Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Kazy.20156 seit gestern Abend

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.04.2011, 08:07   #1
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



Jo wie der Titel schon sagt ständig iwelche "festplatte beschädigt" meldungen ect bekommen sowie datein auf dem Desktop und anders wo unsichtbar geworden, allerdings konnte ich das schon durch Ad-Aware beheben, somit bekomme ich momentan nur im sekunden takt eine Meldung von AntiVir das eben TR/Kazy.20156 noch auf meinem Rechner ist und weiß net was ich tuen soll
vielen dank schonmal im vorraus

Alt 22.04.2011, 11:42   #2
markusg
/// Malware-holic
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 22.04.2011, 12:38   #3
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.04.2011 11:46:04 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Blub\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 118,12 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: x | User Name: Blub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Blub\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Lachesis\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Lachesis\OSD.exe (razercfg MFC Application)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Razer\Lachesis\razerofa.exe (Razer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Blub\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe (SiSoftware)
SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys ()
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\DRIVERS\nlndis.sys ()
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\DRIVERS\nlndis.sys ()
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys ()
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys ()
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys ()
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys ()
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys ()
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys ()
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys ()
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys ()
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys ()
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS ()
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS ()
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS ()
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS ()
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS ()
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys ()
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys ()
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.4
FF - prefs.js..extensions.enabledItems: {C8535153-1548-4A71-820D-B219C8B83B00}:1.9.1
FF - prefs.js..extensions.enabledItems: LF@ChaosRing:0.9
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 01:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 01:45:34 | 000,000,000 | ---D | M]
 
[2009.10.04 19:09:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Extensions
[2011.04.21 18:03:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions
[2009.10.04 19:10:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.03 18:00:47 | 000,000,000 | -H-D | M] (Zynga Toolbar) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.03.02 22:30:41 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.02 20:29:38 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.09 16:26:58 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\DTToolbar@toolbarnet.com
[2011.01.17 23:28:59 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\foxyproxy@eric.h.jung
[2011.04.16 18:09:20 | 000,000,000 | -H-D | M] (Lolifox by ChaosRing) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\LF@ChaosRing
[2011.04.16 18:12:17 | 000,000,000 | -H-D | M] (BlackFox V1) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\zigboom@hotmail.com
[2011.04.16 18:09:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\LF@ChaosRing\mozapps\extensions
[2011.03.09 16:25:28 | 000,002,059 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\daemon-search.xml
[2011.04.17 11:24:54 | 000,000,950 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-1.xml
[2010.02.10 15:00:53 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-2.xml
[2010.02.12 14:55:39 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-3.xml
[2010.02.19 22:24:50 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-4.xml
[2010.03.02 22:31:51 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-5.xml
[2010.02.03 15:38:36 | 000,000,947 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin.xml
[2011.04.17 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.12.29 17:32:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.17 14:47:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.21 16:47:03 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\BLUB\APPDATA\LOCAL\{C8535153-1548-4A71-820D-B219C8B83B00}
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Dbedejimijigok] C:\Users\Blub\AppData\Local\pshqlF.dll (Acronis)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [ISUSPM Startup]  File not found
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Octoshape Streaming Services] C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Ojifoxisigih]  File not found
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [uPc+nfdhfngXdaCxl]  File not found
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [uvEWQXCeAJwf]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.193 217.0.43.1
O18:64bit: - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000 Winlogon: Shell - (C:\Users\Blub\AppData\Roaming\hotfix.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\Blub\Pictures\Horrifique 3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blub\Pictures\Horrifique 3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.14 17:56:17 | 000,464,144 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.12.14 17:56:15 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.12.14 17:56:03 | 002,295,296 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.12.14 17:56:03 | 000,000,139 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2316e0f3-a442-11de-b632-001a4d57079e}\Shell\AutoRun\command - "" = E:\PStart.exe
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell - "" = AutoRun
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\directx\command - "" = E:\DirectX\dxsetup.exe
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\{90a17993-f223-11de-ab02-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{90a17993-f223-11de-ab02-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.12.14 17:56:17 | 000,464,144 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{9a55c014-4161-11df-a0a2-001a4d57079e}\Shell\AutoRun\command - "" = E:\PStart.exe
O33 - MountPoints2\{fed5584e-af1e-11dd-9bed-001a4d57079e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe EGWIF1-005.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk -  - File not found
MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON Stylus D120 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATICCE.EXE ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\valve\steam\steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A81F05CA-1201-3755-1908-6B91DE046902} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {DC96EB4F-0A67-5C55-6674-784171D07270} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 07:57:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Blub\Desktop\OTL.exe
[2011.04.22 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\Blub\AppData\Roaming\Malwarebytes
[2011.04.22 07:36:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.22 07:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.22 07:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.22 07:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.22 07:33:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Blub\Desktop\mbam-setup.exe
[2011.04.21 18:23:23 | 000,000,000 | ---D | C] -- C:\Users\Blub\AppData\Local\Sunbelt Software
[2011.04.21 18:22:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.04.21 17:50:49 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Blub\Documents\Tunngle
[2011.04.21 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\Tunngle
[2011.04.21 17:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.04.21 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2011.04.21 17:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011.04.21 17:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2011.04.21 16:47:02 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Local\{C8535153-1548-4A71-820D-B219C8B83B00}
[2011.04.21 16:30:06 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Local\SKIDROW
[2011.04.18 07:03:24 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\LolClient
[2011.04.17 22:27:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011.04.17 22:27:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011.04.17 22:27:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011.04.17 22:18:07 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011.04.17 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011.04.17 18:41:40 | 000,000,000 | -H-D | C] -- C:\Users\Blub\Desktop\League of Legends
[2011.04.17 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.04.17 14:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.04.17 14:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.04.16 23:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sven XXX - XS
[2011.04.13 17:39:12 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.13 17:38:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.04.13 17:38:48 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.13 17:38:46 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.04.13 17:38:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.13 17:38:44 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.13 17:38:44 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.13 17:38:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.13 17:38:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011.04.13 17:38:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.13 17:38:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.13 17:38:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.13 17:38:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.13 17:38:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.03.26 14:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2009.08.27 14:52:37 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.08.27 14:52:37 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2008.11.10 16:51:43 | 000,092,672 | ---- | C] (Acronis) -- C:\Users\Blub\AppData\Local\pshqlF.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Blub\*.tmp files -> C:\Users\Blub\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 11:21:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 11:18:10 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.22 10:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 10:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 07:57:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Blub\Desktop\OTL.exe
[2011.04.22 07:37:41 | 000,504,657 | ---- | M] () -- C:\Users\Blub\Desktop\unhide.exe
[2011.04.22 07:36:27 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 07:34:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Blub\Desktop\mbam-setup.exe
[2011.04.22 07:27:27 | 004,326,175 | ---- | M] () -- C:\Users\Blub\Desktop\cofi.exe.exe
[2011.04.22 03:21:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 02:29:34 | 000,005,812 | -H-- | M] () -- C:\aaw7boot.cmd
[2011.04.21 18:46:19 | 000,604,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.21 18:46:19 | 000,107,562 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.21 18:46:18 | 001,472,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.21 18:46:18 | 000,638,510 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.21 18:46:18 | 000,130,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.21 18:39:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 18:39:47 | 545,326,573 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.21 18:28:21 | 000,064,392 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2011.04.21 18:28:21 | 000,064,392 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2011.04.21 18:28:21 | 000,000,904 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2011.04.21 18:26:58 | 000,049,752 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.04.21 18:24:35 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D45BA6FC-B2B5-4AD7-90D8-A5DBBA7FE330}.job
[2011.04.21 17:51:19 | 000,000,120 | ---- | M] () -- C:\ProgramData\~45735688r
[2011.04.21 17:51:19 | 000,000,104 | ---- | M] () -- C:\ProgramData\~45735688
[2011.04.21 17:50:06 | 000,000,344 | ---- | M] () -- C:\ProgramData\45735688
[2011.04.21 17:15:55 | 000,248,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.21 16:47:05 | 000,000,000 | -H-- | M] () -- C:\Users\Blub\AppData\Local\Okomanug.bin
[2011.04.21 16:47:04 | 000,000,120 | -H-- | M] () -- C:\Users\Blub\AppData\Local\Mcoramumusetubet.dat
[2011.04.19 02:00:29 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.04.17 22:27:31 | 000,001,673 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Blub\*.tmp files -> C:\Users\Blub\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.22 07:37:23 | 000,504,657 | ---- | C] () -- C:\Users\Blub\Desktop\unhide.exe
[2011.04.22 07:36:27 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 07:36:23 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.22 07:26:44 | 004,326,175 | ---- | C] () -- C:\Users\Blub\Desktop\cofi.exe.exe
[2011.04.21 19:16:44 | 000,005,812 | -H-- | C] () -- C:\aaw7boot.cmd
[2011.04.21 18:35:39 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.04.21 18:27:00 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.04.21 18:26:58 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.04.21 17:51:19 | 000,000,120 | ---- | C] () -- C:\ProgramData\~45735688r
[2011.04.21 17:51:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~45735688
[2011.04.21 17:50:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\45735688
[2011.04.21 17:11:41 | 000,031,232 | ---- | C] () -- C:\Windows\SysNative\drivers\tap0901t.sys
[2011.04.21 16:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\Blub\AppData\Local\Okomanug.bin
[2011.04.21 16:47:04 | 000,000,120 | -H-- | C] () -- C:\Users\Blub\AppData\Local\Mcoramumusetubet.dat
[2011.04.17 22:27:31 | 000,001,673 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.04.13 17:39:24 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.13 17:39:24 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.13 17:39:24 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.13 17:39:24 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.13 17:39:22 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.13 17:39:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.13 17:39:22 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.13 17:39:15 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.13 17:39:14 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.13 17:39:14 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.13 17:39:14 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.13 17:39:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.13 17:39:14 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.13 17:39:14 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.13 17:39:13 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.13 17:39:12 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.13 17:39:11 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.13 17:39:07 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.13 17:38:52 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.13 17:38:50 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.13 17:38:49 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.13 17:38:47 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.13 17:38:47 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.13 17:38:47 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.13 17:38:47 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.13 17:38:47 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011.04.13 17:38:46 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.13 17:38:46 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.13 17:38:45 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.13 17:38:45 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.13 17:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.13 17:38:44 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.13 17:38:44 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011.04.13 17:38:44 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011.04.13 17:38:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.13 17:38:22 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.13 17:38:22 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.13 17:38:19 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.13 17:38:18 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.13 17:38:12 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.13 17:38:12 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.13 17:38:12 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2010.10.28 01:22:50 | 000,000,006 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\start
[2010.10.28 01:22:08 | 000,000,006 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\completescan
[2010.10.28 01:10:33 | 000,000,010 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\install
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.01 22:52:21 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.17 23:44:15 | 000,017,408 | -H-- | C] () -- C:\Users\Blub\AppData\Local\WebpageIcons.db
[2010.05.09 18:53:31 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.03.20 22:36:12 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010.03.20 22:36:12 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.03.20 22:33:56 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2009.12.23 15:31:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.23 15:31:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.11.19 00:20:10 | 000,074,240 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.11.05 19:28:18 | 000,000,029 | ---- | C] () -- C:\Windows\TOBITADD.INI
[2009.10.23 23:09:59 | 000,134,122 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2009.09.18 14:43:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.27 16:48:49 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.08.27 16:48:48 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.08.27 16:48:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.08.27 14:52:39 | 000,390,609 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.08.27 14:52:39 | 000,051,979 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009.08.27 14:52:38 | 000,028,127 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.08.27 14:52:38 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.08.27 14:52:38 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.08.27 14:52:38 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.08.27 14:52:37 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.05.26 02:03:22 | 000,000,600 | -H-- | C] () -- C:\Users\Blub\AppData\Local\PUTTY.RND
[2009.04.04 21:30:27 | 000,007,808 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d9caps.dat
[2009.01.12 20:09:55 | 000,042,326 | ---- | C] () -- C:\Windows\SysWow64\uninstdivx.exe
[2009.01.12 01:10:46 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2008.11.12 15:06:52 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.11.12 15:06:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.11.10 16:53:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.11.10 16:51:35 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.10.09 00:21:06 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2008.09.16 18:02:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2008.09.16 18:02:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2008.09.16 18:02:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2008.09.16 18:02:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2008.09.16 18:02:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2008.09.16 18:02:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2008.09.16 18:02:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2008.09.16 18:02:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2008.09.16 18:02:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2008.09.16 18:02:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2008.09.16 18:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2008.09.16 18:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2008.09.16 18:02:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2008.09.16 18:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2008.09.16 18:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2008.09.16 18:02:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2008.09.16 18:02:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2008.09.16 18:02:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2008.09.16 18:02:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2008.09.16 18:01:31 | 000,000,041 | ---- | C] () -- C:\Windows\CDE D120DEFGIPS.ini
[2008.01.26 20:59:26 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.12.28 19:08:15 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2007.12.22 23:41:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2007.12.09 01:50:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.08 20:40:32 | 000,000,092 | -H-- | C] () -- C:\Users\Blub\AppData\Local\fusioncache.dat
[2007.12.08 19:50:38 | 001,491,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007.12.08 19:48:49 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2007.12.08 19:48:47 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2007.12.08 19:48:47 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2007.12.08 18:00:55 | 000,177,664 | -H-- | C] () -- C:\Users\Blub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.08 17:55:47 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.08 17:35:55 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2007.12.08 17:10:41 | 000,001,100 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d8caps.dat
[2007.12.08 16:57:36 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007.12.08 16:57:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2007.12.08 16:54:52 | 000,002,188 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d9caps64.dat
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2005.11.27 18:12:45 | 000,414,272 | ---- | C] () -- C:\Windows\SysWow64\DivXc32.dll
[2005.11.27 18:12:28 | 000,414,272 | ---- | C] () -- C:\Windows\SysWow64\DivXc32f.dll
[2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
 
