt
PunkBuster Services	Even Balance, Inc.	04.12.2011		0.990  unbekannt
QuickTime	Apple Inc.	21.07.2011	73,7MB	7.69.80.9 benötigt
RGSS-RTP Standard	Enterbrain	25.03.2012	22,5MB	1.0.0  benötigt
Risen	Deep Silver	19.12.2011		1.00.0000 benötigt
Risen 2 - Dark Waters		26.04.2012	  benötigt	
RPGXP	Enterbrain	25.03.2012	4,11MB	1.0.0 benötigt
RPGツクール2000 ランタイムパッケージ		12.09.2010	benötigt	
S4 League_EU		23.02.2012		1.00.0000  benötigt
Samsung Scan Assistant	Samsung Electronics Co., Ltd.	07.01.2012	24,7MB	1.04.22.00 benötigt
Samsung SCX-3200 Series	Samsung Electronics Co., Ltd.	07.01.2012	 benötigt	 
Sid Meier's Civilization 4 - Beyond the Sword	Firaxis Games	20.12.2010		3.17 benötigt
Sid Meier's Civilization 4 Complete	Firaxis Games	19.12.2010		1.74 benötigt
Singles Patch 1.4		22.02.2011	benötigt	
Singles2	Deep Silver	22.02.2011		2.02.000  benötigt
Skype™ 4.2	Skype Technologies S.A.	14.04.2010	25,6MB	4.2.158 benötigt
Steam	Valve Corporation	15.01.2012	34,4MB	1.0.0.0 benötigt
TeamSpeak 2 RC2	Dominating Bytes Design	05.04.2010		2.0.32.60 benötigt
TeamSpeak 3 Client	TeamSpeak Systems GmbH	23.08.2010	benötigt	
TeamViewer 5	TeamViewer GmbH	05.06.2010		5.0.8421 nicht nötig
TextMaker Viewer	SoftMaker Software GmbH	21.05.2011	nicht nötig	
The I of the Dragon	Deep Silver (Koch Media)	06.01.2012		1.00 Ger / Eng benötigt
The Witcher Enhanced Edition	CD Projekt Red	04.02.2012		1.4.5.1280 benötigt
Torchlight	JoWooD	13.11.2011	455MB	1.0.0  benötigt
Ubisoft Game Launcher	UBISOFT	04.12.2011		1.0.0.0  benötigt
Uninstall 1.0.0.1		25.04.2011	11,2MB	unbekannt
v1.0		04.02.2012	415MB	1.0.0  unbekannt
Venetica	dtp	22.04.2011	benötigt	
VLC media player 1.0.5	VideoLAN Team	22.05.2010		1.0.5 benötigt
Windows Live Essentials	Microsoft Corporation	26.01.2011		14.0.8117.0416 benötigt
Windows Live ID Sign-in Assistant	Microsoft Corporation	04.08.2011	10,0MB	6.500.3165.0  benötigt
Windows Live-Uploadtool	Microsoft Corporation	11.12.2009	0,22MB	14.0.8014.1029  benötigt
Windows Movie Maker 2.6	Microsoft Corporation	16.05.2011	8,85MB	2.6.4037.0  benötigt
WinRAR		11.12.2009 benötigt		
XBCD 360 0.2.5	Dhruvb14	21.12.2009		0.2.5 benötigt
XMedia Recode 2.3.2.8	Sebastian Dörfler	15.05.2011		2.3.2.8 benötigt
ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ[ƒiEƒRƒ“ƒvƒŠ[ƒgƒtƒH[ƒ€		05.02.2010  unbekannt		
“Œ•û”ê‘z“V Ver1.06	‰©¨ƒtƒƒ“ƒeƒBƒA	03.09.2010	benötigt	
“Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg	‰©¨ƒtƒƒ“ƒeƒBƒA	03.09.2010	benötigt
         
Hinter die Programme von Apple habe ich nichts geschrieben, weil ich mir nicht sicher bin, ob ich sie brauche und auch bei einigen Programmen von Microsoft kenne ich einfach nicht wirklich ihren Zweck, um ein Urteil zu fällen.

