Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Atraps.gen im Windowsordner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.07.2012, 23:22   #1
Jerichoholic
 
TR/Atraps.gen im Windowsordner - Standard

TR/Atraps.gen im Windowsordner



Hallo, gestern meldete mein Avira einen Fund des Trojaners TR/Atraps.gen. Nach Entfernfunktion trat es wieder und wieder auf.
Wenn ich mich recht entsinne war auch Java (Chat) zu jener Zeit geöffnet. Da Avira es auch nach Scan eher schlecht als recht beseitigte, probierte ich Avast, der etwas fand, aber nicht explizit diesen Trojaner. Symptom tritt zwar nicht mehr auf, aber ich bin sehr unsicher, ob das was gebracht hat. Vor allem habe ich keinerlei Ahnung und Erfahrung damit.
Übrigens mein OS: Windows Prof 7 64bit

Es wäre sehr nett wenn jemand meine Logs checken und helfen könnte.

Gruß und Dank

Marcel

OTL Logs:

Code:
ATTFilter
OTL logfile created on: 10.07.2012 23:05:06 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\OgerMarcel\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,52% Memory free
7,99 Gb Paging File | 5,96 Gb Available in Paging File | 74,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,70 Gb Total Space | 121,47 Gb Free Space | 35,55% Space Free | Partition Type: NTFS
Drive D: | 123,96 Gb Total Space | 32,10 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
Drive E: | 7,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARCEL | User Name: OgerMarcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.10 23:04:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\OgerMarcel\Downloads\OTL.exe
PRC - [2012.06.19 00:03:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\OgerMarcel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2006.11.23 17:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\mIRC\mirc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.19 00:03:53 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.08 18:50:28 | 000,074,616 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Messenger\ShareAnythingControlRes.dll
MOD - [2012.03.08 18:40:44 | 000,010,616 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Messenger\de\ShareAnythingControllang.dll.mui
MOD - [2012.03.08 17:53:16 | 000,019,304 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Shared\de\wliduxloc.dll.mui
MOD - [2012.03.08 17:53:12 | 000,025,960 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Shared\de\uxctlloc.dll.mui
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.24 12:11:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 00:03:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.29 09:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.28 14:11:29 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.03.18 11:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.03.18 11:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.03.18 10:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010.03.18 10:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.03.27 19:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{95705981-BF02-4BEE-B9A7-70382E16C63A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 78 93 E0 6F A3 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{95705981-BF02-4BEE-B9A7-70382E16C63A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\OgerMarcel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\OgerMarcel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 00:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 14:35:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.12 22:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.12 14:35:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 00:03:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 14:35:45 | 000,000,000 | ---D | M]
 