========== LOP Check ==========
 
[2010.07.21 14:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Atari
[2009.12.01 19:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock
[2010.10.12 17:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock2
[2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools
[2011.03.09 16:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools Lite
[2008.06.25 19:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\dyyno-vlc
[2011.04.16 23:15:38 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\GetRightToGo
[2010.11.11 22:02:50 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HD Tune Pro
[2011.04.22 10:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\ICQ
[2010.06.24 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\JavaEditor
[2010.12.11 11:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\kikin
[2008.10.15 13:45:31 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Locktime
[2011.04.18 07:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient
[2009.09.14 00:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.01.03 21:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Miranda
[2011.03.24 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mumble
[2010.12.18 16:01:42 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Notepad++
[2010.06.05 01:15:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Octoshape
[2009.09.18 17:29:35 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\OpenOffice.org
[2008.08.06 15:36:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Prabang
[2009.12.18 17:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\RayV
[2009.11.13 18:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\runic games
[2007.12.28 20:25:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Screaming Bee
[2010.05.09 19:07:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Subversion
[2010.03.07 17:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TeamViewer
[2010.01.03 21:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Trillian
[2010.03.16 01:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TS3Client
[2011.04.21 17:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Tunngle
[2008.12.20 01:38:06 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ubisoft
[2011.04.21 16:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\uTorrent
[2011.04.21 18:27:51 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.21 18:24:35 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D45BA6FC-B2B5-4AD7-90D8-A5DBBA7FE330}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.21 16:45:02 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Adobe
[2009.12.08 19:36:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Apple Computer
[2010.07.21 14:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Atari
[2009.12.01 19:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock
[2010.10.12 17:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock2
[2009.11.20 16:45:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\codeblocks
[2009.08.27 17:08:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Creative
[2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools
[2011.03.09 16:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools Lite
[2010.09.13 23:49:26 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DivX
[2008.06.25 19:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\dyyno-vlc
[2011.04.16 23:15:38 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\GetRightToGo
[2010.01.23 23:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Hamachi
[2010.11.11 22:02:50 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HD Tune Pro
[2008.06.24 12:45:33 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HP
[2011.04.22 10:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\ICQ
[2007.12.08 16:54:57 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Identities
[2008.04.18 17:26:29 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\InstallShield
[2010.06.24 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\JavaEditor
[2010.12.11 11:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\kikin
[2008.10.15 13:45:31 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Locktime
[2011.04.18 07:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient
[2009.09.14 00:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2007.12.08 19:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Macromedia
[2011.04.22 07:36:43 | 000,000,000 | ---D | M] -- C:\Users\Blub\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Media Center Programs
[2010.05.09 19:12:17 | 000,000,000 | --SD | M] -- C:\Users\Blub\AppData\Roaming\Microsoft
[2010.01.03 21:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Miranda
[2009.08.12 20:46:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\mIRC
[2009.10.05 14:05:10 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mozilla
[2011.03.24 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mumble
[2009.09.05 11:02:22 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\NCH Software
[2010.12.18 16:01:42 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Notepad++
[2010.06.05 01:15:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Octoshape
[2009.09.18 17:29:35 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\OpenOffice.org
[2008.08.06 15:36:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Prabang
[2009.12.18 17:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\RayV
[2009.11.13 18:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\runic games
[2007.12.28 20:25:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Screaming Bee
[2007.12.08 18:30:47 | 000,000,000 | RH-D | M] -- C:\Users\Blub\AppData\Roaming\SecuROM
[2011.04.22 11:35:18 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Skype
[2011.04.22 08:30:46 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\skypePM
[2010.05.09 19:07:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Subversion
[2010.07.15 22:16:41 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\teamspeak2
[2010.03.07 17:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TeamViewer
[2010.05.09 19:23:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TortoiseSVN
[2010.01.03 21:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Trillian
[2010.03.16 01:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TS3Client
[2011.04.21 17:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Tunngle
[2008.12.20 01:38:06 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ubisoft
[2011.04.21 16:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\uTorrent
[2010.04.25 11:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ventrilo
[2011.03.04 23:40:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\vlc
[2007.12.22 23:48:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\WinRAR
[2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
[2010.12.11 11:00:58 | 001,166,568 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
[2009.09.14 00:51:11 | 000,038,208 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.02.13 08:07:36 | 000,393,216 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2009.01.08 15:44:06 | 000,070,936 | -H-- | M] (Octoshape ApS) -- C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.02.14 14:12:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.02.14 14:12:07 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2007.12.08 18:24:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2007.12.08 18:24:31 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2007.12.08 18:24:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.19 10:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.19 01:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2007.12.08 18:24:32 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 10:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 10:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.12.08 18:19:11 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 10:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 09:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.12.08 18:19:11 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.12.08 18:19:11 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.12.08 18:19:11 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 10:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.10.15 00:35:23 | 000,044,484 | -H-- | M] ()(C:\Users\Blub\Documents\?????¯???.txt) -- C:\Users\Blub\Documents\Ƹ̵̡Ӝ̵̨̄Ʒ.txt
[2010.01.30 15:34:01 | 000,044,484 | -H-- | C] ()(C:\Users\Blub\Documents\?????¯???.txt) -- C:\Users\Blub\Documents\Ƹ̵̡Ӝ̵̨̄Ʒ.txt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Blub\YouTube - WotLK Naxxramas - Kel'Thuzad.mp3:TOC.WMV
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---
__________________