Alt 23.05.2012, 16:06   #10
markusg
/// Malware-holic
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
HijackThis
bringt kaum gewünschte infos und funktioniert unter win7 nicht richtig.
ICQ Toolbar
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
K-Lite
Mozilla Firefox
öffnen hilfe update, version 12 instalieren.

deinstaliere:
ooVoo

öffne otl cleanup, pc startet neu
öffne CCleaner analysieren CCleaner starten, pc neustarten testen wie er läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2012, 18:50   #11
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Hab alles gemacht, wie du gesagt hast und der PC läuft gut.

Alt 23.05.2012, 19:22   #12
markusg
/// Malware-holic
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.68

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.05.2012, 21:55   #13
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Habe die Punkte abgearbeitet und würde gerne avast! Free Antivirus und Opera als Browser benutzen.

Alt 24.05.2012, 16:16   #14
markusg
/// Malware-holic
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



ok, dann machst du bei der sandbox die freigabe für opera.exe anstelle von chrome.exe und bei anwendungen, webbrowser, andere die freigaben für opera, außer gesammten profil ordner.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.05.2012, 21:04   #15
Kireille
 
"Avira" Trojaner/Virus und mehrere iexplore.exen - Standard

"Avira" Trojaner/Virus und mehrere iexplore.exen



Ok, habe ich gemacht.

Antwort

Themen zu "Avira" Trojaner/Virus und mehrere iexplore.exen
anmeldung, antivirus, automatisch, avira, avira programm, beenden, dateien, englisch, forum, free, iexplore.exe, infizierte, infizierte dateien, installation, internet, meldung, neustart, piepton, problem, programm, prozesse, scan, schreibfehler, sekunden, start, task-manager, trojaner/virus, update, updates, öffnet



Ähnliche Themen: "Avira" Trojaner/Virus und mehrere iexplore.exen


  1. mehrere Kontakte bekommen eine Email "Hey! Important message", "js/js Mahtong"
    Log-Analyse und Auswertung - 20.02.2016 (51)
  2. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  3. Virus infiziert mehrere Systeme, verbreitet sich scheinbar auch übers Netzwerk. Virenprogramme "blind"
    Log-Analyse und Auswertung - 04.03.2015 (17)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. Windows 8.1 "Telekom-Trojaner" Avira meldet "Emotet.A.43"
    Log-Analyse und Auswertung - 24.11.2014 (9)
  6. Virus als Avira getarnt? - "C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" /showMiniGui
    Plagegeister aller Art und deren Bekämpfung - 08.08.2014 (3)
  7. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  8. Windows 7, nach "netstat" mehrere fremde Remoteadressen erkannt, Trojaner?
    Log-Analyse und Auswertung - 03.06.2014 (7)
  9. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  10. Virus / Trojaner blockiert Avira "...wurde durch eine Gruppenrichtlinie blockiert"
    Log-Analyse und Auswertung - 19.03.2014 (7)
  11. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  12. Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden
    Log-Analyse und Auswertung - 24.05.2013 (9)
  13. Avira meldet Trojaner "TR/Sirefef.AG.9" und "TR/ATRAPS.Gen2"
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (9)
  14. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  15. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  16. Trojaner/Virus lähmt das Internet "extrem". "TR/Cospet.EO.1" !
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (11)
  17. Mehrere Trojaner gefunden "trojan-spy.win32.greenscreen"....
    Plagegeister aller Art und deren Bekämpfung - 13.10.2008 (38)

Zum Thema "Avira" Trojaner/Virus und mehrere iexplore.exen - Guten Abend, liebe Community, seit heute Morgen öffnet sich bei mir ein verdächtiges Fenster, das sich als ein Update für Avira ausgibt. (Das ganze passierte interessanterweise nachdem ich einen merkwürdigen - "Avira" Trojaner/Virus und mehrere iexplore.exen...
Archiv
Du betrachtest: "Avira" Trojaner/Virus und mehrere iexplore.exen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.