[2010.09.27 03:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Extensions
[2010.09.27 03:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.04 19:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Firefox\Profiles\q2t8pqji.default\extensions
[2012.05.17 18:32:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Firefox\Profiles\q2t8pqji.default\extensions\ich@maltegoetz.de
[2010.09.27 04:08:56 | 000,001,504 | ---- | M] () -- C:\Users\OgerMarcel\AppData\Roaming\Mozilla\Firefox\Profiles\q2t8pqji.default\searchplugins\imdb.xml
[2010.09.27 04:08:35 | 000,004,140 | ---- | M] () -- C:\Users\OgerMarcel\AppData\Roaming\Mozilla\Firefox\Profiles\q2t8pqji.default\searchplugins\youtube.xml
[2012.05.04 19:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.09 19:37:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.07.04 19:25:30 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\OGERMARCEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2T8PQJI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.19 00:03:53 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.05 12:43:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.19 00:03:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 00:03:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 00:03:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 00:03:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 00:03:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 00:03:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\OgerMarcel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\OgerMarcel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.230 80.69.100.174
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5949C9FA-A7FA-460B-9DE3-75B833046BBC}: DhcpNameServer = 80.69.100.230 80.69.100.174
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.19 20:05:30 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{0fc4881a-c9ce-11df-bdfd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc4881a-c9ce-11df-bdfd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2011.09.03 02:29:01 | 000,217,256 | R--- | M] (2K Sports)
O33 - MountPoints2\{8639e5cc-cd80-11e0-bdb8-1c6f654655d4}\Shell - "" = AutoRun
O33 - MountPoints2\{8639e5cc-cd80-11e0-bdb8-1c6f654655d4}\Shell\AutoRun\command - "" = G:\start_WIN.exe
O33 - MountPoints2\{967b9f47-a702-11e0-9638-1c6f654655d4}\Shell - "" = AutoRun
O33 - MountPoints2\{967b9f47-a702-11e0-9638-1c6f654655d4}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.10 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Roaming\Avira
[2012.07.10 22:26:41 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6B6E4DB0-ED73-4463-9367-17DDBEAC5944}
[2012.07.10 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6FE0354B-178D-4541-8240-55F0E0C39ECD}
[2012.07.10 22:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.10 22:24:14 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.10 22:24:14 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.10 22:24:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.10 22:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.10 22:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.10 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.07.10 16:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.07.10 16:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.10 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.10 13:55:35 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\ElevatedDiagnostics
[2012.07.10 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F8273BE7-637A-4B71-8E6F-CC639119AF18}
[2012.07.10 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{C7AC738E-FD3E-4046-BF4C-75A5496A2E71}
[2012.07.09 23:56:24 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F554B235-71E1-4184-9C7A-4225B792F05A}
[2012.07.09 23:56:00 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{433B4238-1FDC-42BA-86DD-7336C0480D1C}
[2012.07.09 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Roaming\Malwarebytes
[2012.07.09 14:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.09 11:55:34 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{49FE6715-4BBC-43A3-B125-CC2C86B06F70}
[2012.07.09 11:55:23 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{2E5ABF53-D7D7-49A6-838E-C31B2FCF11A6}
[2012.07.08 16:11:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5D0B0AD2-5E8D-4384-832B-DEF657136372}
[2012.07.08 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EBAA31B4-B049-4F34-BAC5-CFFA7A4AC4C8}
[2012.07.07 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{2902CEAB-9FD5-42B5-88D8-223C780CE5A0}
[2012.07.07 12:36:58 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3B058EED-8F03-451F-82DC-F5DF0675758E}
[2012.07.06 14:03:38 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{65F2F3DA-8D75-4005-A27A-E5EA0B3B716D}
[2012.07.06 14:03:15 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{40398C0C-5267-41DE-96FF-3128B226032C}
[2012.07.06 00:32:19 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{75DC34A4-EC74-4EED-B907-81BDC7D1913A}
[2012.07.05 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1A44D65D-74F3-43DF-8680-FF7E2C3FAD0A}
[2012.07.05 12:31:21 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1E414AC6-B89F-4D6B-AE78-4CB826BDE9F1}
[2012.07.05 00:30:55 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4D929232-85A1-4C94-AE59-C96FB24BC7B9}
[2012.07.04 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A0AE5826-A6FA-44EF-9E23-4C8BC0A88A2E}
[2012.07.04 12:29:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{FE5E08DA-C72D-4154-BFEF-B3D6B50FF776}
[2012.07.04 00:29:30 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F259240D-8CB1-4A07-9272-607B0D530E43}
[2012.07.03 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{79CB9DAF-E626-482C-98B6-F82AEE4CF64D}
[2012.07.03 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{342227B4-9458-4E9B-AF37-FFD06541D72E}
[2012.07.03 00:28:05 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B8A483CD-2417-46D8-A12F-C5BD999C3903}
[2012.07.02 12:27:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{CCD50395-A45C-4BF6-B3E1-F41DED2C4845}
[2012.07.02 12:27:05 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4CA24910-ACFD-4866-9C2F-7084A9838D28}
[2012.07.02 00:26:39 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B9366602-1CD7-474D-9FE1-0450223B0DE7}
[2012.07.01 12:26:03 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A8441E68-2D33-4515-BF0D-A4FF62571DC3}
[2012.07.01 12:25:51 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{38679E7E-8497-490C-8B94-C58AC6240F67}
[2012.06.30 13:06:44 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A927CF60-5B6C-4371-A563-A8212AEF587D}
[2012.06.30 13:06:33 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1DF32DCF-2E9E-426B-BCC2-2998C2533E66}
[2012.06.30 00:33:55 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{0006AB18-2D83-4BF3-A49A-3AACE4DD58E5}
[2012.06.29 12:33:17 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4722C220-954C-4160-A380-66BEE1DF6219}