Alt 22.04.2011, 12:42   #4
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.04.2011 11:46:04 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Blub\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 118,12 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: x | User Name: Blub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 14 0E 40 71 49 43 C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12CF4DB7-0DAA-4CBC-B9FB-333C49CA7CFA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe | 
"{17A8C42F-0BB9-4CEC-AC14-C94FC368B5E3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{219A1FDD-6128-45E9-9FCF-DC91701A7387}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{48B2DC95-0E81-408E-9A9A-59B5A987AD4C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{49640DC1-07C4-4F82-BEAF-2EA50B25F9A2}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{563C6D46-FDFE-4B37-9632-59010387F7D0}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{5E51CB45-F547-4231-9684-D0141E65A22E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B1F09BB3-B0E8-456E-950E-DAF963E80B11}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{C243750A-8B92-4BA5-881E-0235518DF899}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe | 
"{C4D8BFE2-672E-477E-8FC4-33F8FF3924B7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{E5062893-DB72-48A1-BC16-3C009B44961E}" = lport=3306 | protocol=6 | dir=in | name=localhost | 
"{FCC36732-805B-473A-9AB4-4BC5B5CE5FBA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0264D9B1-A1FF-404B-850B-906DA6A37360}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{040F017F-5C9A-4590-86A2-9F89E5EBE776}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe | 
"{05DBC8E8-71FC-45E3-9A5B-ACA4EE274297}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{06962F71-0DF5-49E9-81F2-D03C78371FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dark fall lost souls\darkfalllostsouls.exe | 
"{08F2EC7B-A35A-4100-B845-12406A652A36}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | 
"{0B1D9085-CE45-412C-8AC8-EFB17FD4E18B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{0B6DCD8A-2C2A-43E2-9166-0FAC8D6F5531}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{0B9BB747-985F-43E7-B9D2-C65FB88EEA0A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{0D679EFA-23D2-4BC8-9211-11A9F49143F2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\peggle extreme\peggleextreme.exe | 
"{0D6967BB-F8BD-459E-B62D-C787636FCA34}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{0F9E46AE-8BF4-4737-93B0-4F459BEADFF4}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{0FD2BF8D-D3A2-45CC-9DAD-4F979B4E6595}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{145010F6-BC68-4EE1-8886-F9DD55255C33}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{15E59C53-63F3-4FBE-8414-47D1E00A4A6F}" = protocol=6 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe | 
"{18EB64B6-7FA1-4400-B175-697469B01D78}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe | 
"{1A1AE26A-2EEB-4176-B1A1-0A18F69E3AF9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{1BED3890-F693-4455-9344-EF3DDA2F2DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{1E73B1F9-B218-4074-9356-586957D5587F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe | 
"{1F1C40A4-E60E-41FF-8C2D-F3B70C155B74}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{205481A2-5812-4789-934D-E1B3062E2E14}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{222CCC1B-B798-488E-81C1-0EEAB609091C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\chuzzle deluxe\chuzzle.exe | 
"{227C4F0E-D437-46AA-A9E2-963A0721F64A}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{23C87C1D-2DD2-44FE-85BB-495D29C650D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{240FBC89-9974-4CBB-A65F-959F6F08DB99}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\peggle extreme\peggleextreme.exe | 
"{24856F73-F99D-40BB-BBB0-0BE8C8E90425}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe | 
"{24E8AB99-44F3-494E-A4E3-AD59E90BA728}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{26994095-EC4F-4A06-973C-0ECD2896E2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe | 
"{2A43E3C7-E554-4441-8148-DA6A778FB22A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{2A814407-4EE2-42C0-B24E-E5E29AE5908B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe | 
"{2D39CB9A-D387-47BB-9B3A-AC7179E259B6}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\counter-strike source\hl2.exe | 
"{3052D1A8-B7F7-4D0F-8101-1BB1BD5BBA12}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | 
"{30C22F42-2362-4D25-BE1F-1F3D0A37AD1F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-engb-downloader.exe | 
"{32C56732-C007-4BAC-87D2-9C23B7A0DAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{330379D4-DCB6-4A49-9DE2-45F0EAF64530}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-engb-ptr-downloader.exe | 
"{35CAA15A-C7C9-4F0E-AE78-0B5C210A4EF4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | 
"{394D03B0-A9A6-4CA0-9BD6-FC2F73312C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{39AE4A98-2400-4CB9-966C-54F4C3729881}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{3DDCAC50-2D5C-4170-B7CC-9143759C7466}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | 
"{3EBC20B6-284E-49A3-BD1A-83B13D4337CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-engb-downloader.exe | 
"{4012359A-FE68-4140-A5D6-BA5A2D090620}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{41386F96-F7AC-45B8-BD4C-1B5F05CE4922}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | 
"{417EA44E-65DB-4122-94EE-31584FDEF7B3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{419135EE-666D-4277-A1A7-BBEE9458CCD2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe | 
"{41F48F44-928F-4414-872A-B0E01A712844}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\counter-strike source\hl2.exe | 
"{42C32EF9-6EA7-4EC9-805A-96A46B42F983}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | 
"{44EE8BB1-5AA7-4029-9AF2-C08D70723BF9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | 
"{4662990D-D239-4D65-A15A-6409BAF3E10C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{46EA6C3A-C51F-46D0-BEBE-8E63BFDC733A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{47BD2E25-4701-4714-90AE-2096900AAF87}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{47D84D13-2903-4040-AD71-90F93FFB00B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{4ACCB5CE-1C4F-481C-B51F-867EABF033C2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe | 
"{4C04391E-B63B-49DF-94AC-F9704D37B850}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{4C27E691-E845-4545-ACFA-B3550B2E1BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{4C42A191-0682-4CDD-889E-DE788F3808C1}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{4C5738A2-025C-4C94-AF26-C46FFE2D8BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{4E2BAEBF-66E3-4454-95C4-B8E8DC2F17FB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-engb-downloader.exe | 
"{4F30CAE8-531A-48AA-B5E4-2662DBDA42E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-engb-ptr-downloader.exe | 
"{52345690-927B-40E6-942F-64F650AE98E2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe | 
"{53FBA0C5-0AF1-46FD-B93C-F1E11D2AC0F2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{561882F9-11E9-40E8-A9F1-9447C2B85BF1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe | 
"{564C0CF7-53B3-47CD-81EC-BC9CB104CCE5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{572237CE-D268-44BF-B7F8-335597AA82DD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe | 
"{5CDC6003-C8F2-413B-B777-8153A4BA4ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\chuzzle deluxe\chuzzle.exe | 
"{5DE7D8CE-8E8C-4024-ACA6-E2FD9B3B53B7}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{5EF2F955-B232-4D68-A389-5446CF86B4D4}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) | 
"{612E1709-8573-4F13-9844-141A7294E081}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{676CE437-786C-46BF-9AF9-0DF4533C9AF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{68A8DFD1-BD51-4625-B84C-5379D38C4E13}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{68B827ED-827A-415A-824E-DA9A45AE30BB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{6BF489D5-F975-4967-B2C7-1433374B0699}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{6E011D46-4CE9-49B5-8486-34EF22C98C11}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-engb-ptr-downloader.exe | 
"{6E71D27E-4288-4704-9413-8F78BB695EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\torchlight\torchlight.exe | 
"{6E7797E2-644D-4D5C-BE86-BC803D4BBF7E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{701CA347-17D4-446C-B1E2-964BCED46ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{70A3B442-554E-47E9-90C1-DBEF4177954C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe | 
"{720D9FEC-C150-4EFF-9FB5-4B7090443E1B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | 
"{72D7884B-89D4-48A6-80CB-849F04431017}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe | 
"{761DBA2A-40D4-45E1-8944-5F44721D9F7F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{78E86215-1BDE-482E-80AF-AD9EF6C9DBE8}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{79354D76-C561-47F4-9875-19144B0DFCA7}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe | 
"{799E360A-ED64-42BF-96AC-3A71BDA4F786}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{7B4E71C9-E795-4230-921F-F8CA577995B7}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{7CCB3C47-5202-4E4A-B4DA-422890398E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{81C7A85E-46B0-416A-BCFA-5C4125BB2ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{822D1C53-E807-45EC-9DA6-F0F95D187491}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe | 
"{832018A0-4F2A-4C5E-AF78-F339F0BE173F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{8B0490E4-2300-4BAC-A925-70985B0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dark fall lost souls\darkfalllostsouls.exe | 
