Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "Avira" Trojaner/Virus und mehrere iexplore.exen (https://www.trojaner-board.de/115031-avira-trojaner-virus-mehrere-iexplore-exen.html)

Kireille 11.05.2012 18:44
"Avira" Trojaner/Virus und mehrere iexplore.exen
 
Guten Abend, liebe Community,

seit heute Morgen öffnet sich bei mir ein verdächtiges Fenster, das sich als ein Update für Avira ausgibt. (Das ganze passierte interessanterweise nachdem ich einen merkwürdigen "Piepton" vernahm und ich einen Avira Virenscan durchführte.) Da der Text sehr verdächtig ist, habe ich natürlich nichts installiert.

"There is an important Updates for Avira Free Antivirus is Ready to Install.
It's Highly Recommended to Start Installation Now."

Man hat die Wahl zwischen "Install now" und "Remind me later". Drückt man zweiteres erscheint das Fenster 10 Sekunden später erneut. Ich bezweifle, dass mich mein deutsches Avira Programm auf englisch danach fragt und vorallem derart Rechtschreibfehler hineinbaut.

Natürlich habe ich vor dem Posten und der Anmeldung hier im Forum die Faq gelesen und würde auch liebend gerne zuerst Logs diesem Post beifügen doch habe ich Angst alles noch zu verschlimmern. Momentan sitze ich am Netbook und habe den PC vom Internet abgeschlossen. Denn nachdem ich den ersten Schnellscan mit Malewarebytes abgeschlossen hatte und zwei infizierte Dateien löschte und danach ein Neustart folgte, entdeckte ich anschließend im Task-Manager ganze 16 iexplore.exen deren Prozesse nicht zu beenden sind, sie erscheinen wieder neu, wenn man sie beendet. (Ich benutze IE nicht und hatte auch nichts geöffnet, es passierte automatisch, allerdings sind keinerlei IE-Fenster geöffnet, nur die Prozesse sind zu sehen.) Jetzt fürchte ich mich etwas davor wieder in das Internet zu gehen, um die Logs hochzuladen.

Als erstes wäre es also nett, wenn mir jemand sagt wie ich es am besten anstelle die Dateien möglichst "sicher", hier hochzuladen. Ich habe leider nicht so viel Ahnung davon und wollte mir zuerst einen Rat einholen und anschließend wäre weitere natürlich auch sehr nett.

Ein großes Danke schon einmal im voraus an alle, die sich meinem Problem annehmen.

markusg 12.05.2012 18:51
hi
öffne avira, ereignisse, poste fundmeldungen,
öffne avira, berichte, poste logs mit funden.
öffne malwarebytes, logdateien, poste berichte mit funden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Kireille 14.05.2012 12:40
OTL Logfile:
Code:
OTL logfile created on: 14.05.2012 12:54:44 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\Kirelle\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,38% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,55 Gb Free Space | 44,64% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 121,71 Gb Free Space | 14,60% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 7,99 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive G: | 268,56 Gb Total Space | 231,39 Gb Free Space | 86,16% Space Free | Partition Type: NTFS
Drive H: | 9,99 Gb Total Space | 9,03 Gb Free Space | 90,40% Space Free | Partition Type: FAT32
Drive I: | 2,00 Gb Total Space | 1,99 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Drive N: | 1862,89 Gb Total Space | 881,47 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
 
Computer Name: KIRELLE-PC | User Name: Kirelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.11 15:44:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Kirelle\Desktop\OTL.exe
PRC - [2012.05.08 18:05:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:05:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:05:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Kirelle\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- D:\hamachi\hamachi-2-ui.exe
PRC - [2011.12.05 19:45:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.07.06 13:24:37 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011.06.21 03:18:57 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.06 13:24:37 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2011.06.25 17:18:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.06.21 03:18:57 | 001,990,144 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
MOD - [2009.11.19 14:10:25 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.04 17:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.08 18:05:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:05:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 09:12:08 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.25 16:01:40 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.05 19:45:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.13 18:07:00 | 004,121,080 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 18:05:41 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 18:05:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.20 14:56:51 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.12.20 14:56:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.02.05 22:50:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.17 18:01:20 | 000,294,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.11.04 18:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.28 07:09:33 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 18:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 16:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008.07.26 16:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://plasmoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A E7 4E 65 A3 85 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {62DF0830-5D37-46B6-87A0-841A8B60EB6E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{62DF0830-5D37-46B6-87A0-841A8B60EB6E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/result.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\Haihaisoft Universal Player\Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\Haihaisoft Universal Player\Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 16:54:50 | 000,000,000 | ---D | M]
 
[2010.01.20 20:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirelle\AppData\Roaming\mozilla\Extensions
[2012.05.14 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirelle\AppData\Roaming\mozilla\Firefox\Profiles\yn0af9e6.default\extensions
[2011.04.26 23:02:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kirelle\AppData\Roaming\mozilla\Firefox\Profiles\yn0af9e6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 12:52:40 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-1.xml
[2011.06.30 10:23:49 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-2.xml
[2011.07.01 11:31:39 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-3.xml
[2011.10.17 17:33:17 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-4.xml
[2011.11.26 19:40:55 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-5.xml
[2012.01.04 20:06:02 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-6.xml
[2012.02.22 14:59:33 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-7.xml
[2012.02.29 19:44:39 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-8.xml
[2012.03.22 18:21:40 | 000,000,950 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin-9.xml
[2011.06.22 14:51:27 | 000,001,069 | ---- | M] () -- C:\Users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\searchplugins\icqplugin.xml
[2012.05.14 12:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.08 18:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.09 17:20:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.09 17:20:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.09 17:20:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.09 17:20:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.09 17:20:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SCX3200_Scan2Pc] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kirelle\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [UpgradeHelper] C:\Users\Kirelle\AppData\Roaming\Microsoft Corporation\{4175EF9F-776E-430A-ABAF-11A5AC0715DF}\UpgradeHelper.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490DA6F7-2D9F-49D1-AE86-AFB6D870D849}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.21 19:32:46 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{13317a17-1302-11df-a8a5-001d7d9b41ed}\Shell - "" = AutoRun
O33 - MountPoints2\{13317a17-1302-11df-a8a5-001d7d9b41ed}\Shell\AutoRun\command - "" = L:\Startup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2083CF5C-4F67-E02E-5BCD-BF6A2C989796} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - D:\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.13 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 09:15:13 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kirelle\Desktop\HijackThis.exe
[2012.05.12 09:14:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kirelle\Desktop\dds.com
[2012.05.12 09:14:19 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\Kirelle\Desktop\ccsetup318.exe
[2012.05.12 09:14:19 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Kirelle\Desktop\OTL.exe
[2012.05.11 10:07:02 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Roaming\Malwarebytes
[2012.05.11 10:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 10:06:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 10:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.11 10:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.06 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Local\Kalypso Media
[2012.05.06 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Roaming\Kalypso Media
[2012.04.28 08:17:57 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Local\Risen2
[2012.04.26 07:53:40 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
[2012.04.16 18:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012.04.16 17:04:00 | 000,000,000 | ---D | C] -- C:\Users\Kirelle\Documents\Dragonica
[2012.04.14 16:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonica
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 12:44:06 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 12:44:06 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 12:35:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.14 12:35:43 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.13 11:37:57 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 09:32:59 | 000,002,577 | ---- | M] () -- C:\Users\Kirelle\Desktop\Attach.rar
[2012.05.12 09:21:04 | 000,000,174 | ---- | M] () -- C:\Users\Kirelle\defogger_reenable
[2012.05.12 08:55:14 | 001,659,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.12 08:55:14 | 000,711,326 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.12 08:55:14 | 000,671,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.12 08:55:14 | 000,152,488 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.12 08:55:14 | 000,128,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.12 05:31:55 | 000,435,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.11 17:35:26 | 000,318,369 | ---- | M] () -- C:\Users\Kirelle\Desktop\HiJackThis.zip
[2012.05.11 16:55:52 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\Kirelle\Desktop\ccsetup318.exe
[2012.05.11 16:48:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kirelle\Desktop\dds.com
[2012.05.11 16:48:00 | 000,050,477 | ---- | M] () -- C:\Users\Kirelle\Desktop\Defogger.exe
[2012.05.11 15:44:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Kirelle\Desktop\OTL.exe
[2012.05.11 10:06:38 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.08 18:05:41 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 18:05:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 17:44:40 | 000,001,527 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.04.27 14:31:18 | 000,000,204 | ---- | M] () -- C:\Users\Kirelle\Desktop\Risen 2 - Dark Waters.url
[2012.04.26 07:53:40 | 000,000,674 | ---- | M] () -- C:\Users\Kirelle\Desktop\GDMO.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.13 11:37:57 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 09:32:59 | 000,002,577 | ---- | C] () -- C:\Users\Kirelle\Desktop\Attach.rar
[2012.05.12 09:21:04 | 000,000,174 | ---- | C] () -- C:\Users\Kirelle\defogger_reenable
[2012.05.12 09:14:20 | 000,318,369 | ---- | C] () -- C:\Users\Kirelle\Desktop\HiJackThis.zip
[2012.05.12 09:14:20 | 000,050,477 | ---- | C] () -- C:\Users\Kirelle\Desktop\Defogger.exe
[2012.05.11 10:06:38 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.06 16:28:26 | 000,001,527 | ---- | C] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.04.27 14:31:18 | 000,000,204 | ---- | C] () -- C:\Users\Kirelle\Desktop\Risen 2 - Dark Waters.url
[2012.04.26 07:53:40 | 000,000,674 | ---- | C] () -- C:\Users\Kirelle\Desktop\GDMO.lnk
[2012.04.06 19:53:24 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.03.26 12:18:21 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\2BDD665219.sys
[2012.03.26 12:18:00 | 000,001,056 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.01.08 19:17:41 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.01.08 19:17:22 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2011.12.05 19:45:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.05 19:45:05 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.28 01:30:39 | 066,911,894 | ---- | C] () -- C:\Users\Kirelle\AppData\Roaming\.minecraft.rar
[2011.07.17 21:22:48 | 000,000,028 | ---- | C] () -- C:\Windows\MyActiveX.INI
[2011.05.22 15:50:10 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.05.18 19:45:41 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\DATA.INI
[2011.02.23 15:22:23 | 003,417,600 | ---- | C] () -- C:\Windows\singles.exe
[2011.01.27 00:15:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2010.12.21 16:39:18 | 000,000,095 | ---- | C] () -- C:\Users\Kirelle\AppData\Local\fusioncache.dat
[2010.12.20 22:17:47 | 001,555,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.28 21:13:17 | 000,036,864 | ---- | C] () -- C:\Users\Kirelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 12:17:48 | 000,152,552 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== LOP Check ==========
 