[2012.06.29 12:32:39 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6C7CDC35-8FC2-4C70-A543-C7D28414E571}
[2012.06.29 00:30:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4CB32E7B-F21A-48DA-B660-98200ECEAB59}
[2012.06.29 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{876D07C8-A027-4671-B1AA-D4EBEC129B32}
[2012.06.28 12:29:27 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F1106265-11A6-4E93-B67D-651E51ACB878}
[2012.06.28 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6948E03B-36B9-4D13-B43D-AEAD4EBCEE93}
[2012.06.28 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{793CC5A8-BCE0-4C8E-A6D2-A3DD3377CB4D}
[2012.06.28 00:28:14 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3B5AAE5B-9156-49D8-B358-CF53781DC592}
[2012.06.27 12:27:48 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3A9D373A-8A0F-4F49-81E1-C9D333850AD1}
[2012.06.27 12:27:25 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B4F3E9DD-66C9-4D8A-93A8-D6B1860675AC}
[2012.06.27 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6EC9CB51-EA3C-4121-828D-9873B309032D}
[2012.06.26 12:26:23 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{0290C2F6-2C58-4E01-9E58-C336A075492D}
[2012.06.26 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1567F5AB-49CA-487D-A4AB-3C0A2C99A353}
[2012.06.26 00:05:44 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{81B2E945-8A6B-4473-ADB0-E700A236DFA3}
[2012.06.26 00:05:22 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{58A7E178-2BDE-4CFE-B096-A5F12D2190B3}
[2012.06.25 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5F17E988-C551-4B32-A494-819176A05714}
[2012.06.25 12:04:34 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1EC47CD8-29E7-466F-AEAD-41CEFCA96382}
[2012.06.25 00:04:08 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{C8A7EE48-338B-44A3-AA0C-0A383D9C534E}
[2012.06.24 12:03:32 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9FC2DB11-3944-4C8C-BAE6-950BB8A31DC0}
[2012.06.24 12:03:10 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9C697B9C-ED02-46A3-B5F3-A9585D37DCEB}
[2012.06.23 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{884B6E17-40D1-4755-AD8E-B2DB09583F26}
[2012.06.23 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{05DD38F1-693B-4EC0-816B-34D69DF084D3}
[2012.06.23 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{AF4F763A-9528-45FE-8837-8FB6A04B354D}
[2012.06.23 00:05:46 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{E1D7AD69-0AAF-420D-9546-B240367C8963}
[2012.06.22 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5EBAC6CF-B8F8-4C67-9ADF-119635F1E778}
[2012.06.22 11:14:46 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EEE17D6B-24F4-467B-B9FF-03AE5D3FA6E8}
[2012.06.21 23:14:20 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{22ED94E9-C876-453F-AC45-48531A4BC0AD}
[2012.06.21 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F4644D70-56A1-4CB5-9233-9891E8DF874A}
[2012.06.21 18:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.06.21 18:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.06.21 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012.06.21 11:13:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{24619B04-7F73-49F0-9C58-ADB92BBB0C68}
[2012.06.21 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{43A2E4D8-0D45-4BE4-B95B-6C5A68CE51FD}
[2012.06.20 23:12:49 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5673C260-3EEE-4373-BF05-3606014964D3}
[2012.06.20 23:12:27 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5E836921-185E-48A5-AE8F-7F7C7C44C657}
[2012.06.20 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B3242C6A-17FC-46F4-BF5B-ADA10DA368ED}
[2012.06.20 11:11:51 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9CCBBFBB-BC79-4C6F-8AA1-DAF1AC7B6D73}
[2012.06.19 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9CFB8B08-4D4C-41FE-97D8-75E1EEE61512}
[2012.06.19 23:11:03 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EA7FC37B-D87A-4EAD-ABDF-68FEE9CF899B}
[2012.06.19 11:10:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{DEED303B-44CE-4F31-9675-A7EF0E3E3D36}
[2012.06.19 11:10:11 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{DC976B8B-BBC2-43C0-9BF5-AC94C3A85529}
[2012.06.18 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{102ED38C-8EEF-4FFA-8FCF-754602EF8241}
[2012.06.17 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{49FD7215-497D-40A0-8B4A-160E478F23DD}
[2012.06.16 14:08:08 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EBF83EFA-6CB1-42BA-8C11-D0C378749937}
[2012.06.15 23:48:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A2826A5E-C8F7-4183-B653-8BB455155305}
[2012.06.15 11:19:52 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{7C65FC9F-C7BB-4046-B7DA-A1BE73B1AB9D}
[2012.06.14 23:19:26 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{226E2117-5B8D-4C57-AD6E-74D5C2E89270}
[2012.06.14 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A006566A-5A76-4E54-9D90-CCE41AA53086}
[2012.06.14 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{C359FB31-F14D-4EA7-AD24-E95F96D5E630}
[2012.06.14 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{7CC1F987-040F-4FC9-A833-D51FE80F32CC}
[2012.06.14 10:39:21 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\Macromedia
[2012.06.13 23:17:49 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{CAD59F5F-23D4-4D4D-9570-1F13330C6516}
[2012.06.13 23:17:26 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{8F8627CC-2A1A-4B63-9B28-4B6D0591EAFC}
[2012.06.13 09:10:09 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9058E0C3-4118-48B4-BB34-000FA3669C36}
[2012.06.13 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{8A440979-1489-4048-999B-1713F31BF935}
[2012.06.12 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{712347C7-FD32-4691-AD3C-3079303D6090}
[2012.06.12 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3D8E91E7-14D2-4EA3-B912-27C2A910103B}
[2012.06.11 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{61393C92-1F35-43CD-8B69-88F151CFDF3F}
[2012.06.11 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{46AC2C61-7B2E-473E-9D6D-6150DF0DF451}
[2012.06.11 11:02:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5BE7F0BE-6CAD-450B-B298-0B12505F1103}
[2012.06.11 11:02:07 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{2FBAC24B-4D83-411E-88B4-D8CA256EE1CF}
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.10 23:11:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.10 23:10:15 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 23:10:15 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 23:03:14 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.10 23:02:36 | 000,297,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 23:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 23:01:57 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 23:00:08 | 000,000,188 | ---- | M] () -- C:\Users\OgerMarcel\defogger_reenable
[2012.07.10 22:53:07 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.10 19:21:48 | 000,003,744 | ---- | M] () -- C:\bootsqm.dat