"{8C9939D9-B7B9-46A7-80E8-E213735245CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{8D469410-57A0-4AD9-B16F-21B2140F6D0F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{8EC10A85-4CAD-4242-83E8-38BC58289F52}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{8F5051F4-55F1-4356-9C0D-51EEE0B907EF}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe | 
"{919B62EE-C900-43F7-94B6-4FD02C3C7645}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe | 
"{9246A485-1EF0-421A-8A91-27976B39E75E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{928825A0-C60E-4A11-8688-3F70B29AAB21}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{9391233B-3CE5-41A7-8FF4-0C31ABFB2AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\ghost master\ghost.exe | 
"{9574085B-A337-460D-9F2B-E829086AC09F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe | 
"{96C843F9-80C8-48B3-AF23-923E72E8FD90}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\ghost master\ghost.exe | 
"{9AE55293-614E-4BCE-BDBD-276B53579317}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9D715D5E-8E31-4DB2-8259-8F2C2DD955CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A1E55E53-8B0E-4284-8F18-82ABBA0C0D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
"{A47FE973-AA0F-4397-8230-B3346229ED76}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe | 
"{A4CC26A8-8B7F-45FC-91D9-95897F422D00}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A5DAC060-B77D-467F-B19B-F430CC58EA83}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{A6BEE062-6998-427E-A58A-0F7B89C49F52}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{A8232B7A-9602-4374-ABEF-59BC9E495D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{A83A0CD5-B784-4162-89B0-EE88F3431D24}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-engb-downloader.exe | 
"{A87540EA-05EB-4E8D-B90D-2378FC5ADDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{AA50EE6F-E5F0-4A6F-B1A9-AE99D5A44D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{AA9A8A62-9ED8-4D4D-909F-6F41C15AB5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{ACBE4BEE-2217-4E43-B3F8-B9CD077B5EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B0C4373F-3CD8-4EBC-9441-129731CA03F2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{B235BFC2-4EFA-47DF-BA4F-68C14C56A10D}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{B259F243-49C9-4E07-8136-592B2D95CD84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B2F86696-B237-41D6-A96E-38E02BD07C52}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{B59723DA-48DA-4EEE-AF9A-6239BB7DDD7E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe | 
"{B7090879-7492-459B-99AB-F98637D13749}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{BBB00676-56A9-4250-AE8D-0A0ACA9DC685}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{BC020316-5CAF-425B-B680-E3DB0FE0DE69}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BEBF8F36-8B49-4317-908C-491057ECD707}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{C2017633-89A0-403D-B260-A10EC4967D84}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C2128307-6EEF-4FCC-8CA5-24BC44EE0C28}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe | 
"{C2BFA0E0-DCCF-4491-A7A7-8851B896C369}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{C42F4793-79B3-4FAF-913A-8A30B1050B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{C6A9C4FB-2081-4D7A-8DA5-2E23068DAD46}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{C7A0028F-2EC2-43D0-8A0A-0E6D2FEC8679}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{C7D06970-A18A-4F45-8E40-650EEF172D6D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{C8C06F38-69F2-4E1E-88EA-2ED0750BDDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{C94F7D47-BDB0-4648-A815-E277CF2FEADA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{C96F1C73-9DC8-43AF-860D-2861FC6614EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CB726906-5FF0-4BB1-A722-6BE9E42FF069}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{CBFCCDFC-820A-49F5-A083-1D01958E128A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{CC89DA93-1829-425C-AAB5-3EF1E75D36F0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{CE394FBE-20BE-4D1B-82DD-35620B63DB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe | 
"{CF0BCE72-A009-4328-BF49-A617ED57F3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{D34BE9D2-8355-4CE1-8368-11A30C13779E}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | 
"{D48AB012-8E92-4661-A7C7-904C71EF6AA1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D4AB8177-EC3D-4E6E-B327-94D10CB2EB4C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-engb-ptr-downloader.exe | 
"{D59A0711-1E80-4E63-BCC1-84ECB40370C5}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{D9650B26-CAA0-431C-B1EC-1FD10BB20740}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe | 
"{D993AFA1-549B-45D9-8413-89A6F374631B}" = protocol=17 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe | 
"{D9B445AC-0EE4-4601-A23F-0944E079BDE2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe | 
"{DB4624C2-B1F3-459B-834C-3DDDA8D7810C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-engb-downloader.exe | 
"{DBC56FD3-5004-4779-901E-E7D380060A67}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{DC1B3067-5E0D-4A1B-820A-EAAEC768333F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{DC40BEE3-4B9E-4B0D-A2EA-95E27B133CFD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe | 
"{DCB1F339-2BA9-4B5D-A188-0003F6122F45}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | 
"{DD24B90F-201C-4536-AC77-CA399A7D1FC9}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{DD84EDB7-5B95-4152-85D4-7AC35E686DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{DEA2045C-73D7-42F4-A526-9686ADF84560}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{E45BF645-9C4B-4D0F-9948-6668CE51E083}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{E50FE606-2815-401A-B13A-B9C96E74A9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{EBC9F0FB-F846-4841-BB36-F00541089217}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{EC147C92-0B71-43C7-8ACA-123BFDEFBA37}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\torchlight\torchlight.exe | 
"{EFAF3DBF-D3AC-4099-8214-41B46713CEB0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{F2979DA1-5A11-4E23-A365-01A8CE587C77}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{F3C167B5-D55A-4F45-B759-4CAC10BFDC04}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-engb-ptr-downloader.exe | 
"{F5E3DA64-706A-4BB5-A401-04872E5AB1B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-engb-downloader.exe | 
"{F80678CA-AEDE-4344-85D7-6B256AAAE805}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-engb-ptr-downloader.exe | 
"{F864AA5E-9DA0-46C6-995A-D663930FC318}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"TCP Query User{03121608-7C4D-40D3-B6F7-45A32EE7ECAC}C:\users\blub\desktop\neuer ordner\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\valve\hl.exe | 
"TCP Query User{03629B3F-6980-4F92-9B7B-758A49DA4683}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe | 
"TCP Query User{07BA6141-E5FE-473D-B7D4-AC053905271E}C:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe | 
"TCP Query User{0945D85B-37EB-42EA-ACCB-A14C1317785D}C:\users\blub\desktop\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\xiii\system\xiii.exe | 
"TCP Query User{0BB3C0D6-ABFF-4506-B569-2D9755521693}C:\users\blub\desktop\cabaltemp\estsetuploader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\cabaltemp\estsetuploader.exe | 
"TCP Query User{12BAC182-6352-4B8A-85F7-CFCC27D2F17F}C:\sierra\ee-zde\ee-aoc (2).exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc (2).exe | 
"TCP Query User{13D4C224-70D7-469F-811C-23EAFC6E08BD}C:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"TCP Query User{1583A3C3-8B55-40AF-B3E5-02316ED396CE}C:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe | 
"TCP Query User{1597BE5E-A221-4845-8944-60C4D7CC9064}C:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe | 
"TCP Query User{1724854B-A50D-409D-AF57-32EB9534D942}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe | 
"TCP Query User{1A3471CC-4B21-4AC8-B51C-9B15977FF162}C:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe | 
"TCP Query User{1A63F083-2EBC-4F97-B348-A96F33355126}C:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{1A7C58F7-64E9-4EC1-9573-BBEEAF662C56}C:\users\blub\desktop\stronghold\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\stronghold\stronghold crusader.exe | 
"TCP Query User{1DCB847B-6EFE-45F4-9F82-66CC3A2D872A}C:\users\blub\desktop\dg - mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\dg - mangos\mangosd.exe | 
"TCP Query User{264134FB-CA7C-4930-B92D-886A45BE3EF3}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe | 
"TCP Query User{28578DF1-EDDC-475B-AC09-F9D6E2D0D7CD}C:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe | 
"TCP Query User{2A1489B9-30A5-40CB-A92E-F0FEECE1580D}C:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe | 
"TCP Query User{2A763B99-6528-4F32-B173-45A1D0700295}C:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe | 
"TCP Query User{2AB547F1-17CA-41D8-BAE4-C043A9C887D5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{2DA5FFB0-974E-482C-9225-BCFCA556ED23}C:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe | 
"TCP Query User{2E91A64A-03CC-4AB3-9AAA-FE48A77F4211}C:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe | 
"TCP Query User{387493AD-16BB-42C6-8495-B85677D33B1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{388E2354-9AC2-4151-B221-BD77C0E19D39}C:\users\blub\desktop\gotcha!\gotcha.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\gotcha!\gotcha.exe | 
"TCP Query User{39D01090-F496-44B0-831D-3898771E7675}C:\users\blub\desktop\mangos server\dg - mangos\realmd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\realmd.exe | 
"TCP Query User{3A30E95C-3F0F-4A24-B47D-31ECE85871EB}C:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe | 
"TCP Query User{3A4ED5E8-5057-4D95-8FDB-88FFAEFFE772}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"TCP Query User{3AB5F259-BB9C-4A20-913E-2976818CF806}C:\users\blub\desktop\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\ut2004\system\ut2004.exe | 