[2011.12.10 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\.minecraft
[2011.11.27 17:15:09 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Bioshock2
[2012.05.13 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\DAEMON Tools Lite
[2011.06.04 09:57:23 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Dragon Age Toolset
[2011.04.26 23:02:56 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.12 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Haihaisoft
[2009.12.12 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Haihaisoft Universal Player
[2012.05.07 23:54:33 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ICQ
[2010.08.21 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\IrfanView
[2012.05.06 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Kalypso Media
[2010.04.17 20:51:27 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Leadertech
[2011.08.05 20:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Lionhead Studios
[2012.02.09 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ooVoo Details
[2011.06.27 11:34:35 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\OpenOffice.org
[2009.12.12 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Opera
[2012.03.10 01:09:57 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Origin
[2009.12.25 01:39:59 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ProtectDisc
[2011.12.05 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\PunkBuster
[2011.11.14 17:06:59 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\runic games
[2010.01.16 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\Secret of the Solstice
[2010.09.18 16:45:08 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\ShanghaiAlice
[2011.05.22 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\SoftMaker
[2012.05.13 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\TS3Client
[2011.05.16 16:25:52 | 000,000,000 | ---D | M] -- C:\Users\Kirelle\AppData\Roaming\XMedia Recode
[2012.03.16 18:42:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.20 14:47:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.12 16:48:54 | 000,000,000 | ---D | M] -- C:\ATI
[2011.06.23 17:39:18 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.08.04 23:42:57 | 000,000,000 | ---D | M] -- C:\data
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.12 15:06:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.13 11:37:56 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.12 10:08:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.05.11 10:06:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.12 15:06:55 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.12 15:06:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.05.14 12:57:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.12.12 15:07:05 | 000,000,000 | R--D | M] -- C:\Users
[2010.07.03 15:01:43 | 000,000,000 | ---D | M] -- C:\VXIPNP
[2012.05.14 12:35:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.12 09:21:04 | 000,000,174 | ---- | M] () -- C:\Users\Kirelle\defogger_reenable
[2012.05.14 13:02:19 | 003,407,872 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT
[2012.05.14 13:02:19 | 000,262,144 | -HS- | M] () -- C:\Users\Kirelle\ntuser.dat.LOG1
[2009.12.12 15:07:08 | 000,000,000 | -HS- | M] () -- C:\Users\Kirelle\ntuser.dat.LOG2
[2009.12.12 16:16:57 | 000,065,536 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.12 16:16:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.12 16:16:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kirelle\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.12.12 15:07:08 | 000,000,020 | -HS- | M] () -- C:\Users\Kirelle\ntuser.ini
[2011.07.14 16:16:19 | 000,008,126 | ---- | M] () -- C:\Users\Kirelle\story2.rtf
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Files - Unicode (All) ==========
[2010.03.24 14:05:12 | 000,048,640 | ---- | M] ()(C:\Users\Kirelle\Documents\Antik?rper.doc) -- C:\Users\Kirelle\Documents\Antik￿rper.doc
[2010.03.24 14:05:12 | 000,048,640 | ---- | C] ()(C:\Users\Kirelle\Documents\Antik?rper.doc) -- C:\Users\Kirelle\Documents\Antik￿rper.doc

< End of report >
--- --- ---

Kireille 14.05.2012 12:42
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 14.05.2012 12:54:44 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\Kirelle\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,38% Memory free
4,00 Gb Paging File | 2,54 Gb Available in Paging File | 63,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,55 Gb Free Space | 44,64% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 121,71 Gb Free Space | 14,60% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 7,99 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive G: | 268,56 Gb Total Space | 231,39 Gb Free Space | 86,16% Space Free | Partition Type: NTFS
Drive H: | 9,99 Gb Total Space | 9,03 Gb Free Space | 90,40% Space Free | Partition Type: FAT32
Drive I: | 2,00 Gb Total Space | 1,99 Gb Free Space | 99,51% Space Free | Partition Type: FAT
Drive N: | 1862,89 Gb Total Space | 881,47 Gb Free Space | 47,32% Space Free | Partition Type: NTFS
 