[2012.07.10 15:08:34 | 000,000,206 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150829.reg
[2012.07.10 15:08:18 | 000,000,398 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150815.reg
[2012.07.10 15:08:03 | 000,010,690 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150754.reg
[2012.07.10 15:04:37 | 000,207,080 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150429.reg
[2012.07.09 11:12:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001UA.job
[2012.07.08 23:12:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001Core.job
[2012.06.30 18:20:33 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.30 18:20:33 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 18:20:33 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 18:20:33 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 18:20:33 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.21 17:05:53 | 000,047,104 | ---- | M] () -- C:\Windows\SysWow64\KMVIDC32.DLL
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.10 23:00:07 | 000,000,188 | ---- | C] () -- C:\Users\OgerMarcel\defogger_reenable
[2012.07.10 22:28:58 | 003,444,736 | ---- | C] () -- C:\Users\OgerMarcel\Documents\dd-wrt.v24-14896_NEWD-2_K2.6_mini.bin
[2012.07.10 22:28:58 | 001,021,732 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2045.JPG
[2012.07.10 22:28:58 | 001,012,497 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2043.JPG
[2012.07.10 22:28:58 | 001,000,084 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2044.JPG
[2012.07.10 22:28:58 | 000,979,266 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2042.JPG
[2012.07.10 22:28:58 | 000,207,080 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150429.reg
[2012.07.10 22:28:58 | 000,175,663 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Yello Strom Classic Auftrag.pdf
[2012.07.10 22:28:58 | 000,072,936 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Unbenannt.jpg
[2012.07.10 22:28:58 | 000,056,314 | ---- | C] () -- C:\Users\OgerMarcel\Documents\haus.ots
[2012.07.10 22:28:58 | 000,021,356 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Wohnungsbewerbung-Harnackstr..odt
[2012.07.10 22:28:58 | 000,020,960 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Lebenslauf1.odt
[2012.07.10 22:28:58 | 000,020,813 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Documents.rar
[2012.07.10 22:28:58 | 000,016,008 | ---- | C] () -- C:\Users\OgerMarcel\Documents\lebenslauf-scheisse.odt
[2012.07.10 22:28:58 | 000,015,740 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-pflege elshoff.odt
[2012.07.10 22:28:58 | 000,015,585 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-office.odt
[2012.07.10 22:28:58 | 000,015,550 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-wagner.odt
[2012.07.10 22:28:58 | 000,015,398 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-TLS-Unna.odt
[2012.07.10 22:28:58 | 000,015,343 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-stockey.odt
[2012.07.10 22:28:58 | 000,015,213 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-scheisse.odt
[2012.07.10 22:28:58 | 000,013,330 | ---- | C] () -- C:\Users\OgerMarcel\Documents\eigenbemühungen.ods
[2012.07.10 22:28:58 | 000,010,690 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150754.reg
[2012.07.10 22:28:58 | 000,002,300 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Neue Datenbank.odb
[2012.07.10 22:28:58 | 000,001,190 | ---- | C] () -- C:\Users\OgerMarcel\Documents\tr2a6zqgc0ciq.png
[2012.07.10 22:28:58 | 000,000,910 | ---- | C] () -- C:\Users\OgerMarcel\Documents\trcqlxw3udyi.png
[2012.07.10 22:28:58 | 000,000,398 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150815.reg
[2012.07.10 22:28:58 | 000,000,206 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150829.reg
[2012.07.10 22:28:57 | 000,306,326 | ---- | C] () -- C:\Users\OgerMarcel\Documents\2650gross.jpg
[2012.07.10 22:28:57 | 000,018,488 | ---- | C] () -- C:\Users\OgerMarcel\Documents\AMT-Jobvorschläge.odt
[2012.07.10 22:28:57 | 000,015,591 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-essenaufrädern-DRK.odt
[2012.07.10 22:28:57 | 000,015,546 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-getränke.odt
[2012.07.10 22:28:57 | 000,015,520 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-meyermenü.odt
[2012.07.10 22:28:57 | 000,015,409 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-essenaufrädern.odt
[2012.07.10 22:28:57 | 000,015,398 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-DP-Druck.odt
[2012.07.10 22:28:57 | 000,015,277 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-nowda.odt
[2012.07.10 22:28:57 | 000,015,037 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Amt-Hopster.odt
[2012.07.10 22:28:57 | 000,014,971 | ---- | C] () -- C:\Users\OgerMarcel\Documents\AMT-STUDIUM.odt
[2012.07.10 19:21:48 | 000,003,744 | ---- | C] () -- C:\bootsqm.dat
[2012.06.21 18:43:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Reloaded
[2012.06.21 16:56:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL
[2012.04.07 18:43:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.11 15:51:01 | 000,002,048 | -HS- | C] () -- C:\Users\OgerMarcel\AppData\Local\{bd27be65-8027-20d2-b52a-e15451516d4b}\@
[2011.11.10 05:32:32 | 000,007,606 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\Resmon.ResmonCfg
[2011.11.02 20:19:19 | 000,000,000 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\{5A553A5A-69DF-4325-AE53-E2084A033548}
[2011.11.02 20:17:28 | 000,000,000 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\{5866E8F8-27C5-41DB-B6FC-42F1EDBF9A94}
[2011.10.28 16:32:56 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.30 22:59:27 | 000,000,604 | ---- | C] () -- C:\Windows\Sof2.INI
[2010.12.13 22:50:09 | 000,032,647 | ---- | C] () -- C:\Users\OgerMarcel\bookmarks-2010-12-13.json
[2010.11.25 18:10:56 | 000,000,098 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\fusioncache.dat
[2010.11.25 18:10:01 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.08 02:09:08 | 000,077,527 | ---- | C] () -- C:\Users\OgerMarcel\18.jpg
[2010.11.08 02:09:08 | 000,070,313 | ---- | C] () -- C:\Users\OgerMarcel\19.jpg
[2010.11.08 02:09:08 | 000,065,592 | ---- | C] () -- C:\Users\OgerMarcel\15.jpg
[2010.11.08 02:09:08 | 000,058,719 | ---- | C] () -- C:\Users\OgerMarcel\16.jpg
[2010.11.08 02:09:08 | 000,058,290 | ---- | C] () -- C:\Users\OgerMarcel\17.jpg
[2010.10.18 14:47:45 | 000,000,369 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Roaming\burnaware.ini
[2010.10.07 16:27:58 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010.09.27 03:29:46 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.09.27 03:11:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.09.27 03:06:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.27 03:00:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.27 02:42:18 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini
[2010.09.27 02:42:17 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\AudioExCtl.dll
 