"TCP Query User{40384B20-5555-4FAD-81CE-5B49F05A3268}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe | 
"TCP Query User{408ACE3D-90CF-4FDE-90F9-70B6934FCC66}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{43B2A93F-641D-44BF-B228-3AEA53D92E64}C:\users\blub\desktop\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\flatout\flatout.exe | 
"TCP Query User{4D0E7F98-A417-4579-B970-1D5F1707AF17}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe | 
"TCP Query User{4FBACF43-582F-4AAA-B9A1-9D965DAE943D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe | 
"TCP Query User{52E4A364-D229-41A6-9115-E87BB044D76E}C:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe | 
"TCP Query User{5BDEF01C-2AAD-4858-A140-E741A46EB502}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe | 
"TCP Query User{6199BAB1-5165-4DE1-8AB7-7B653B01F884}C:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe | 
"TCP Query User{63A65B9B-591E-45FF-AB39-34ECA78D6182}C:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe | 
"TCP Query User{656A8B37-43D4-4F9A-8769-167F0D6AE28A}\\soeren\games\age of empiresii\age2_x1.exe" = protocol=6 | dir=in | app=\\soeren\games\age of empiresii\age2_x1.exe | 
"TCP Query User{6882160C-A1CC-4664-829C-9D1E907B6CE5}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{6A27E0B7-8BC4-40BC-9FED-16E42ABE4CD7}C:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{6BC8D7E8-A863-4DC6-A330-97FC16B09257}C:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe | 
"TCP Query User{744E17A5-BECB-48D0-8801-508CE77D627E}C:\users\blub\desktop\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\tmnationsforever\tmforever.exe | 
"TCP Query User{79068115-35AA-46FD-B7C9-B56D0C1AEF13}C:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe | 
"TCP Query User{7C40660A-BE15-4CC6-B088-6768EC8756F2}C:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe | 
"TCP Query User{826DCFD9-7A2E-46F7-AF54-8948E0D1A8CB}C:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe | 
"TCP Query User{864FCE63-0B06-47DF-8980-C4EDD46D82EA}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe | 
"TCP Query User{88EA9193-F3F2-45BF-B3D1-CC9DC192DC0F}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | 
"TCP Query User{8A3CB605-F13A-44EF-9646-36F83AFE2EC6}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{8AA61718-36F7-41B5-8D10-B97D1AC21881}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{8DF04696-E822-453B-A7CD-3D0E8A537419}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{8FBDFB7E-9002-43BA-AE22-41846E854178}C:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe | 
"TCP Query User{948170EA-E474-4899-9019-13339B38CB7D}C:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe | 
"TCP Query User{96FB64EF-1818-408F-9EDD-5554D05C0270}C:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe | 
"TCP Query User{971A1A21-0C01-408B-B3E0-2D33FBB0540B}C:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe | 
"TCP Query User{999C8B17-29E6-460D-921E-DFBEEC3D324F}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"TCP Query User{9CDD04EA-7426-43EC-A1EF-3EAD7A8BAA3D}C:\users\blub\appdata\local\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\local\dyyno receiver\dppm.exe | 
"TCP Query User{A3889922-A3CB-4E68-AE16-650B9D005E42}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"TCP Query User{AB1AE069-58F1-4A48-BEFE-C6A55BB76392}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{AEEB176C-7C5D-43FC-A8D0-0D7B1B241CA1}C:\users\blub\desktop\neuer ordner (3)\dx.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner (3)\dx.exe | 
"TCP Query User{AF3F7AC2-4570-4580-923C-D184299ADE25}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe | 
"TCP Query User{B673B0BB-9145-4565-8F56-01E1766CF08F}C:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe | 
"TCP Query User{B9032F5F-010F-4DA6-A17E-2EB1EEC1BB41}C:\users\blub\desktop\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\worms armageddon\wa.exe | 
"TCP Query User{BAE3E225-F4D1-4ECB-8F87-A46785E5B4E8}C:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe | 
"TCP Query User{BB3579F7-7CEB-4F0B-B223-C618F8AD991F}C:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe | 
"TCP Query User{BBCBD572-6D23-4F38-A9CF-0512F9517EBE}C:\users\blub\desktop\dg - mangos\realmd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\dg - mangos\realmd.exe | 
"TCP Query User{C17636CA-EA44-42E3-99B5-4D7C247E3B8D}C:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe | 
"TCP Query User{C1DAB5FE-8184-4A3D-AED7-F9D505E4A17D}\\soeren\games\age of empiresii\empires2.exe" = protocol=6 | dir=in | app=\\soeren\games\age of empiresii\empires2.exe | 
"TCP Query User{C2D1FE59-05E7-4941-97CF-E899E4F31CA6}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{C2F89E00-19B5-40C6-AFE6-460A021121CD}C:\users\blub\desktop\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\counter-strike source\hl2.exe | 
"TCP Query User{C4EDAAE4-C737-4DB2-B74A-EEFC428148EF}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe | 
"TCP Query User{C9EF19EF-E9E0-420D-A985-98C48B049D4D}C:\users\blub\desktop\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\valve\hl.exe | 
"TCP Query User{CA32B620-ECFB-49C4-8136-DA32059D00C4}C:\users\blub\desktop\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\cod4\iw3mp.exe | 
"TCP Query User{CDA35547-E630-45D9-AFF0-9AD0101F5112}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{CE689387-F08E-4340-B36A-8B91F49AE1E1}C:\program files (x86)\tortun\gui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tortun\gui.exe | 
"TCP Query User{D148C603-D7A4-4A7D-B0A6-9D5DFDF274E7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{D2FA20E0-8B90-456B-8F5E-F140D5997C14}C:\users\blub\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\locallow\dyyno receiver\dppm.exe | 
"TCP Query User{D36A0FE7-3A94-40A3-B8EB-26F04996800F}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"TCP Query User{D3D921DE-23E7-4F97-95CF-6A7AC417D1A1}C:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe | 
"TCP Query User{D58E899C-5AAC-4D58-AE88-71AEDC1F3C18}C:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe | 
"TCP Query User{DE2934B0-0249-4D83-9C1F-A1DC1259EA67}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{E73300A0-8443-4378-A18D-E50752CA017C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{EC05A8D3-A730-4A6E-8895-281BDDE3A72F}C:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{EE5B85B8-8621-465F-818F-590D0459750B}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{F19B6413-37FE-4018-92A4-D8F0F1E01114}C:\users\blub\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\warcraft iii\war3.exe | 
"TCP Query User{F6328364-CD49-4B19-83C0-D979AC20BF7D}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"TCP Query User{F7E13548-723E-4169-A14D-0CCA8DED1465}C:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe | 
"UDP Query User{04BE7518-CF86-4692-915C-56A4CC331666}C:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe | 
"UDP Query User{05A8E5ED-D2F0-4045-AE31-39B92A0ED6BC}C:\users\blub\desktop\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\ut2004\system\ut2004.exe | 
"UDP Query User{07B7AE82-97A4-4B8C-B4CA-A17A4737BC65}C:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe | 
"UDP Query User{097B793F-B6AD-4892-A0F6-B074C709E516}C:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{0DB93BFA-FCE7-40B3-8135-E01AFDCF870A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{0F888632-92FA-458C-BEEE-11CEA1B2E758}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe | 
"UDP Query User{0F8D2C33-3882-42AB-B735-425407A1C321}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{10109B2C-16F9-4473-8019-9A577A06708E}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe | 
"UDP Query User{162FC2F1-058A-432C-B9FB-41E3B82A5F35}C:\users\blub\desktop\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\tmnationsforever\tmforever.exe | 
"UDP Query User{1C69ACD0-7346-4B92-9FF6-4B5B0A080165}C:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe | 
"UDP Query User{1D7B2BEC-84C3-476A-B33E-53BF6C334BC9}C:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe | 
"UDP Query User{1DF29935-3642-436B-AD13-48BE08C5BD1E}C:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe | 
"UDP Query User{2B456A91-6879-462C-AEFC-0EAB348A1151}C:\users\blub\desktop\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\xiii\system\xiii.exe | 
"UDP Query User{2CFC2079-29D3-42EB-9F41-FB45AA607216}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe | 
"UDP Query User{2ED4FAB2-7242-4791-8269-9589219FE406}C:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe | 
"UDP Query User{30DEFF4E-30C6-443E-9AAE-C97720D69B42}C:\users\blub\desktop\dg - mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\dg - mangos\mangosd.exe | 
"UDP Query User{33262D80-5004-4CD6-979A-CA8B16B37040}C:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe | 
"UDP Query User{39175166-91FA-402A-8EB2-7ECEEFAC8BAD}C:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe | 
"UDP Query User{39EBD447-A01D-41BD-962B-64E645622301}C:\users\blub\desktop\neuer ordner (3)\dx.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner (3)\dx.exe | 
"UDP Query User{3D37212E-185D-4023-8908-2E0F41D3069A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{3F68D1A9-3C75-43E8-9919-93C047BB616F}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"UDP Query User{4236A288-D6D7-4C4F-B640-7376C8F0A252}C:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe | 
"UDP Query User{464AE905-B702-4983-82EE-2264EA2ACD14}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe | 
"UDP Query User{4B106ACC-8909-4300-8DDE-29C71D06DDA3}C:\users\blub\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\warcraft iii\war3.exe | 
"UDP Query User{4F4A48C3-D0AA-415D-BA93-32853F1FF37D}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe | 
"UDP Query User{50493F05-71C3-44BD-BF99-0D6CB2963F0A}C:\program files (x86)\tortun\gui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tortun\gui.exe | 