Computer Name: KIRELLE-PC | User Name: Kirelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02133806-AFAC-4556-BBEC-1DA67C0B5463}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0629BD2E-7AD3-43AF-B6ED-D590E35E1F2F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{099F73C0-E788-4BDF-A852-B3EE483E2BCC}" = lport=138 | protocol=17 | dir=in | app=system |
"{0F0FEB51-4615-4FF5-BBA8-062B0D2C640B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{138DB89F-4501-48CA-BBB3-2374D0DFCAE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21F61A77-1701-45BD-9E31-D17633659AB2}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B60AEC6-C5BC-4656-894F-758456F51BEB}" = rport=445 | protocol=6 | dir=out | app=system |
"{35FD8EC9-698C-4303-ABB0-E5C47BA1F5DB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{45BE0117-E7B3-45D5-B6EB-8694317E53A8}" = rport=137 | protocol=17 | dir=out | app=system |
"{47C7D545-903B-46D9-AE71-8B17C5468727}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4E7C8C91-8C79-4D09-B1B4-55449E722F8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B58BC6E-7E78-42F9-AA83-AA9257AE6619}" = lport=49326 | protocol=6 | dir=in | name=akamai netsession interface |
"{5F816154-3614-421D-B559-8653229415FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{675AC613-877B-44E5-8238-F22197CCE5CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C07EBBA-2987-41C6-84D0-81E967B57B51}" = lport=137 | protocol=17 | dir=in | app=system |
"{78CBBEAC-CC74-4757-8EF7-0610F11FE8AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DFFA8A7-0FC6-4A60-A41F-53A9BE336C09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{835228F1-D4D0-488C-B5FC-AFD9F918A849}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{93C7F896-1962-409E-B641-6C155B36E93E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A2DE3F34-BE30-4C0F-A5BB-2AAD342F808D}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3BF5AA6-618E-41C4-BBD3-6B07D93D8623}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2184377-B5B6-48F4-8FA2-C3975BE944A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD724E9D-A32E-43CD-BBBF-4EEC9F2B2436}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0AB4EDA-CE5B-45CE-9E37-5BB2C685D063}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C6C79E9D-81F4-4D32-9E79-A21010A8B241}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CECEA6A5-0179-40DA-8F5A-989A468F07A8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2E7FE14-1FD1-4648-98EE-AAF624EE0C7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4FD9E1B-95C6-4387-8D3F-48B401214783}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7884199-11DB-4768-A0D7-004726441D88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA71BD44-4A0A-4CF5-95C7-BDFC65FD275C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E5C0828A-C560-4498-BB3F-2C39BBA6D17E}" = rport=139 | protocol=6 | dir=out | app=system |
"{E604F8D9-F02B-422E-A616-3CBA6215D2D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E97E85D2-329D-4759-B8BC-5C019E7011E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED8F0185-AE25-4F3C-916E-10344E0A14C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F4EBC9D8-6EAC-4527-8BD0-A660DA2A4612}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00231896-92B1-455A-B726-F6AB4CA98C6A}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\dragonagetoolset.exe |
"{0090FF6B-F8BF-4AC7-86EC-0A1206B7AE95}" = dir=in | app=d:\skype\phone\skype.exe |
"{015316B0-C9EF-4E70-BD66-DDCC17BA0671}" = dir=in | app=d:\skype\phone\skype.exe |
"{02271A86-BEA5-41AF-A737-C2C615A4B504}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\uplaybrowser.exe |
"{022CC925-5C22-47DC-866B-DC7242CEA979}" = dir=in | app=d:\skype\phone\skype.exe |
"{02D2A215-19C0-4CD9-AED7-E611F610DDCF}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{02DAFBA5-3D7F-4718-B1DF-55A8861E7303}" = dir=in | app=d:\skype\phone\skype.exe |
"{0481EE7A-D521-4801-BF28-34AFF51E6D46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{04C1B3E4-F66E-4FA3-AE8A-8DF49C366C4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04E814A6-8F0C-49BA-BE8A-F20B998656E8}" = dir=in | app=d:\skype\phone\skype.exe |
"{0649D88F-4AE9-4CF3-A674-76C94D00C6AE}" = dir=in | app=d:\skype\phone\skype.exe |
"{06AC79FE-5EA8-49E8-8BAB-EF4DB3463E70}" = dir=in | app=d:\skype\phone\skype.exe |
"{08DA48ED-6B1C-447C-BA9A-D4EF503C7389}" = dir=in | app=d:\skype\phone\skype.exe |
"{09D48C27-9BC3-43D2-857A-C041374DD749}" = dir=in | app=d:\skype\phone\skype.exe |
"{0A98867F-B041-45E1-B021-5264255CFD2D}" = protocol=6 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{0ACF16BC-7877-4857-98D1-A0A8A5876B88}" = dir=in | app=d:\skype\phone\skype.exe |
"{0B69A8AD-6CFA-46EB-A990-065AA64EC9EE}" = dir=in | app=d:\skype\phone\skype.exe |
"{0C69C0C0-96A8-4867-BEB3-13D568A996D1}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\acbmp.exe |
"{0D6BD79E-0CD2-46DE-9317-645388BC2E6C}" = dir=in | app=d:\skype\phone\skype.exe |
"{0E6FE280-09A2-4675-A959-741E350270C3}" = dir=in | app=d:\skype\phone\skype.exe |
"{0F2F75E9-C96D-47A1-852A-E2676A81A877}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0F5C4B0E-4691-486A-8501-0A6F33D4DC57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F8FA134-C6FD-4382-9638-F4E9E990AF02}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{0FC29CCB-10EF-47FA-A57F-087375EC21B0}" = dir=in | app=d:\skype\phone\skype.exe |
"{103F0C5D-6F39-4D4F-9030-F40AA3E724AE}" = dir=in | app=d:\skype\phone\skype.exe |
"{1065CE45-17C3-469B-AD23-756A92CA33AF}" = dir=in | app=d:\skype\phone\skype.exe |
"{116F51EE-B0DC-42B1-AC8A-23B95B13BA2D}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\erfeditor.exe |
"{122FDF3E-9935-471E-9BBA-BC11E7CB93B6}" = dir=in | app=d:\skype\phone\skype.exe |
"{12453226-0A46-4E89-808F-E0ED1CC1715E}" = dir=in | app=d:\skype\phone\skype.exe |
"{1485A061-FD1F-418D-A495-7B6DB522A8BA}" = dir=in | app=d:\skype\phone\skype.exe |
"{156398B4-03AA-4173-A249-4C332309C904}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{15D1364B-72EF-48C6-A043-340593DDF935}" = dir=in | app=d:\skype\phone\skype.exe |
"{1667B6F0-DBE3-47F9-BFA7-70E8329255B1}" = dir=in | app=d:\skype\phone\skype.exe |