========== LOP Check ==========
 
[2012.02.13 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\2K Sports
[2012.07.10 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\DAEMON Tools Lite
[2011.01.17 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\HEM Data
[2011.07.15 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\HoldemManager
[2011.06.06 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\ImgBurn
[2010.09.27 02:44:12 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Leadertech
[2012.01.08 20:42:26 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\ManyCam
[2010.11.04 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Microgaming
[2011.08.19 00:31:30 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Miranda
[2010.10.01 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Octoshape
[2010.10.14 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\OpenOffice.org
[2011.07.10 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\PC Suite
[2012.04.07 18:41:41 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\QuickStoresToolbar
[2010.10.25 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\RayV
[2012.06.04 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\RIFT
[2011.07.10 16:04:25 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Samsung
[2011.12.11 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\StreamTorrent
[2010.12.30 05:58:25 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\TeamViewer
[2010.09.27 03:11:04 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Thunderbird
[2012.07.10 23:12:15 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\TS3Client
[2010.10.25 22:55:03 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\UB
[2012.07.10 23:12:15 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\uTorrent
[2012.07.08 23:12:00 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001Core.job
[2012.07.09 11:12:01 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001UA.job
[2012.06.06 10:49:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 10.07.2012 23:05:06 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\OgerMarcel\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,52% Memory free
7,99 Gb Paging File | 5,96 Gb Available in Paging File | 74,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,70 Gb Total Space | 121,47 Gb Free Space | 35,55% Space Free | Partition Type: NTFS
Drive D: | 123,96 Gb Total Space | 32,10 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
Drive E: | 7,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARCEL | User Name: OgerMarcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E2BF37-B388-4612-A7B6-5532C83A9F39}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{108A0D76-DF6D-4A59-87F2-A50A6534ADDD}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{17BC90A2-E446-4A95-89BD-750061F6C9F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{183413D5-A4C1-4C08-AD4C-522AA3F3A315}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1FED0522-114B-45E5-A0DD-61BAE221AD88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22666833-8BF8-4C29-85B0-FF3E145DC97E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{292E5767-CF98-4BAB-8377-FB180E7A523A}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{2940043B-575D-4D7A-B276-D4AC00EB23FF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2AFCE3D6-618C-4BBD-A829-A9F6DD08538B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3D3885A2-3B8A-408E-83AA-8D29F5187CAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F3B098B-A0CF-47E5-B007-F820EF27C9DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{515BE663-A36B-45B4-B75A-5EF8CBA56D94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52A048F0-48F9-4B7C-A3F3-B78B050D2520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5BD5FF95-FF43-4C16-9BC4-D7CAF2341C71}" = lport=445 | protocol=6 | dir=in | app=system | 
"{61AC0BAB-84BD-4835-8B70-A47CA88621E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{69B10AAC-A535-48E2-92E3-867E1FA04C36}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6A1E9DEE-BE93-436F-BB14-EC62AA85F582}" = lport=137 | protocol=17 | dir=in | app=system | 
"{73C526B2-EBD9-40AD-AAAB-87F15191DF1D}" = lport=57753 | protocol=6 | dir=in | name=pando media booster | 
"{79834185-F5FB-494F-9216-2A829B472F09}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8E7BD9B5-36DE-4392-9DBB-63C80DDAFF22}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9205FD86-C1CD-412E-8724-072DD228D939}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C95D5D7-F2FA-4DDA-8DAA-971FD80144DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A4D2FE54-A22C-4B9B-A21B-5DE3DBA7B698}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABC5FA68-A8ED-4123-9AE5-A908444183EC}" = lport=57753 | protocol=17 | dir=in | name=pando media booster | 
"{B5148835-B612-43F7-91B0-AB21620E837C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B7655FB5-6543-4184-8421-71F655169DB4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B93760D2-92E6-4786-8CD5-699047B13473}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BD20FDB7-FBB5-4735-B3AC-83C5F65AFDE0}" = lport=57753 | protocol=17 | dir=in | name=pando media booster | 
"{C23498A4-4B72-4724-BD3E-C7DC534F16EF}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{C55F2BDF-00E3-4EBE-AAEE-AAB511A580E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9482DC9-202E-4749-98DB-1CD80F92772C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA364454-F2DE-4F0F-B0C0-37168F3D5EC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE577911-8C84-491D-B279-CE7EE98C45FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2B9E9FD-ECA7-463F-AD8B-690792837622}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D72C7F2C-4604-475C-AB2C-0ED9E2D3D9FB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DBD301CA-6FAC-465D-8BFF-C0CB0897326D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E5BB9E14-7CF0-4CD4-920C-990E16D8B9C6}" = lport=57753 | protocol=6 | dir=in | name=pando media booster | 
"{E7450B79-2E56-4ED5-A540-2AE898762902}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{F607DA7C-B4CD-4E76-AB1A-75559B81B5E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8D8A0B6-0E2E-4BEA-9C0E-CE045584BCB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC6B1642-DDBA-457B-9D3D-937440239880}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FD52125B-2A51-4993-BEB4-93B1613814B9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FF75B019-9812-4AB1-9517-C3D01E6545EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D23DB4-5592-47C1-9E81-89AE9D2B3972}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{03390B2E-BC21-4EF5-A88F-D6E89CB337FA}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe | 
"{059D5845-AB25-441D-BD69-1FFF08FEE08A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{09F892A8-4531-48E9-B116-2CD3805E5BEB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{0CDE9B08-8E0E-49DC-A215-0E9F56929591}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F124315-4AAA-4612-A1CA-B62CD4DA5566}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{22A3FBBA-FFCE-4C3B-99FC-1175E47407AC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{241B0DCD-FBA6-4DFB-AE50-E09F26CA4541}" = protocol=6 | dir=in | app=c:\program files (x86)\tower gaming poker\pokerclient.exe | 
"{2DC9FAC9-F847-4AA2-9DD0-B7FA25D182DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{30D98E2A-C54A-4B86-A350-29A884A3481F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3137E59B-630E-4B2F-9AC5-5D427A949E8B}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{34A8A8DC-5457-4037-B74C-E1C8E66C6410}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3B84BE1B-B579-4217-9003-4FDEA45D8B36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{417419D0-860A-4314-8E6A-1E28732A00CB}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{4509C6D5-11E6-44C1-97C3-585012E7AA06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4745772C-B1B7-4FCC-84C4-1EFE123D8910}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{4751BD41-58BE-4ADD-B081-36EA216D7BDF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{47818265-D91E-414E-B9BF-FFD0D8BB11C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{495659D5-CB78-4BB9-A5BB-D7AC40A59D74}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{4C80649A-677F-4C16-B3B8-3CD8A3818FCD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{4FF20123-4654-4FB9-B9A7-BE51CEBF7B53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{50443549-7F62-43BF-AE21-D8AE5AFDAAE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{552C7A79-D373-4D85-9EE1-D2A506E10105}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58E4AA64-9471-443E-844E-AA572CA0CC62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C841C4E-8AEC-4A10-88FB-75EE83B5DEF2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{5CEE17E5-6BC4-4566-98B0-017E35235408}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\counter-strike source\hl2.exe | 