"UDP Query User{55A4C9FC-E476-4D5F-961A-A89B1E9E21EF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{55E037CA-426F-4FE9-B6A6-623E1C31C826}C:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{58C50F49-278F-4945-8E59-31A767501D89}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"UDP Query User{5DCA5BD1-4670-445B-BF2A-368DE68CCE8A}\\soeren\games\age of empiresii\empires2.exe" = protocol=17 | dir=in | app=\\soeren\games\age of empiresii\empires2.exe | 
"UDP Query User{607E039F-8B7C-4FFB-8EFD-6799921040C0}C:\sierra\ee-zde\ee-aoc (2).exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc (2).exe | 
"UDP Query User{61AA40FF-A4AC-4A87-B29B-DD2D1FBAA44D}C:\users\blub\desktop\stronghold\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\stronghold\stronghold crusader.exe | 
"UDP Query User{638E8C6E-7BEC-48E8-BF37-FE62FB10C062}C:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe | 
"UDP Query User{64CFB000-967F-436F-9A7E-B10B6B3C9605}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{684BF62F-0CAE-4617-999E-58B00B8B5B4F}C:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe | 
"UDP Query User{69E5CE65-4F51-4B9A-A735-9FACA2CF9E92}C:\users\blub\desktop\mangos server\dg - mangos\realmd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\realmd.exe | 
"UDP Query User{6FCA580D-2471-4480-B18A-CD542E0E1DF4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{74E50039-718F-4663-ACB5-F7E7F033A2E9}C:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe | 
"UDP Query User{7B7CF558-B883-4BEA-88F1-8ABCC056D5CE}C:\users\blub\desktop\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\flatout\flatout.exe | 
"UDP Query User{7CB41976-3D88-4B0E-84B4-5EB9635971B8}C:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe | 
"UDP Query User{818F2364-4CCD-4FA9-B101-51DFC0733919}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe | 
"UDP Query User{88BA9FAD-F5A2-4906-9B62-2DA1DB8D927A}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | 
"UDP Query User{8AEB909D-C6B0-45D4-842B-36C758C215ED}C:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe | 
"UDP Query User{8B1EE463-2FAE-49CA-A88D-FD0DF4B4F2BB}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe | 
"UDP Query User{8B5CE374-8819-45B0-AFA7-57318F8A0AF2}C:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe | 
"UDP Query User{8BEA10BE-C65F-445B-9BA5-F9CD985D6170}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{8C5A97AA-B83E-4E81-B803-DFB5CC645D41}C:\users\blub\desktop\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\valve\hl.exe | 
"UDP Query User{906CFD00-CEE4-49B1-86E5-352EC565040E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{90FD74F7-1FE1-4701-A357-705D8E1B525E}C:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe | 
"UDP Query User{912C4E25-8BBA-42B7-A63D-8719A0BE0AFB}C:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe | 
"UDP Query User{928C1903-F6F7-4695-9761-8908BB5B33D5}C:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe | 
"UDP Query User{94878407-284A-4EF9-9DE4-785427B953F8}C:\users\blub\desktop\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\cod4\iw3mp.exe | 
"UDP Query User{95AF5BF4-9679-44A1-886E-0D273857A226}C:\users\blub\appdata\local\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\local\dyyno receiver\dppm.exe | 
"UDP Query User{99C35F84-A444-4D41-BAB2-9949F3BC3204}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe | 
"UDP Query User{9C78EB0E-8870-4D5F-AD46-39F7BBE9524C}C:\users\blub\desktop\cabaltemp\estsetuploader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\cabaltemp\estsetuploader.exe | 
"UDP Query User{9E13CA69-9F22-49F5-B301-E1DBB3E0BCE9}C:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe | 
"UDP Query User{9E4C1147-BB6C-474E-AC34-31755527205C}C:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe | 
"UDP Query User{A0426E05-294B-4D99-AAED-CD82CEE7FB08}C:\users\blub\desktop\gotcha!\gotcha.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\gotcha!\gotcha.exe | 
"UDP Query User{A8A49E56-3EC8-4071-A509-6F2F0D26BEEE}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{A8E3D995-D0A3-4F8D-B2CE-E3DDCF5BEA30}C:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe | 
"UDP Query User{ACEF5D13-3EFB-4ECE-BD30-98BB484F5C32}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{AEC4E53F-9A77-42F0-8E95-DA396C831B16}C:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe | 
"UDP Query User{AFC7A7DB-2B25-4B7A-B335-B14D96CE7589}C:\users\blub\desktop\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\counter-strike source\hl2.exe | 
"UDP Query User{B0242723-7AFD-4C62-99FB-EACC8A6F7BE2}C:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"UDP Query User{B10D2825-2303-44B9-9565-D01DB4560093}C:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe | 
"UDP Query User{B33B64E4-23FB-402D-A2FD-4AC878B9D7B9}C:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe | 
"UDP Query User{B625BB6E-43AD-4495-BE83-DF76BBB38288}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{C5E8F48F-A2B5-4106-A2EB-2489B06A593C}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe | 
"UDP Query User{C62F3AF4-DD72-4B1D-8055-D4BFE9DE0946}C:\users\blub\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\locallow\dyyno receiver\dppm.exe | 
"UDP Query User{C97329C2-6D05-4011-A747-60542885F642}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{CA638E1A-AAC8-4771-BD98-CD6BF4D68B08}C:\users\blub\desktop\dg - mangos\realmd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\dg - mangos\realmd.exe | 
"UDP Query User{CBC6F1D3-E612-4809-9881-25E19EC7C291}\\soeren\games\age of empiresii\age2_x1.exe" = protocol=17 | dir=in | app=\\soeren\games\age of empiresii\age2_x1.exe | 
"UDP Query User{CD3159D3-FB3C-4E87-A7A1-65796CB195BA}C:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe | 
"UDP Query User{CE763308-89FF-42DB-887D-1D90DFF74893}C:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe | 
"UDP Query User{D01848A3-8594-49F8-A794-3D77255ACFE7}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe | 
"UDP Query User{D64A7A5D-F97D-4267-8451-A4FD10F4B9A3}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe | 
"UDP Query User{D8B3BC60-CEC3-46D3-BB33-C61E540F2398}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"UDP Query User{E06196A5-C27F-4E4A-B501-26E17B5A5013}C:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{E147E616-854E-47F5-B48C-E81EB6AA1401}C:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe | 
"UDP Query User{E3452429-2DAD-4276-89D3-F2E0443591AD}C:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe | 
"UDP Query User{E7B6F56D-276A-4EF1-8621-C0C50B26739F}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe | 
"UDP Query User{EC0092D3-0122-40DF-8887-BB632B493C7A}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{F6AFECEB-23B1-4BD4-A089-B188231C8785}C:\users\blub\desktop\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\worms armageddon\wa.exe | 
"UDP Query User{FB4DC75A-A07D-4A67-9E19-F0B03197828F}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{FBB93E2A-1790-41B1-BCF6-EC54689A8D0D}C:\users\blub\desktop\neuer ordner\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\valve\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02412CEB-47C0-4157-80DE-6E96AAE67604}" = MySQL Server 5.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07C903D3-2996-4683-9B49-7839207148CA}" = NGists G15/TeamSpeak Display
"{08CFF9D1-BD86-4CA3-BC4A-AC51EF7640A4}" = X-Fi Forte 7.1
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{38281E4F-B7AF-42C6-B7F9-8C9DC0024A16}" = MorphVOX Pro
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.14p, 2010.04.20
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB9EA451-351D-4EDC-B23E-BFECFCEC0E0F}" = Sven XXX - XS
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (murb.com Edition) 2.2
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"Avira Unerase Personal" = Avira Unerase Personal
"Battle.net" = Battle.net
"ColorPic" = ColorPic
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Media Codec" = DivX Media Codec 4.2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EADM" = EA Download Manager
"EPSON Stylus C110_D120 Benutzerhandbuch" = EPSON Stylus C110_D120 Handbuch
"FLV Player" = FLV Player 2.0, build 23
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"Garena" = Garena
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.1.5
"HD Tune Pro_is1" = HD Tune Pro 4.60
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Basic 6.0 Ablaufmodell Edition (deu)" = Microsoft Visual Basic 6.0 Ablaufmodell Edition (Deutsch)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDF Reader 2" = PDF Reader 2
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Postal 2" = Postal 2
"Postal 2_is1" = Portal 2
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"Runic Games Torchlight" = Torchlight
"Steam App 11020" = TrackMania Nations Forever
"Steam App 13140" = America's Army 3
"Steam App 17470" = Dead Space
"Steam App 19900" = Far Cry 2
"Steam App 205" = Source Dedicated Server
"Steam App 22380" = Fallout: New Vegas
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 3302" = Bejeweled 2 Deluxe Demo
"Steam App 3312" = Chuzzle Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 3562" = Bejeweled Twist Demo
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 45700" = Devil May Cry 4
"Steam App 46750" = Dark Fall: Lost Souls
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6200" = Ghost Master
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SWiSH Max2" = SWiSH Max2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmUnitedForever_is1" = TmUnitedForever StarEdition
"Tunngle beta_is1" = Tunngle beta
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Videoload Manager" = Videoload Manager 1.0.1545
"VideoMach 4.0.2" = VideoMach 4.0.2
"VLC media player" = VLC media player 1.1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2011 16:41:38 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Crysis2.exe, Version 1.0.0.5858 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 13c8  Anfangszeit: 01cbee4d5015ecd2  Zeitpunkt der Beendigung:
 163
 