"{16A4709F-6A69-4F51-82F1-66165AA9F780}" = dir=in | app=d:\skype\phone\skype.exe |
"{16AD232D-FD8E-46EB-AE55-9B889098FD4C}" = dir=in | app=d:\skype\phone\skype.exe |
"{17126C1D-5E5A-44FC-8BC1-4526F13E6930}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{1729F266-7BAF-4C5B-BF41-3AC4014132B2}" = dir=in | app=d:\skype\phone\skype.exe |
"{178395DF-5760-47CF-95B1-F47955DEEBE8}" = dir=in | app=d:\skype\phone\skype.exe |
"{187DF2E9-7A8B-40E1-BE29-9896720AE643}" = dir=in | app=d:\skype\phone\skype.exe |
"{190B442E-91BF-49C5-BE39-C2D5A16670CB}" = dir=in | app=d:\skype\phone\skype.exe |
"{19861038-E201-4850-8989-E7936D5E2429}" = protocol=6 | dir=in | app=d:\games\civilization 4\warlords\civ4warlords.exe |
"{19B16ABF-10A5-4ABF-85C1-3A5F20056274}" = dir=in | app=d:\skype\phone\skype.exe |
"{1ABFD90A-2164-41B0-BFD4-440079F92B36}" = dir=in | app=d:\skype\phone\skype.exe |
"{1B6CFB35-B8F0-48E1-9CCE-6FB9F5F7781E}" = protocol=17 | dir=in | app=d:\games\dragon age 2\bin_ship\dragonage2.exe |
"{1B7330E3-F905-487B-91C6-A4B4CEBAD4A8}" = dir=in | app=d:\skype\phone\skype.exe |
"{1C213E0E-2384-4054-8AF0-265E7D70740D}" = dir=in | app=d:\skype\phone\skype.exe |
"{1CA533F2-1B6F-4C32-AE4D-917B4387CF9E}" = dir=in | app=d:\skype\phone\skype.exe |
"{1CC38FBF-846A-4B07-B07C-B23708BD00FC}" = protocol=6 | dir=in | app=n:\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{1D52A436-C79C-4EEF-815B-483B9415CFE2}" = dir=in | app=d:\skype\phone\skype.exe |
"{1D9EDAEC-B51D-484F-8765-00709E8C9B5C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1E24EF80-F208-459E-BABA-0931D6077DA6}" = protocol=6 | dir=in | app=d:\games\dragon age 2\bin_ship\dragonage2.exe |
"{1E2F97F9-9ECA-4BFF-8B60-C613310E4D1B}" = dir=in | app=d:\skype\phone\skype.exe |
"{1E727FF5-8603-4B39-B297-2D5B4BA4DC8C}" = dir=in | app=d:\skype\phone\skype.exe |
"{1EA78BF8-CFAB-4BCE-BAC3-D77136459558}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{1FDFE605-571A-46AE-AA58-1C1EEE225130}" = dir=in | app=d:\skype\phone\skype.exe |
"{209C78EA-4D49-497C-B7BA-0A6F7260BCA2}" = dir=in | app=d:\skype\phone\skype.exe |
"{212DEAE2-A286-41F2-99F5-BAC5C53DF52C}" = dir=in | app=d:\skype\phone\skype.exe |
"{21C54DA2-504E-4BF7-889A-0A0FA61BF5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{220301F4-9374-46E9-A2BE-73FF9B7EACCE}" = dir=in | app=d:\skype\phone\skype.exe |
"{22EFDEB5-F2BA-4FE9-ABA3-42AAA24A2EEB}" = dir=in | app=d:\skype\phone\skype.exe |
"{2376EAF3-7333-404D-9305-B80B8EAB3E14}" = dir=in | app=d:\skype\phone\skype.exe |
"{240217FE-042A-4228-BFF1-AD37C1CFA604}" = dir=in | app=d:\skype\phone\skype.exe |
"{25FE8329-325A-404B-BBC4-566A7365D937}" = dir=in | app=d:\skype\phone\skype.exe |
"{26B1BB18-D01E-4EE0-AB88-319F5875BFDD}" = dir=in | app=d:\skype\phone\skype.exe |
"{27BAEA84-EDBC-49CA-89CA-987107142BD0}" = dir=in | app=d:\skype\phone\skype.exe |
"{284933A2-BAED-4B9E-817C-89F141FCBE20}" = dir=in | app=d:\skype\phone\skype.exe |
"{28757887-A514-4E51-8FDB-BD366EC5B784}" = dir=in | app=d:\skype\phone\skype.exe |
"{28F9E27A-B652-41B8-B107-BE9A311E28DB}" = protocol=17 | dir=in | app=d:\games\age of empires\empires.exe |
"{2903F92C-00D2-47E4-9247-E5881EF04DC5}" = dir=in | app=d:\skype\phone\skype.exe |
"{2913D41D-37F2-4406-BC13-2F4A004AEC2D}" = dir=in | app=d:\skype\phone\skype.exe |
"{2916500E-F103-44B8-B675-CD1E966898A2}" = dir=in | app=d:\skype\phone\skype.exe |
"{297D7E26-E23D-4B36-A632-F2A5007EF23A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29AEBCE2-0DCE-4E9B-966A-90CFC003E7A8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{29E9DCB4-AB7A-453B-B482-1966160FCB1F}" = dir=in | app=d:\skype\phone\skype.exe |
"{2A7BC8A3-1B11-41BB-ADA6-A4953E9D451C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{2A8996DE-4ACF-415B-9F04-94FBFF85455A}" = dir=in | app=d:\skype\phone\skype.exe |
"{2B414818-A13E-4A3C-99A5-ACB997647381}" = dir=in | app=d:\skype\phone\skype.exe |
"{2C132EEA-5310-4CBC-923A-C91E9E3F765D}" = dir=in | app=d:\skype\phone\skype.exe |
"{2C1D831E-C319-48CA-BCC2-7C76FF72147D}" = dir=in | app=d:\skype\phone\skype.exe |
"{2CD3F24E-3452-4D66-B91B-20F93A24F76C}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{2CF144A6-FFF5-4B02-AB88-3942E56A0EBB}" = dir=in | app=d:\skype\phone\skype.exe |
"{308E70B5-E882-440F-ACE4-590811D2D49B}" = dir=in | app=d:\skype\phone\skype.exe |
"{315FFA11-C9A4-4960-9553-8B33DF38E29F}" = dir=in | app=d:\skype\phone\skype.exe |
"{31830643-32CF-44A9-B4AC-BF68559B253B}" = dir=in | app=d:\skype\phone\skype.exe |
"{327B49C5-D62D-4A2D-B82A-99FCD843D516}" = dir=in | app=d:\skype\phone\skype.exe |
"{32B89411-F710-4919-8701-A1174FAD8C27}" = protocol=6 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{335A7E9B-DCD0-4897-93A8-23375542052B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{339CF960-27F4-4921-B23F-4723810DC9C3}" = dir=in | app=d:\skype\phone\skype.exe |
"{341C368C-EED8-47E8-BD78-9D60821BEBF3}" = dir=in | app=d:\skype\phone\skype.exe |
"{346B75A2-0F04-462B-9D28-D076D0301E76}" = dir=in | app=d:\skype\phone\skype.exe |
"{34B81498-920F-4055-A784-253EDF17595B}" = dir=in | app=d:\skype\phone\skype.exe |
"{34DBFB61-A040-437C-A53F-13E1C18CDFD5}" = dir=in | app=d:\skype\phone\skype.exe |
"{35C3A619-EAB1-4054-9B84-DB42A7F0863D}" = dir=in | app=d:\skype\phone\skype.exe |
"{36A68F05-324B-4E29-A5E8-0E3B0BF977A0}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\erfeditor.exe |
"{36ADF35C-FAEC-43D1-B710-102DC7F294E8}" = dir=in | app=d:\skype\phone\skype.exe |
"{36BEAA81-D8D1-4F30-9F4B-AA6D560335F6}" = protocol=17 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe |
"{3713C393-567E-4687-BF99-7070B966F43A}" = dir=in | app=d:\skype\phone\skype.exe |
"{377BF6EF-057D-4E93-81CD-B729BCC911E9}" = protocol=6 | dir=in | app=n:\portal 2\steamapps\common\risen 2\system\risen2.exe |
"{38661FE1-7DE3-46FF-A94E-0BB16DCC4502}" = dir=in | app=d:\skype\phone\skype.exe |
"{38F553BF-0AE3-4A31-99F7-0EB405CA0814}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{38FDC4C5-ADB5-480C-92B0-3E2368E49ABE}" = dir=in | app=d:\skype\phone\skype.exe |
"{3A249DA8-4D58-40DA-8005-D1D4D52071C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{3A8CF2EA-1C3E-436B-8D03-988ACF003421}" = dir=in | app=d:\skype\phone\skype.exe |