"{5CF14F07-1CB6-42C8-A414-A1C9581CB3DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe | 
"{5D5DBA66-F822-43D5-AE8B-AE9F03922231}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{5EE35C10-6B68-44F3-9144-59E176CBE30C}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe | 
"{604B7582-0C77-406B-8CE5-1AF5A4A7321E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{60885A34-B970-4BE6-9B72-37CA7979CAF4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{6B1D1D28-DEDC-42DF-8B8D-E97EF225B08E}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe | 
"{6BB54038-8BFA-4001-A70B-704605B8E6A9}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\counter-strike source\hl2.exe | 
"{6F5788CF-7B1F-42DD-92B9-9E627964B4CC}" = protocol=17 | dir=in | app=c:\games\diablo iii beta\diablo iii.exe | 
"{72882FB0-5774-4CA7-BCFB-34B25F24D8E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{72D69313-2DB8-4912-AB02-61764197C8F0}" = dir=out | app=%systemdrive%\games\maxpayne3\maxpayne3.exe | 
"{784B4171-16F9-4A0B-B151-B2470F956EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7AA05738-B851-45CE-91A0-80E8B74478F9}" = protocol=58 | dir=in | app=system | 
"{7C9798A4-B150-423B-8F1E-051E0673D342}" = protocol=6 | dir=out | app=system | 
"{7F0ED362-80B0-4320-9C1F-574FFDB4EF36}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{81D77AE9-FF59-4724-BC1F-6274A6620AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{897184E8-A220-411F-B1B6-4FA1AD7C8284}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | 
"{8AC8B6DD-4033-4097-916C-88DEC4DB4844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{916B9E29-7F2A-4501-8B45-71C85AEF6BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{92D3E77A-ED8B-45A0-BD85-671E4D3C41AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{96E90E0B-62F8-4E72-BBC5-0E44A4A729EC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{96F14DA8-D5F1-4459-AD78-858CC84410D0}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{A21484D3-EF7E-4F2A-9AE9-D4D78E65CDFD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A2852D56-A787-4967-9A3A-0D752549AB7A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A97A8E48-9009-47DD-BB9B-4FBA3702B09F}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{A9B79863-43E8-4FF9-B455-D30736DAD232}" = protocol=6 | dir=in | app=c:\games\diablo iii beta\diablo iii.exe | 
"{AA5686B5-E505-40C7-9088-1BF0957DEEF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AB3FC1D8-4B7B-4651-AB06-5A63052C476E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{ACBC5910-7DF8-4CF8-B40C-D7C1F857446F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B420919D-C6A2-465D-85AD-81C8104A693A}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B44B1085-7166-40C9-A563-A18C1817AEA0}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B6ECAE48-D2F5-4CF8-A4F2-150C927E3479}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe | 
"{BAC9256A-6820-47A4-AAF6-3765AC181244}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD19BE8A-2EBD-4615-B558-B270B35D1183}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF398395-D005-471A-AC58-7A13862117DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C014BB43-636F-4494-A4A3-20CA6B1D1CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{C12F100C-4CB3-4541-A229-72960DDAB87F}" = protocol=17 | dir=in | app=c:\program files (x86)\tower gaming poker\pokerclient.exe | 
"{C538C8AE-356D-4EDF-BD74-5C69F77024E4}" = dir=in | app=%systemdrive%\games\maxpayne3\maxpayne3.exe | 
"{CDC8D446-76EC-4645-8A6C-E964D8224BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{D3CE11D6-801D-4E8E-9C5E-21AD23E8A6DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D5BB9B96-36A1-467C-BC3D-4B477FDB990B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{D807927A-D8D9-452E-88DA-B5C5CE2D68EA}" = dir=in | app=c:\users\ogermarcel\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{D9D85CD4-8C5B-4B4E-9862-DA1C65B21FB1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe | 
"{DB58CBAE-3B53-4B5B-B134-FE8704692175}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E0895A01-88B6-4A0E-8C62-DFD05B228696}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E0C4A5B9-E1AC-415D-AC76-136025639A0D}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{E22B72B7-CCB2-4121-A2D8-4FD4BC738A5C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | 
"{E3186AB9-3A44-4895-A3E7-51E6C0D9BB37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E847200E-0870-4F6F-AABA-7B9F46A100BD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{ED0664AA-E72E-40D6-8A83-679B97287074}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED10AD4D-EC0E-4355-9A49-9CF9A8BE0B29}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{F038574D-76E7-42DE-8FE9-534F41A9DDCD}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe | 
"{F1A42A79-25D5-4F39-B080-2169CC6AB506}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{F636E079-CCFB-4807-B086-D7452A694D3A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F6C9395A-9CBA-499F-AC35-466BEBBD15D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{F7844FD8-9DF4-4634-AD30-749D6A335227}" = dir=out | app=%systemdrive%\games\maxpayne3\playmaxpayne3.exe | 
"{F9C83DC6-5A3A-455A-8CBB-9BA6D6783B2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB17EB96-934C-45D8-A465-4FC82F09B6B6}" = dir=in | app=%systemdrive%\games\maxpayne3\playmaxpayne3.exe | 
"{FE558BE3-3631-44D5-967B-614F9AFE56B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe | 
"TCP Query User{05195E44-C8BE-4C01-857B-111724FD7CC6}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe | 
"TCP Query User{06AD323F-F441-41E6-87F5-57659509A009}C:\games\soldier of fortune ii - double helix\sof2mp.exe" = protocol=6 | dir=in | app=c:\games\soldier of fortune ii - double helix\sof2mp.exe | 
"TCP Query User{1628E82F-F6AC-4668-A705-17B080341619}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe | 
"TCP Query User{1EF523D4-F6E6-4E06-A19F-785CF7352C72}C:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe | 
"TCP Query User{1FF1B1EE-16C9-472F-8B4F-CB9A18E9AED9}C:\games\worms2\frontend.exe" = protocol=6 | dir=in | app=c:\games\worms2\frontend.exe | 
"TCP Query User{28F04A16-8FD5-4B05-A203-48776177CB07}C:\games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\games\max payne 3\maxpayne3.exe | 
"TCP Query User{46812557-43D3-4DCD-81A3-63822CFC1B26}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{4C840089-2E96-45FE-8077-334A224CB67C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{4F9597F4-D955-4DBF-8F5C-3F25A1C23CBB}C:\games\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe | 
"TCP Query User{52229B57-BBC8-4D25-BA7C-2626E5ABEF8E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{55DAD86D-1E60-4AAB-AF5E-455D5B00574A}C:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{5A91186F-6854-4463-A4F3-EFECD606889E}C:\games\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\games\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{5B9309AE-85EB-4C64-9978-691D3F796A85}C:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{5F2A5C82-AD1A-4C69-8FDC-BB22D677BBE7}C:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{6887B193-2B2A-48F5-8B38-2EB81D5A570E}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"TCP Query User{689B1717-3576-4DEF-BA3B-BB0498894250}C:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{6C615415-9F05-4653-A863-97273C5FAF5D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{72CD889E-BEE1-49E8-8E1C-89564DD2F10F}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{731A6F14-E752-4FDA-A3EF-57A79A7F14D3}C:\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{7C90968C-89D1-49C5-90E9-14D334FEFB7C}C:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{7D66F20B-B35E-4140-BFFE-7544F2CC988F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{82939050-8CFD-453B-BB11-A438475CFD85}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{88AAA5B6-73EA-49EF-8274-CD7BE65CF132}C:\games\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=c:\games\nba 2k12\nba2k12.exe | 
"TCP Query User{89901D65-05E8-4BB1-842D-9FBEC9C08FFA}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{8F1C4BFE-1CA1-43F9-9EFE-77C0E64A8730}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{911E9664-FF13-40DA-84A3-7B8FA13EDF39}C:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\betatest\retailclient\swtor.exe | 