Error - 29.03.2011 16:46:10 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: c04  Anfangszeit: 01cbee1ee5e84f22  Zeitpunkt
 der Beendigung: 22
 
Error - 03.04.2011 16:59:35 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f74  Anfangszeit: 01cbf21ac8a25a64  Zeitpunkt der Beendigung:
 2392
 
Error - 07.04.2011 12:02:12 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 900  Anfangszeit: 01cbf53c118e3a87  Zeitpunkt der Beendigung:
 67
 
Error - 15.04.2011 12:17:10 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.968.628 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 2e0  Anfangszeit: 01cbfb872b399c6d  Zeitpunkt der Beendigung:
 64
 
Error - 17.04.2011 12:48:55 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm LeagueofLegends.exe, Version 0.0.0.0 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 12e0  Anfangszeit: 01cbfd1e1b632640  Zeitpunkt
 der Beendigung: 7
 
Error - 17.04.2011 16:27:16 | Computer Name = x | Source = System Restore | ID = 8193
Description = 
 
Error - 21.04.2011 10:27:14 | Computer Name = x | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung portal2.exe, Version 0.0.0.0, Zeitstempel 0x4d4c804d,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x1480, Anwendungsstartzeit 01cc00300e0b8d10.
 
Error - 21.04.2011 10:27:21 | Computer Name = x | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung portal2.exe, Version 0.0.0.0, Zeitstempel 0x4d4c804d,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x6f725056,  Prozess-ID 0x1480, Anwendungsstartzeit 01cc00300e0b8d10.
 
Error - 21.04.2011 12:23:11 | Computer Name = x | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
[ NetLimiter 3 Events ]
Error - 17.04.2011 01:38:50 | Computer Name = x| Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 18.04.2011 11:36:31 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 19.04.2011 10:00:30 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 20.04.2011 09:20:57 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 10:52:08 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 11:16:04 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 11:26:42 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 11:49:19 | Computer Name =x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 12:29:38 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 12:40:09 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
[ System Events ]
Error - 21.04.2011 12:29:49 | Computer Name = x | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = DCOM | ID = 10005
Description = 
 
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.04.2011 12:34:59 | Computer Name = x | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.04.2011 12:39:54 | Computer Name =x | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.04.2011 um 18:37:26 unerwartet heruntergefahren.
 