"{3AFF7AC4-2335-4C3F-B60D-0123B8841BF4}" = dir=in | app=d:\skype\phone\skype.exe |
"{3B6C7D06-0922-4DCB-A779-52689EB04765}" = dir=in | app=d:\skype\phone\skype.exe |
"{3BC7BBC4-5B48-4549-9A5F-DC1B50E9961C}" = protocol=17 | dir=in | app=d:\games\civilization 4\beyond the sword\civ4beyondsword.exe |
"{3BD68951-DC2C-4A8D-AF97-24B9A7B27144}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{3D293682-6982-4026-8B46-CCE60CB1BCDB}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{3D9210B8-6655-415A-96C3-14C98FC2276E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3DE63980-3B4F-4CA1-A987-92CD6E7515C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E5E2BA3-099C-40A1-9929-6B3D4CB241E1}" = dir=in | app=d:\skype\phone\skype.exe |
"{3F020EF2-D857-4D75-B24B-C190989BF965}" = protocol=17 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe |
"{3F27E3F8-0F1F-422F-8F4B-7963429CCD13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40139B6D-4D7B-4412-8093-204DAB310E74}" = dir=in | app=d:\skype\phone\skype.exe |
"{402A0394-4681-4B25-8483-D310A9A323AE}" = dir=in | app=d:\skype\phone\skype.exe |
"{418DCDD5-AD84-44D7-A3CC-E436EB0C31B9}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\lightmapper\eclipseray.exe |
"{421AE707-6656-4C23-A910-FB2EE8BED323}" = dir=in | app=d:\skype\phone\skype.exe |
"{425BA976-F3C6-4B01-AB00-050A58D68465}" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{4272F673-51C0-4EFB-B904-05817E2E1CEE}" = dir=in | app=d:\skype\phone\skype.exe |
"{42E04A4F-6618-438D-8406-5D834FA410D2}" = dir=in | app=d:\skype\phone\skype.exe |
"{43208C98-CB70-46CB-8D9A-69C64E8BD221}" = protocol=6 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe |
"{4375138D-7801-4A65-A4EA-09448A17BF6E}" = dir=in | app=d:\skype\phone\skype.exe |
"{43BA411F-7E23-4ED0-A8E7-24F69870A14A}" = dir=in | app=d:\skype\phone\skype.exe |
"{44A34DB3-CE65-40EA-87BD-1625F01C71FB}" = dir=in | app=d:\skype\phone\skype.exe |
"{451DFED2-6346-42FB-B8BF-F40E7A11DD7A}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{46C304BB-B0FD-4053-A5C5-ECB683D2CDC4}" = dir=in | app=d:\skype\phone\skype.exe |
"{474F0BDB-3A27-43F6-864D-B27F55DE0A77}" = dir=in | app=d:\skype\phone\skype.exe |
"{4856C848-19CE-4530-A02D-D82BE53119C9}" = dir=in | app=d:\skype\phone\skype.exe |
"{4896B269-7494-4FF8-B07D-6901756A2070}" = dir=in | app=d:\skype\phone\skype.exe |
"{48C9D3AB-3F5C-4E04-A583-CC6A72A315D9}" = dir=in | app=d:\skype\phone\skype.exe |
"{49C9E716-0C89-4FE1-AB82-4CDC254C9DC7}" = dir=in | app=d:\skype\phone\skype.exe |
"{49F541B3-54B9-47A9-856F-45430BF1AD3B}" = dir=in | app=d:\skype\phone\skype.exe |
"{4A583123-BD51-4E34-B21A-FBC24B897ABA}" = dir=in | app=d:\skype\phone\skype.exe |
"{4AE0E348-5AE5-4FA8-8833-B5A0C18C6747}" = dir=in | app=d:\skype\phone\skype.exe |
"{4B1F0B5C-442C-47BA-B672-B12A657F8BCE}" = dir=in | app=d:\skype\phone\skype.exe |
"{4D589A1D-1DFC-46AD-B7EE-5C27FCBB4BF9}" = dir=in | app=d:\skype\phone\skype.exe |
"{4DB521D8-0114-4D74-8540-63DD849EA33C}" = dir=in | app=d:\skype\phone\skype.exe |
"{4DBDDBF8-CA71-4268-BF2C-13D0FCC70F4A}" = dir=in | app=d:\skype\phone\skype.exe |
"{4E101FD8-E368-4353-AA86-092FF6DB879F}" = dir=in | app=d:\skype\phone\skype.exe |
"{4F301B7F-CE72-48BF-85B4-58EC57EC47CD}" = dir=in | app=d:\skype\phone\skype.exe |
"{4F913B5D-B949-40B1-96A5-FCD5D8424974}" = dir=in | app=d:\skype\phone\skype.exe |
"{51FAEF3A-BF34-4425-8E66-484AB1199D5A}" = dir=in | app=d:\skype\phone\skype.exe |
"{55837C12-2A9E-47A6-8A94-0B5E0A43CACE}" = dir=in | app=d:\skype\phone\skype.exe |
"{55B7D609-3867-45CD-B589-73889C918AED}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{57DC1E1A-6733-42F3-9091-873B0316CAC7}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"{58D58C67-5304-4F89-9838-459E69EBEF9C}" = dir=in | app=d:\skype\phone\skype.exe |
"{5928ABE5-82CF-44B1-9104-6DA5B9735936}" = dir=in | app=d:\skype\phone\skype.exe |
"{5933F271-92B4-4F3C-88B4-92D61CBFA5DE}" = dir=in | app=d:\skype\phone\skype.exe |
"{5973B929-1161-4D91-8AFD-A65916748E9E}" = dir=in | app=d:\skype\phone\skype.exe |
"{5AE9E334-2660-4C2C-BF7B-BD79A8C84EAB}" = protocol=17 | dir=in | app=n:\portal 2\steam.exe |
"{5C0C53B9-F00C-4FB1-8726-7935703C6739}" = dir=in | app=d:\skype\phone\skype.exe |
"{5CDBB38E-0B36-455F-84C1-121B782314F8}" = dir=in | app=d:\skype\phone\skype.exe |
"{5E9AAF13-F3FC-4C67-8DA6-2B59AF8E7D91}" = dir=in | app=d:\skype\phone\skype.exe |
"{5F234758-D6E3-4840-8264-E2C24B4F66A8}" = dir=in | app=d:\skype\phone\skype.exe |
"{6011772D-B789-4028-9B73-9AF6221A9F25}" = dir=in | app=d:\skype\phone\skype.exe |
"{6055E635-4958-4F77-9F4B-CDDD9140A14E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{60AD3584-E966-4C77-BC1B-35CEB8FC09BF}" = dir=in | app=d:\skype\phone\skype.exe |
"{60C73F46-7DE2-4644-9A25-B0F95D27394B}" = dir=in | app=n:\port royale 3\portroyale3.exe |
"{62C62772-F0FC-4555-86D1-3001E1566C24}" = dir=in | app=d:\skype\phone\skype.exe |
"{6358B7E5-ED37-45C0-BED8-7A6FEABAA943}" = dir=in | app=d:\skype\phone\skype.exe |
"{63945C05-9CA5-4483-9BC1-0E8470ADD162}" = dir=in | app=d:\skype\phone\skype.exe |
"{6544E09A-034C-4DD4-A473-5E5971ACB3E6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{65EAE8B7-AE60-4072-86D0-FF89E7B9B1D1}" = protocol=17 | dir=in | app=d:\games\secretofsolstice\sosclient.exe |
"{6614013F-4FA5-4FAE-8920-1B5FC2FB9E69}" = dir=in | app=d:\skype\phone\skype.exe |
"{6663E1D6-F5CE-4614-BAF7-BAF03A9F3A39}" = protocol=6 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe |
"{668089D8-5CDB-4D2F-A02C-EFA9D2C7C4E0}" = dir=in | app=d:\skype\phone\skype.exe |
"{668C3DC8-27A8-4E23-847C-69F5A4C2CF64}" = dir=in | app=d:\skype\phone\skype.exe |
"{670C5870-1B4D-4E0B-862A-6C812CD91230}" = dir=in | app=d:\skype\phone\skype.exe |
"{67AD1634-FA98-4114-B7AA-858C22DB1CC0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{67FBB088-3EB8-438E-9E4F-87D645E04417}" = dir=in | app=d:\skype\phone\skype.exe |
"{68326734-8888-450E-9F9F-BC642F33C775}" = dir=in | app=d:\skype\phone\skype.exe |
"{6873083A-8867-4CF3-9E05-F5E099389ACA}" = dir=in | app=d:\skype\phone\skype.exe |