"TCP Query User{A735055B-BA27-46F1-9FC8-4B2C044EE08D}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"TCP Query User{AC2E3591-5C79-4D49-A42A-CEDB9A834095}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe | 
"TCP Query User{AE025263-B1EE-4D2B-8918-F6EF183D241B}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{AEEB4F39-9F44-4A23-9A60-6668B5CDD11F}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{B92C600E-C71A-4E42-BFC8-F3DE147C2652}C:\games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\games\age of empires ii\empires2.icd | 
"TCP Query User{C0CD1C3A-D620-4A67-A689-67D7FD2AA80F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{C1047094-6B5C-4866-AA70-409FDD86541E}C:\games\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\games\call of duty - black ops\blackops.exe | 
"TCP Query User{C4C7DC30-FC67-4AFC-A437-420DF506AF1D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{CAB25505-60C7-405C-9831-EDEDDDB8748A}C:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{CAE8457B-BC33-4E3F-9134-9C87861B5727}C:\games\unreal tournament 2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\games\unreal tournament 2004\system\ut2004.exe | 
"TCP Query User{CF0963B7-CB13-4186-92AE-6C3AA121D9EE}C:\games\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\games\fifa 11\game\fifa.exe | 
"TCP Query User{DCBF05A5-F09F-4695-B9D3-F1E832FE95D6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{DF661361-FA9B-423E-91E3-B13B911B9DFC}C:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{E79CB464-77A3-4AF1-8C77-A2B94A053FB8}C:\games\soldier of fortune ii - double helix\nx3mp.exe" = protocol=6 | dir=in | app=c:\games\soldier of fortune ii - double helix\nx3mp.exe | 
"TCP Query User{F3A60B8D-DEC1-4A27-8FC2-861F8F7F70E2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{F3CEAE30-8DE2-4207-8BC3-01F587191C6F}C:\games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\games\fifa 12\game\fifa.exe | 
"TCP Query User{F46A4780-2A75-40E3-8A75-8E843C6379DF}C:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{FF0253A3-87D4-4092-8FE6-A3C85392CC29}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe | 
"UDP Query User{0E993B85-1FF2-4F2D-8FD3-D2970128428A}C:\games\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=c:\games\nba 2k12\nba2k12.exe | 
"UDP Query User{15E76E8B-C783-4F3C-85C1-1771523EFD18}C:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{19101114-4562-45C4-9BCC-A6442A12B690}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"UDP Query User{3477C1F0-EDC3-4CB0-9AAC-EFEFAD956810}C:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\betatest\retailclient\swtor.exe | 
"UDP Query User{38BF705E-E0C1-4C2C-85B4-67FFBAEB0A0E}C:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{3DAFC4E1-3642-4FF8-958D-FB95BD52FE85}C:\games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\games\fifa 12\game\fifa.exe | 
"UDP Query User{4A6DAE6E-5050-4292-BE47-42C8E59C9953}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{4DCB21A0-7422-457F-A85B-7CC1124CD004}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe | 
"UDP Query User{4E299BE6-0335-4794-A206-464AF9EDAFF5}C:\games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\games\age of empires ii\empires2.icd | 
"UDP Query User{5944E1E1-5799-4BF6-9232-02EF565C3473}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe | 
"UDP Query User{5A78CE26-C4FD-4130-8DF2-7628A7351D74}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{5CF6A826-99AF-4817-9258-B49FE22BED97}C:\games\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\games\fifa 11\game\fifa.exe | 
"UDP Query User{5E8C91D4-D03E-4E24-94E9-02300C1D1312}C:\games\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe | 
"UDP Query User{6877BC4E-F792-4930-8F5D-0861821AF539}C:\games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\games\max payne 3\maxpayne3.exe | 
"UDP Query User{77413C77-B3D3-4042-A8D3-64998944696B}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{77F4CFCB-F964-4090-8810-6A5A92286F61}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{78AFD076-954F-47BE-9A49-D4A82E8E8A0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{7B991801-B541-49EC-B67F-6444EFB9EB01}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{7CE7BA22-402D-4E16-97CE-841893B25EDC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{7FB0EAE5-011D-4E5F-A179-FCD82B706B01}C:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{84ECE3B3-168C-4B4E-AE78-C684CDD7AA48}C:\games\soldier of fortune ii - double helix\sof2mp.exe" = protocol=17 | dir=in | app=c:\games\soldier of fortune ii - double helix\sof2mp.exe | 
"UDP Query User{884D7EF1-A72D-4303-9BD2-334429C2E563}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe | 
"UDP Query User{930047A6-8CC5-489A-ACC2-E77C24C4EB2D}C:\games\unreal tournament 2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\games\unreal tournament 2004\system\ut2004.exe | 
"UDP Query User{94D20F02-B41E-4994-B153-3A8B213E3EA3}C:\games\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\games\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{99B9CEFA-DD25-484D-80E5-2BFB6FDCE6D3}C:\games\soldier of fortune ii - double helix\nx3mp.exe" = protocol=17 | dir=in | app=c:\games\soldier of fortune ii - double helix\nx3mp.exe | 
"UDP Query User{9A50D844-F668-4820-B161-6C1F29BFCF22}C:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{9C8A0663-0111-494F-B9E2-076F54F0DA3B}C:\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{9E76899F-94AD-4BC7-8D0A-F9BD4DEBB624}C:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{A57E783E-D3BF-427F-8CEA-E04301357E62}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{B6944841-11DE-48C9-9311-D519F2522252}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"UDP Query User{B696F696-F980-448B-815B-072F4562C3F5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{BAB31386-C5B8-4B48-A866-F1D688ED9279}C:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{C1B9687C-2122-402E-8065-8FC06E28ABA5}C:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{C861A458-399F-4921-AD73-7984A22DED02}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{CB176EEE-AC8B-47CA-894D-EF4559E28D95}C:\games\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\games\call of duty - black ops\blackops.exe | 
"UDP Query User{CEE4987E-B84F-484A-B86A-6338928782EB}C:\games\worms2\frontend.exe" = protocol=17 | dir=in | app=c:\games\worms2\frontend.exe | 
"UDP Query User{D2902547-1F8A-4210-B81F-470B60BF7FC4}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{D7AD1882-E62C-478E-B041-9FFFE4B2F515}C:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{E3ED2886-CA02-432A-A041-939D03C817AE}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe | 
"UDP Query User{E422E569-D6C0-467F-9C23-7AF97BC62FB8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{F03D2A7D-DEF9-4EF9-A029-7F8027F28E93}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{F448AAC1-1D53-4529-88CB-8B2B410AEFAB}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{F4AC2CF6-95FB-4AEE-9BD3-1B3A6C33B96E}C:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe | 
"UDP Query User{FB2615FD-08A9-45F2-80B5-0E731D33DAE6}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HoldemManager" = Holdem Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1E0A19B6-6AA5-4805-8FDD-E7917C308CD4}_is1" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3618069-84A2-4767-9855-463C971C1959}" = ASUS RT-N10 Wireless Router Utilities
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BurnAware Free_is1" = BurnAware Free 3.3
"DivX Setup" = DivX-Setup
"EA Installer.-212306957" = EA Installer
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"hon" = Heroes of Newerth
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Miranda IM" = Miranda IM 0.9.39
"MJuiceWinamp" = Mjuice Components
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RedKings Poker_is1" = RedKings Poker
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Whitebet Poker_is1" = Whitebet Poker
"Winamp" = Winamp (Remove Only)
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UB" = UB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.07.2012 14:41:41 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 20:41:41 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 15:35:28 | Computer Name = Marcel | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12ac    Startzeit:
 01cd5ed2d7a282e5    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
 3\program\soffice.bin    Berichts-ID: 4e0ca26f-cac6-11e1-b994-1c6f654655d4  
 