Error - 21.04.2011 12:39:59 | Computer Name = x| Source = HTTP | ID = 15016
Description = 
 
Error - 21.04.2011 12:41:45 | Computer Name = x | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.04.2011 12:41:46 | Computer Name = x | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.04.2011 21:00:52 | Computer Name = x | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
 
< End of report >
         
--- --- ---

Alt 22.04.2011, 13:10   #5
markusg
/// Malware-holic
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Dbedejimijigok] C:\Users\Blub\AppData\Local\pshqlF.dll (Acronis)
:Files
C:\Users\Blub\AppData\Local\pshqlF.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.04.2011, 13:36   #6
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



so hier schon mal das
PHP-Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dbedejimijigok deleted successfully.
C:\Users\Blub\AppData\Local\pshqlF.dll moved successfully.
========== 
FILES ==========
File\Folder C:\Users\Blub\AppData\Local\pshqlF.dll not found.
========== 
COMMANDS ==========
 
[
EMPTYFLASH]
 
UserAll Users
 
User
Blub
->Flash cache emptied247923 bytes
 
User
das ziehen!
 
User: Default
->
Flash cache emptied41085 bytes
 
User
: Default User
->Flash cache emptied0 bytes
 
User
: Public
 
UserSierra
 
Total Flash Files Cleaned 
0,00 mb
 
 
[EMPTYTEMP]
 
UserAll Users
 
User
Blub
->Temp folder emptied3539088004 bytes
->Temporary Internet Files folder emptied73315084 bytes
->Java cache emptied10299 bytes
->FireFox cache emptied162162705 bytes
->Google Chrome cache emptied6271770 bytes
->Flash cache emptied0 bytes
 
User
das ziehen!
 
User: Default
->
Temp folder emptied0 bytes
->Temporary Internet Files folder emptied33170 bytes
->Flash cache emptied0 bytes
 
User
: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
->Flash cache emptied0 bytes
 
User
: Public
 
UserSierra
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed401408 bytes
%systemroot%\System32 .tmp files removed0 bytes
%systemroot%\System32 (64bit) .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied
1268233505 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied33170 bytes
RecycleBin emptied
0 bytes
 
Total Files Cleaned 
4.816,00 mb
 
 
OTL by OldTimer 
Version 3.2.22.3 log created on 04222011_130935

Files
\Folders moved on Reboot...
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QD9EXZ4J\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYXAXUO8\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D55KAQ8V\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RY93GLB\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot... 
und ich bin mir bei dem unhide nich ganz sicher hab das gestartet und da steht zwar "Please be patient while your files ar made visible again.
Porcessing C:\" aber irgendwie sieht es so aus als würd sich garnix tun passt das?

Alt 22.04.2011, 13:44   #7
markusg
/// Malware-holic
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



das dauert immer ne weile.
und das nächste mal bitte nicht in php code posten.
falls unhide nach 20 min immernoch nicht fertig ist, brich mal ab und starte erneut, mit rechtsklick und als admin
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.04.2011, 13:57   #8
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



Achso sry dann noch mal so
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dbedejimijigok deleted successfully.
C:\Users\Blub\AppData\Local\pshqlF.dll moved successfully.
========== FILES ==========
File\Folder C:\Users\Blub\AppData\Local\pshqlF.dll not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Blub
->Flash cache emptied: 247923 bytes

User: das ziehen!

User: Default
->Flash cache emptied: 41085 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sierra

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Blub
->Temp folder emptied: 3539088004 bytes
->Temporary Internet Files folder emptied: 73315084 bytes
->Java cache emptied: 10299 bytes
->FireFox cache emptied: 162162705 bytes
->Google Chrome cache emptied: 6271770 bytes
->Flash cache emptied: 0 bytes

User: das ziehen!

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sierra

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1268233505 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.816,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_130935

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QD9EXZ4J\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYXAXUO8\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D55KAQ8V\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RY93GLB\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

unhide is jetzt fertig und hab die datei hochgeladen

Alt 22.04.2011, 14:46   #9
markusg
/// Malware-holic
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.04.2011, 17:03   #10
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



So

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6417

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 16:49:05
mbam-log-2011-04-22 (16-49-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Durchsuchte Objekte: 571921
Laufzeit: 1 Stunde(n), 55 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+nfdhfngXdaCxl (Trojan.Downloader.Gen) -> Value: uPc+nfdhfngXdaCxl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ojifoxisigih (Trojan.Agent.U) -> Value: Ojifoxisigih -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dbedejimijigok (Trojan.Agent.U) -> Value: Dbedejimijigok -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\video add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 22.04.2011, 17:04   #11
markusg
/// Malware-holic
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.04.2011, 17:40   #12
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



hm da scheint irgendwas schief gegangen zu sein und zwar habe ich die meldung bekommen "kann syntaktisch an dieser Stelle nicht verarbeitet werden", ich versuchs jetzt nochmal

Alt 22.04.2011, 17:45   #13
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



hm ok wieder das gleiche die genaue Meldung ist: " "\STARtools\StartoolsUP\" ECHO. "C:\Program" kann syntaktisch an dieser Stelle nicht verarbeitet werden."

Alt 22.04.2011, 17:48   #14
markusg
/// Malware-holic
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



ok folgendes:
sp2:
Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone für x64-Systeme (KB948465)
internet explorer 9:
Internet Explorer - Microsoft Windows
windows update:
Microsoft Windows Update
hier instalierst du so lange updates, bis es keine neuen mehr gibt.
windows updates automatisch laden/instalieren:
Aktivieren oder Deaktivieren von automatischen Updates
damit dein system ab sofort immer aktuell bleibt.


wenn du so weit bist, sag bescheid
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.04.2011, 17:54   #15
helpblub
 
TR/Kazy.20156 seit gestern Abend - Standard

TR/Kazy.20156 seit gestern Abend



Ok wird wohl erstmal nen bissel dauern hab nich die schnellste Leitung

Antwort

Themen zu TR/Kazy.20156 seit gestern Abend
abend, ad-aware, antivir, beheben, beschädigt, datei, datein, desktop, festplatte, festplatte beschädigt, gen, gestern, konnte, meldungen, momentan, platte, rechner, schonmal, sekunden, sichtbar, tan, titel, tr/kazy.20156, unsichtbar



Ähnliche Themen: TR/Kazy.20156 seit gestern Abend


  1. Ich weiß, was du gestern Abend getan hast: Porno-App erpresst Nutzer
    Nachrichten - 08.09.2015 (1)
  2. Virus / Trojaner von GVU auf Laptop - seit gestern abend
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (9)
  3. Seit gestern Abend GVU 2.07 Trojaner bereits mit Mwb gescannt u. Logfiles hinzugefügt
    Log-Analyse und Auswertung - 01.08.2012 (8)
  4. Windwosverschlüsselungstrojaner -seit gestern Abend
    Log-Analyse und Auswertung - 28.06.2012 (5)
  5. Extrem langsames Internet seit gestern Abend
    Log-Analyse und Auswertung - 06.01.2012 (1)
  6. Seit Freitag abend komme ich nicht mehr ins Internet.
    Netzwerk und Hardware - 10.07.2011 (1)
  7. Kazy.mekml.1 seit gestern abend
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (26)
  8. tr/kazy.20156 - drwtsn.exe/explorer.exe stürzen ab - kaspersky registriert downloads
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (11)
  9. Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  10. Habe seit gestern den Virus Kazy.meml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (5)
  11. Polizei war gestern Abend da
    Diskussionsforum - 23.03.2011 (16)
  12. Hilfe seit gestern abend nur noch Trojanermeldung TR/starter.go
    Antiviren-, Firewall- und andere Schutzprogramme - 06.08.2009 (30)
  13. PC lahmt seit gestern :(
    Log-Analyse und Auswertung - 16.04.2009 (24)
  14. Internet seit gestern Abend langsam
    Log-Analyse und Auswertung - 15.02.2009 (0)
  15. Jeden Abend seit Sommer 2007 Verbindungsbrüche von 21:00 abends - 6:00 morgens
    Log-Analyse und Auswertung - 09.09.2007 (2)
  16. InternetProbleme seit gestern..
    Plagegeister aller Art und deren Bekämpfung - 14.08.2006 (3)
  17. Virus oder Wurmbefall gestern Abend
    Plagegeister aller Art und deren Bekämpfung - 01.03.2005 (7)

Zum Thema TR/Kazy.20156 seit gestern Abend - Jo wie der Titel schon sagt ständig iwelche "festplatte beschädigt" meldungen ect bekommen sowie datein auf dem Desktop und anders wo unsichtbar geworden, allerdings konnte ich das schon durch Ad-Aware - TR/Kazy.20156 seit gestern Abend...
Archiv
Du betrachtest: TR/Kazy.20156 seit gestern Abend auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.