"{68A3A1D3-7616-4C10-93B3-4489BF84B8D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68AAC4D2-960E-436D-89A7-2B349F2730AC}" = dir=in | app=d:\skype\phone\skype.exe |
"{690CF7B0-B562-4155-BB09-BA5E87614565}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\rpu.exe |
"{690F12FB-B0CC-4A78-87FA-91246470CA6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{694A68CA-EDC0-433E-A597-C3C1F7C9284A}" = dir=in | app=d:\skype\phone\skype.exe |
"{69530313-433C-4FE5-9E72-13B3DF16F363}" = protocol=17 | dir=in | app=c:\program files (x86)\haihaisoft universal player\hmplayer.exe |
"{6969EDEB-21EC-45B1-9545-11542D6D1EE7}" = dir=in | app=d:\skype\phone\skype.exe |
"{69EC6E4E-38D5-45E4-A01C-EF24B357D464}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"{6BC4A477-765A-4114-85EF-96D3CF8B35B3}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\uplaybrowser.exe |
"{6C1D2F13-1936-4619-A875-A62C6DA72A4B}" = dir=in | app=d:\skype\phone\skype.exe |
"{6D685BF3-E335-4C3B-9755-56C658F44A62}" = protocol=17 | dir=in | app=n:\portal 2\steamapps\common\portal 2\portal2.exe |
"{6D8CCDD2-C176-4A5C-9057-D72BC20CA3C1}" = dir=in | app=d:\skype\phone\skype.exe |
"{6E305782-7A9D-4A20-8407-13C90B11B883}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E868AD0-6AFB-4497-81D2-02DEB3D37AA1}" = dir=in | app=d:\skype\phone\skype.exe |
"{6EF1C134-C5FF-4EF0-A461-059670E8A8E5}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\acbmp.exe |
"{6F06F740-A92E-413D-9241-4816E31DE91E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F28D66F-A5D9-4CFE-85DF-27D8C681A1A7}" = dir=in | app=d:\skype\phone\skype.exe |
"{6F499FD2-EF01-4DBB-A030-0C1E9FFB96D6}" = protocol=6 | dir=in | app=n:\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{6F6C3799-D7AE-4E5A-A74D-150A4B789F97}" = dir=in | app=d:\skype\phone\skype.exe |
"{6F727EB0-1D1A-404E-9865-B4DCF30C8F9C}" = dir=in | app=d:\skype\phone\skype.exe |
"{7010282E-E45E-47AB-A247-C238E00EFD40}" = dir=in | app=d:\skype\phone\skype.exe |
"{703E60FD-C890-4A3A-8BE0-EAC2F6723585}" = protocol=17 | dir=in | app=n:\portal 2\steamapps\common\risen 2\system\risen2.exe |
"{7057EFC3-09AD-48C8-88F2-CD1CF9F1805E}" = dir=in | app=d:\skype\phone\skype.exe |
"{70E79ECA-5C23-42DC-ACE7-C87A325517F0}" = dir=in | app=d:\skype\phone\skype.exe |
"{71DEB212-93A2-4D1A-BBAD-64A5A114F237}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{72584C1E-90BE-475D-8BC3-20DE093710AA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{72616059-B028-462E-A7C1-203B2DCF5813}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"{729B041E-C37A-4BBF-A2E8-8CE5621B0CFC}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\gffeditor.exe |
"{72F7D1AB-6007-4F41-8E79-8691CD9A1DBB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{73FDB828-DFEF-4136-8E7A-A667E8A62555}" = dir=in | app=d:\skype\phone\skype.exe |
"{7491F562-DCE3-4268-93DF-9176077E6B02}" = dir=in | app=d:\skype\phone\skype.exe |
"{75D1696E-F028-4738-8CBC-D40A96AB9558}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{76B76B2F-C85F-4F9A-A7E1-1F445CD862A5}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\gffeditor.exe |
"{76CD9E1E-6F46-401D-B510-7801ACD5C126}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{76DA7E96-E40D-40DC-9742-E2BD172490EB}" = dir=in | app=d:\skype\phone\skype.exe |
"{76DDCA7D-29E6-4F5A-9730-550EF237FFE7}" = dir=in | app=d:\skype\phone\skype.exe |
"{78ED6893-13C2-456A-A50B-07912D9DB42C}" = protocol=17 | dir=in | app=c:\users\kirelle\appdata\local\akamai\netsession_win.exe |
"{79274D4D-7AA0-4C71-9BD5-2A2D2F5B4BD0}" = dir=in | app=d:\skype\phone\skype.exe |
"{79740063-B9EB-40FD-A012-228B3E4EFE58}" = protocol=6 | dir=in | app=n:\portal 2\steamapps\common\portal 2\portal2.exe |
"{79B89332-E2AD-48BD-B75D-CBF063A66333}" = dir=in | app=d:\skype\phone\skype.exe |
"{79DE50F3-AD9C-4CA7-91AC-A6FC67AC7320}" = dir=in | app=d:\skype\phone\skype.exe |
"{7A6D9D7D-BFAC-442E-8690-4B4DD247B796}" = dir=in | app=d:\skype\phone\skype.exe |
"{7ABA68A2-D7CF-4604-B691-7A3D414CD93F}" = dir=in | app=d:\skype\phone\skype.exe |
"{7AE9178E-1692-4B1C-835F-438D9F8FDB06}" = protocol=58 | dir=in | app=system |
"{7D05E633-12A6-4DE3-8974-76160FF5839C}" = protocol=17 | dir=in | app=d:\games\civilization 4\warlords\civ4warlords.exe |
"{7F2BFA55-DE91-409C-B92C-9FBB18C2B273}" = dir=in | app=d:\skype\phone\skype.exe |
"{7FA56E46-65D2-4ACB-8262-76F8EE33A078}" = dir=in | app=d:\skype\phone\skype.exe |
"{8012EA63-2A9A-427C-A4D3-9DB3F800CB09}" = dir=in | app=d:\skype\phone\skype.exe |
"{8032807E-21BF-4F19-9C6E-4A3B985A39B8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80601A5D-523F-47E8-A03D-A91DF51BDA13}" = dir=in | app=d:\skype\phone\skype.exe |
"{80B770F1-BB55-4D5D-B301-988288FE0841}" = dir=in | app=d:\skype\phone\skype.exe |
"{835CD0D8-2F95-4623-A249-BF463285C5F7}" = dir=in | app=d:\skype\phone\skype.exe |
"{83623DC5-4634-46D0-807E-7CE362F79CA6}" = dir=in | app=d:\skype\phone\skype.exe |
"{839DCA55-22E3-440B-991B-5AE3DD914112}" = dir=in | app=d:\skype\phone\skype.exe |
"{8444C08E-5457-48B4-9375-48E603DF22B7}" = dir=in | app=d:\skype\phone\skype.exe |
"{85054250-BBA5-4E58-A90C-611A2BA4CE76}" = dir=in | app=d:\skype\phone\skype.exe |
"{85A82670-A2F7-4107-B545-D9702D16B0BE}" = dir=in | app=d:\skype\phone\skype.exe |
"{85EE2412-8BC8-4E46-9432-EFDE6102E5AD}" = protocol=17 | dir=in | app=d:\games\dragon age 2\dragonage2launcher.exe |
"{87210C4E-4590-4818-A599-8117988D1B3C}" = dir=in | app=d:\skype\phone\skype.exe |
"{874BBC86-6689-47F0-9F9F-32E603C3E208}" = dir=in | app=d:\skype\phone\skype.exe |
"{875A79CA-2EF2-45DB-BFCF-B066A7EDB264}" = dir=in | app=d:\skype\phone\skype.exe |
"{87CA4A55-C7D4-450E-A12F-943925002159}" = dir=in | app=d:\skype\phone\skype.exe |
"{881A2E30-B483-4D0F-9BAE-199C4DB3F551}" = dir=in | app=d:\skype\phone\skype.exe |
"{885AE3DA-207C-4C5F-8B5D-846C63B601B1}" = dir=in | app=d:\skype\phone\skype.exe |
"{893609CC-AE14-4A25-B127-75D3C99D27CC}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{89908234-A3A5-4346-A0AA-B445655D3740}" = protocol=6 | dir=in | app=d:\games\age of empires\empires.exe |
"{8BAD78DB-E5A6-42CD-B3C9-922A27FB7F9C}" = protocol=6 | dir=in | app=n:\portal 2\steam.exe |
"{8DB28B67-83F8-4466-8CE1-4A5A77115629}" = dir=in | app=d:\skype\phone\skype.exe |