Error - 10.07.2012 16:13:39 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:13:39 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 16:13:40 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:13:40 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 16:15:40 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:15:40 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 16:23:16 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:23:16 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 17:02:55 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:55 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 17:02:56 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:56 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 17:02:57 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:57 CESTFATAL:  the database system is starting up

 
Error - 10.07.2012 17:02:59 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:59 CESTFATAL:  the database system is starting up

 
[ System Events ]
Error - 10.07.2012 14:51:00 | Computer Name = Marcel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 10.07.2012 16:13:26 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Avira Planer erreicht.
 
Error - 10.07.2012 16:13:26 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 10.07.2012 16:13:27 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Avira Echtzeit Scanner erreicht.
 
Error - 10.07.2012 16:13:27 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Avira Planer erreicht.
 
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Avira Echtzeit Scanner erreicht.
 
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 10.07.2012 16:15:33 | Computer Name = Marcel | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
 
< End of report >
         
Avira Log
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 10. Juli 2012  22:26

Es wird nach 3859198 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : OgerMarcel
Computername   : MARCEL

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  01.05.2012 22:48:48
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL       : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.07.2012 20:25:43
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 20:25:41
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 20:25:41
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 20:25:41
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 20:25:41
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 20:25:41
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 20:25:41
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 20:25:41
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 20:25:41
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 20:25:41
VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 20:25:41
VBASE015.VDF   : 7.11.35.19    122368 Bytes  04.07.2012 20:25:41
VBASE016.VDF   : 7.11.35.87    146944 Bytes  06.07.2012 20:25:41
VBASE017.VDF   : 7.11.35.143   126464 Bytes  09.07.2012 20:25:41
VBASE018.VDF   : 7.11.35.144     2048 Bytes  09.07.2012 20:25:41
VBASE019.VDF   : 7.11.35.145     2048 Bytes  09.07.2012 20:25:41
VBASE020.VDF   : 7.11.35.146     2048 Bytes  09.07.2012 20:25:41
VBASE021.VDF   : 7.11.35.147     2048 Bytes  09.07.2012 20:25:41
VBASE022.VDF   : 7.11.35.148     2048 Bytes  09.07.2012 20:25:41
VBASE023.VDF   : 7.11.35.149     2048 Bytes  09.07.2012 20:25:41
VBASE024.VDF   : 7.11.35.150     2048 Bytes  09.07.2012 20:25:41
VBASE025.VDF   : 7.11.35.151     2048 Bytes  09.07.2012 20:25:41
VBASE026.VDF   : 7.11.35.152     2048 Bytes  09.07.2012 20:25:41
VBASE027.VDF   : 7.11.35.153     2048 Bytes  09.07.2012 20:25:41
VBASE028.VDF   : 7.11.35.154     2048 Bytes  09.07.2012 20:25:41
VBASE029.VDF   : 7.11.35.155     2048 Bytes  09.07.2012 20:25:41
VBASE030.VDF   : 7.11.35.156     2048 Bytes  09.07.2012 20:25:41
VBASE031.VDF   : 7.11.35.194    92160 Bytes  10.07.2012 20:25:42
Engineversion  : 8.2.10.108
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 20:25:43
AESCRIPT.DLL   : 8.1.4.32      455034 Bytes  10.07.2012 20:25:43
AESCN.DLL      : 8.1.8.2       131444 Bytes  16.02.2012 16:11:36
AESBX.DLL      : 8.2.5.12      606578 Bytes  10.07.2012 20:25:43
AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32
AEPACK.DLL     : 8.3.0.12      807286 Bytes  10.07.2012 20:25:43
AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  10.07.2012 20:25:43
AEHEUR.DLL     : 8.1.4.64     5009782 Bytes  10.07.2012 20:25:43
AEHELP.DLL     : 8.1.23.2      258422 Bytes  10.07.2012 20:25:42
AEGEN.DLL      : 8.1.5.32      434548 Bytes  10.07.2012 20:25:42
AEEXP.DLL      : 8.1.0.60       86388 Bytes  10.07.2012 20:25:43
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 20:25:42
AECORE.DLL     : 8.1.27.2      201078 Bytes  10.07.2012 20:25:42
AEBB.DLL       : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL     : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL     : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  01.05.2012 22:51:35
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  02.05.2012 00:03:51
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Kurze Systemprüfung nach Installation
Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\setupprf.dat
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 10. Juli 2012  22:26

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'agcp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlcomm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avconfig.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mirc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_262.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_262.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'presetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avira_free_antivirus_de.exe' - '1' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Users\OgerMarcel\Downloads\avira_free_antivirus_de.exe>
  [WARNUNG]   Die Datei ist kennwortgeschützt
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OctoshapeClient.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pg_ctl.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\SpeedFan\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '1873' Dateien ).



Ende des Suchlaufs: Dienstag, 10. Juli 2012  22:29
Benötigte Zeit: 02:55 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   2571 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
   2570 Dateien ohne Befall
     25 Archive wurden durchsucht
      3 Warnungen
      0 Hinweise
         

Geändert von Jerichoholic (10.07.2012 um 23:26 Uhr) Grund: Hinzufügen avira log

Alt 11.07.2012, 23:57   #2
markusg
/// Malware-holic
 
TR/Atraps.gen im Windowsordner - Standard

TR/Atraps.gen im Windowsordner



hi
und wo sind die berichte mit den funden?
__________________

__________________

Alt 12.07.2012, 01:14   #3
Jerichoholic
 
TR/Atraps.gen im Windowsordner - Standard

TR/Atraps.gen im Windowsordner



Hm, ich habe leider nur die, da ich sehr planlos an die Sache ranging, und erst gestern das Forum hier fand. Die Sache ist aber schon einen Tag länger her. Die Logs sind aber von den !aktuellen! Scans, ohne Funde. Daher frage ich mich, wie und ob ich sicher gehen kann, ob mein System clean ist, also alles beseitigt. Kann ich an ältere Logs noch rankommen? Denn dummerweise habe ich auch panisch mehrere Scanner probiert, aufgrund von Unerfahrenheit und Unsicherheit mit sowas. Daher auch zB Avira zwischendurch deinstalliert, Avast getestet, und zurück zu Avira. Und zu allem Überfluss noch einen alten Windows Systemwiederherstellungspunkt, von vor dem Befall geladen. (Das alles aber vor den OTL Logs und dem Post hier)
Kann ich da noch was tun, ausser formatieren, um sicherzugehen?
__________________

Alt 14.07.2012, 12:46   #4
markusg
/// Malware-holic
 
TR/Atraps.gen im Windowsordner - Standard

TR/Atraps.gen im Windowsordner



hi
fals du onlinebanking machst, bank anrufen, banking wegen zero access rootkits sperren lassen.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu TR/Atraps.gen im Windowsordner
antivir, autorun, avira, battle.net, bho, black, call of duty, desktop, error, firefox, flash player, format, google earth, helper, iexplore.exe, install.exe, jdownloader, juli 2012, langs, limited.com/facebook, locker, logfile, mozilla, newtab, nt.dll, object, pando media booster, realtek, registry, rundll, scan, searchscopes, security, software, svchost.exe, teamspeak, udp, usb, usb 3.0, verweise, windows



Ähnliche Themen: TR/Atraps.gen im Windowsordner


  1. Entdeckte Infizierte Datei wurde im Windowsordner Entdeckt - einfach löschen?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2014 (3)
  2. überfüllte Festplatte, vermutlich wegen Windowsordner (27gb )
    Alles rund um Windows - 21.03.2013 (4)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  5. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  6. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  7. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  8. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  9. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  10. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  11. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  12. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  16. nwwks.dll 900 Mb groß (nicht im Windowsordner
    Plagegeister aller Art und deren Bekämpfung - 02.10.2009 (3)
  17. Windowsordner ist nun eine exe
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (5)

Zum Thema TR/Atraps.gen im Windowsordner - Hallo, gestern meldete mein Avira einen Fund des Trojaners TR/Atraps.gen. Nach Entfernfunktion trat es wieder und wieder auf. Wenn ich mich recht entsinne war auch Java (Chat) zu jener Zeit - TR/Atraps.gen im Windowsordner...
Archiv
Du betrachtest: TR/Atraps.gen im Windowsordner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.