"{8F7A5575-7943-444C-9FA3-4FB5DE7AF54E}" = dir=in | app=d:\skype\phone\skype.exe |
"{90816646-CAA0-4F71-9A0C-4927E0829689}" = dir=in | app=d:\skype\phone\skype.exe |
"{9093BC51-B185-49C4-9B42-2BA0D31C17B6}" = dir=in | app=d:\skype\phone\skype.exe |
"{91578976-12A1-45FF-8911-24076E88FED8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{915ABA3E-87E1-4157-BC33-A16F1EAA9312}" = dir=in | app=d:\skype\phone\skype.exe |
"{92015D14-4D39-48E1-A222-BEF2879DC500}" = dir=in | app=d:\skype\phone\skype.exe |
"{920FA46D-62ED-4D03-A63F-689912210AF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92425BAB-D929-4F59-91E5-9E6B646FC3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{92BD854B-B34D-427C-A65A-2F6B0D5739AD}" = dir=in | app=d:\skype\phone\skype.exe |
"{9368391E-E299-4260-99D1-8068CDC05FD4}" = dir=in | app=d:\skype\phone\skype.exe |
"{965AF936-04C5-4029-8D2F-A22C5928D7CE}" = dir=in | app=d:\skype\phone\skype.exe |
"{98B7152D-F089-43B7-A835-4033E8FDED98}" = dir=in | app=d:\skype\phone\skype.exe |
"{99653123-5E59-4D63-8FC5-12FE4BA2EC08}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{997E2E1A-4C39-4B38-AF9D-C1DE0970D9F7}" = dir=in | app=d:\skype\phone\skype.exe |
"{9A453A44-C362-49F7-9492-FD6DE4CEA995}" = dir=in | app=d:\skype\phone\skype.exe |
"{9AAFE260-F598-4E37-86C8-50156C6658A4}" = dir=in | app=d:\skype\phone\skype.exe |
"{9B777565-C9E9-4A41-847F-F91EA48912AF}" = dir=in | app=d:\skype\phone\skype.exe |
"{9D1149EE-4C42-4513-B1C8-8937CD299596}" = dir=in | app=d:\skype\phone\skype.exe |
"{9D778FEE-56F2-4337-BE0A-35BF24A06BF6}" = dir=in | app=d:\skype\phone\skype.exe |
"{9DAF7689-D5A4-4D6E-8D98-84EBBF2F7A46}" = dir=in | app=d:\skype\phone\skype.exe |
"{9DFE4002-1D4D-4822-9379-B68BA9B962AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E73FD0A-719D-4B2B-BFE0-FE569DFA443A}" = dir=in | app=d:\skype\phone\skype.exe |
"{9EA23BCA-D865-4475-B159-5CA7B620256C}" = protocol=17 | dir=in | app=n:\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{9F183F88-70A5-4B93-8A85-9D53101433AD}" = dir=in | app=d:\skype\phone\skype.exe |
"{A015884F-D684-48DC-9E61-AD62E69A3992}" = dir=in | app=d:\skype\phone\skype.exe |
"{A04353A2-98A9-465A-BCC1-3D5A46DEA45D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"{A0A42BA7-898E-4D90-B792-63F58E250DEF}" = dir=in | app=d:\skype\phone\skype.exe |
"{A175FE13-E575-4080-96AC-260AB00792A5}" = dir=in | app=d:\skype\phone\skype.exe |
"{A18B0BE0-9802-411A-9DB1-41EB60462690}" = protocol=6 | dir=in | app=d:\games\civilization 4\beyond the sword\civ4beyondsword.exe |
"{A211D630-4664-4645-AE56-AEC24D393083}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A256ADAF-D636-4712-B07A-315FB405AFCF}" = dir=in | app=d:\skype\phone\skype.exe |
"{A27600F3-10BF-4108-AC65-CBD2E5C7CBC7}" = dir=in | app=d:\skype\phone\skype.exe |
"{A37C77A6-A49F-49A8-828D-102C4B5BE579}" = dir=in | app=d:\skype\phone\skype.exe |
"{A38A9F1F-32BB-47A5-AD07-5D39EA9E0E03}" = dir=in | app=d:\skype\phone\skype.exe |
"{A3986E90-DCC0-4A06-98BC-7F7F58F91BD8}" = dir=in | app=d:\skype\phone\skype.exe |
"{A5A07D1D-2D5E-452D-847D-0CC9FDD8D589}" = dir=in | app=d:\skype\phone\skype.exe |
"{A5D1A2F9-B474-4EB2-B16B-9F811D5F5533}" = dir=in | app=d:\skype\phone\skype.exe |
"{A6F2C4FC-6911-40D6-8F39-88EA2A37BC1C}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"{A76A03B1-CA70-4F04-A0D5-7D14F1A4BBBB}" = dir=in | app=d:\skype\phone\skype.exe |
"{A7E1EA21-E428-44BD-BF7D-4E425E5BE7BF}" = dir=in | app=d:\skype\phone\skype.exe |
"{A876C6B5-5D9A-4615-9E8B-80DAD5D2CD4F}" = dir=in | app=d:\skype\phone\skype.exe |
"{A88F7E4F-021A-4A38-BFA4-637A5FD9ECA9}" = dir=in | app=d:\skype\phone\skype.exe |
"{A97B8BE2-7140-4892-B497-B862C3ABE1F1}" = dir=in | app=d:\skype\phone\skype.exe |
"{AB29691E-828B-403C-A100-F38568AE0585}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{AB2AF849-1A47-41C3-8F61-3CF24D2C3704}" = dir=in | app=d:\skype\phone\skype.exe |
"{AB2DB52C-FB08-415A-A614-0B43CC28C239}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB57A4D0-4F60-430E-824D-00F8A0634AA0}" = dir=in | app=d:\skype\phone\skype.exe |
"{ABCAEA93-2DC7-4555-B1D6-AC6E05AFF3EC}" = dir=in | app=d:\skype\phone\skype.exe |
"{ABD09E14-FE22-498D-9A6F-4BC754C084AA}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\acbsp.exe |
"{AC1D2D6B-B0C5-44D4-A5E6-83D8EE0A85B3}" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"{ACE92A35-02D0-4DD4-A981-C019B63E1EA7}" = dir=in | app=d:\skype\phone\skype.exe |
"{AD569C7C-5A62-49DE-BEB7-2D2599BAE9B6}" = protocol=6 | dir=out | app=system |
"{AD9C31FF-0AEF-4B8F-90BE-3CE0C94691C7}" = dir=in | app=d:\skype\phone\skype.exe |
"{AE4CB53A-E2E9-40C1-8E91-D763E4D4C293}" = dir=in | app=d:\skype\phone\skype.exe |
"{AEEA19DF-6B1F-41FD-9EAE-D5CCA1905546}" = protocol=17 | dir=in | app=d:\games\dragon age\tools\rpu.exe |
"{AF1049C2-E7F4-46F5-AF32-0766D9F0D058}" = dir=in | app=d:\skype\phone\skype.exe |
"{B0AC7201-0DEA-4EFE-B3FC-D1A803F14AF1}" = protocol=6 | dir=in | app=d:\games\secretofsolstice\sosclient.exe |
"{B0F17BCF-F359-41F1-A1C9-06DA4C57B7B3}" = dir=in | app=d:\skype\phone\skype.exe |
"{B19A71B6-3B0D-4B77-AE68-802B0C7BC051}" = dir=in | app=d:\skype\phone\skype.exe |
"{B1C7E1DB-2477-461F-867A-CDFAF4E14F67}" = dir=in | app=d:\skype\phone\skype.exe |
"{B32471BE-2159-4DD3-98EF-22A7284200CD}" = dir=in | app=d:\skype\phone\skype.exe |
"{B3610780-7DE3-4B06-BD39-3056E88F7266}" = dir=in | app=d:\skype\phone\skype.exe |
"{B3DF23A0-E775-46F3-86B7-41B086F08256}" = dir=in | app=d:\skype\phone\skype.exe |
"{B4514333-E663-4257-BE15-B147FF08B668}" = dir=in | app=d:\skype\phone\skype.exe |
"{B48510D0-AFEE-4F46-8744-A3197647B98D}" = dir=in | app=d:\skype\phone\skype.exe |
"{B4BF66A0-92FB-4C76-9C56-32C3E894AABD}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{B65FD277-E8FB-48FA-B181-59C2440739B6}" = dir=in | app=d:\skype\phone\skype.exe |
"{B6804069-B6BA-4B6B-A8D5-E6F1D1326B58}" = dir=in | app=d:\skype\phone\skype.exe |
"{B7127EFA-E6F7-45E0-9CD2-BC013E06AB82}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"{B8AAED2A-72B0-4751-8A75-DC1C8C28B48E}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe |
"{B8B2E4EF-490A-4F75-BD72-965A594729F1}" = dir=in | app=d:\skype\phone\skype.exe |
"{B8BC8B24-79AA-4F0D-8EBF-1A0AEF9B515B}" = dir=in | app=d:\skype\phone\skype.exe |
"{B93BFE76-CF7A-4CAE-96AB-9EEDF6AE7AB2}" = dir=in | app=d:\skype\phone\skype.exe |
"{B9A9FC51-4AC8-48D9-82C7-866E05EACEF2}" = dir=in | app=d:\skype\phone\skype.exe |
"{BA3A9508-AD25-46BA-887B-7BD326C694F9}" = protocol=17 | dir=in | app=d:\games\mass effect\binaries\masseffect.exe |
"{BA3FABF1-EFB5-4FCF-8A89-7EED4E81A1AB}" = dir=in | app=d:\skype\phone\skype.exe |
"{BA695D3A-660C-4FBC-9309-C8E961E936E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BA81DA0B-D17A-41B2-918F-61BC9CCE4A3F}" = dir=in | app=d:\skype\phone\skype.exe |
"{BD342A1B-D947-4235-85B1-EF61CC341CCA}" = protocol=17 | dir=in | app=d:\games\mass effect\masseffectlauncher.exe |
"{BE312CA9-736F-417D-87A1-D45A782D00D0}" = dir=in | app=d:\skype\phone\skype.exe |
"{BF61893C-0032-42E2-A29B-43EED6FB7F4C}" = dir=in | app=d:\skype\phone\skype.exe |
"{C016C55A-385B-4136-BE1F-F9DF018DC5CD}" = dir=in | app=d:\skype\phone\skype.exe |
"{C1328E99-F149-473F-9738-D087B699EE7C}" = dir=in | app=d:\skype\phone\skype.exe |
"{C302820D-DE9F-45BC-8DF8-27B626EFB3B7}" = dir=in | app=d:\skype\phone\skype.exe |
"{C3289017-2306-4D48-A816-0D55EC046985}" = protocol=6 | dir=in | app=c:\users\kirelle\appdata\local\akamai\netsession_win.exe |
"{C418A12E-ABD7-42EE-9521-DE1BEB472AE4}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\acbsp.exe |
"{C544859D-067A-447A-A205-870504DF3386}" = dir=in | app=d:\skype\phone\skype.exe |
"{C5A4638C-8B30-4365-B7FE-5C77E42A256A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6132614-DFF5-4C8F-AA51-584B8C8E2752}" = dir=in | app=d:\skype\phone\skype.exe |
"{C91C3491-43A7-46DD-B9B5-C48C6C7094CE}" = dir=in | app=d:\skype\phone\skype.exe |
"{CAAF4D97-EF8A-40C4-9FAC-74ED33BD1B62}" = dir=in | app=d:\skype\phone\skype.exe |
"{CAE4BAC7-731E-4167-AE15-F585F6FDE449}" = dir=in | app=d:\skype\phone\skype.exe |
"{CB852DC0-F4BF-43EE-93AB-4BB19972DDFA}" = dir=in | app=d:\skype\phone\skype.exe |
"{CC342703-C768-466E-9C40-429E783C9A8A}" = dir=in | app=d:\skype\phone\skype.exe |
"{CCAC4284-2C97-4EBD-85B2-0F418E0698D1}" = dir=in | app=d:\skype\phone\skype.exe |
"{CD2024DF-8D4D-468A-A97B-847442B60340}" = dir=in | app=d:\skype\phone\skype.exe |
"{CD3A1190-F2DC-4DED-AD73-8BEEF741500F}" = dir=in | app=d:\skype\phone\skype.exe |
"{CD4C9FD7-4A1B-4170-BC3E-2CEDCE2F9158}" = dir=in | app=d:\skype\phone\skype.exe |
"{CD82C6AA-B0F9-4B5B-A587-B5C28B09A899}" = dir=in | app=d:\skype\phone\skype.exe |
"{CDA5AFBC-8D5C-4934-9312-3FB44DC1AD0E}" = dir=in | app=d:\skype\phone\skype.exe |
"{CEA730AA-284C-40EA-8DD9-18E066A81F68}" = dir=in | app=d:\skype\phone\skype.exe |
"{CEADA119-34FF-4CFC-82E7-F630ED88C115}" = dir=in | app=d:\skype\phone\skype.exe |
"{CF5BFFE4-6CB3-48C2-939E-E1A0A477AFA3}" = dir=in | app=d:\skype\phone\skype.exe |
"{CF99142A-CD00-4FCE-B8B3-FA9888DD7909}" = dir=in | app=d:\skype\phone\skype.exe |
"{CF9C6E9D-2BD3-4C6D-9912-FDD96EDA5659}" = dir=in | app=d:\skype\phone\skype.exe |
"{D03F4594-E5AA-4DC4-9955-5B9243D83F7B}" = dir=in | app=d:\skype\phone\skype.exe |
"{D04C15D2-8749-4512-968F-01AD27DE5963}" = dir=in | app=d:\skype\phone\skype.exe |
"{D0CE7478-4D19-4ADC-BC1A-B844371A5E64}" = dir=in | app=d:\skype\phone\skype.exe |
"{D10BAADE-BEAC-4D33-91BF-B82558413698}" = dir=in | app=d:\skype\phone\skype.exe |
"{D1A40EB4-D6E4-4363-9B52-8D289846BEE2}" = dir=in | app=d:\skype\phone\skype.exe |
"{D339923B-7E13-49A7-8CFF-D33F6B300DAC}" = dir=in | app=d:\skype\phone\skype.exe |
"{D3876623-76CD-4B7E-99B1-41FC58D7AC4A}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\dragonagetoolset.exe |
"{D3B5FCFB-0D9D-4115-A7DF-C68BCFF14002}" = dir=in | app=d:\skype\phone\skype.exe |
"{D46312F9-5EE1-4DA8-94D0-CE5F58C61017}" = dir=in | app=d:\skype\phone\skype.exe |
"{D49C9BC3-C210-40A7-8D87-7500983B9FD3}" = dir=in | app=d:\skype\phone\skype.exe |
"{D4CDCA8F-A131-402B-A2DC-69668166F690}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D4F4705E-3006-46F0-905A-2C0FFD09636D}" = protocol=17 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe |
"{D6AAF2F0-5BEE-4417-AC8B-11247F9E81B8}" = dir=in | app=d:\skype\phone\skype.exe |
"{D6E18BDB-A25F-4B2B-AE0A-B0884E7A8E4B}" = protocol=6 | dir=in | app=n:\assasins creed brotherhood\assassinscreedbrotherhood.exe |
"{D7648957-9218-4FC3-948A-4F488A162EF9}" = dir=in | app=d:\skype\phone\skype.exe |
"{D79395E0-D585-4049-B138-B299F384F010}" = dir=in | app=d:\skype\phone\skype.exe |
"{D7A0B3CE-B96E-4888-ACB7-BE99A0887FA3}" = dir=in | app=d:\skype\phone\skype.exe |
"{D7B9626B-9742-49D3-90CA-8C0111BE2381}" = dir=in | app=d:\skype\phone\skype.exe |
"{D7FC0FD1-D68F-45C6-BAA0-A8FDDCEF475D}" = protocol=17 | dir=in | app=n:\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{D8948A75-5DB5-4CFC-A965-AFB8E5CF9E68}" = dir=in | app=d:\skype\phone\skype.exe |
"{D8B95E78-5065-4F08-8437-3708AB631195}" = dir=in | app=d:\skype\phone\skype.exe |
"{D9735D3D-0D9E-4C17-A805-884BE350A4B8}" = protocol=17 | dir=in | app=d:\games\fable3.exe |
"{DA02F651-4271-49EB-902B-C483D74EE9B6}" = dir=in | app=d:\skype\phone\skype.exe |
"{DA09467D-55D3-43F8-9467-9B1A57719E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"{DC5F0018-66F2-446F-AED5-58EBAF68926D}" = dir=in | app=d:\skype\phone\skype.exe |
"{DCCD1FAC-73E4-4E0E-8DAA-5A9E651EC041}" = dir=in | app=d:\skype\phone\skype.exe |
"{DDBE1316-1F2B-41CF-BE2E-90E4F7A51BD0}" = dir=in | app=d:\skype\phone\skype.exe |
"{DF4FC55F-196B-4367-B8C9-832C3498501C}" = dir=in | app=d:\skype\phone\skype.exe |
"{DF8D4DAD-A3A5-47C3-B61D-13E0756A7853}" = protocol=6 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe |
"{E00102DB-1269-432A-8DBD-72BAB0D23F0B}" = dir=in | app=d:\skype\phone\skype.exe |
"{E0380EB1-897D-41E0-995E-696143236C49}" = dir=in | app=d:\skype\phone\skype.exe |
"{E1336688-E92A-4E26-B9A7-94A6B8264927}" = protocol=6 | dir=in | app=d:\games\dragon age\tools\lightmapper\eclipseray.exe |
"{E168221D-F400-4920-80A4-E45B3919F4F9}" = dir=in | app=d:\skype\phone\skype.exe |
"{E180AFEC-7ECC-4204-BA51-3AAEC34486B6}" = dir=in | app=d:\skype\phone\skype.exe |
"{E2456D4D-E209-4F1E-9D63-D5E104B0D9C5}" = protocol=17 | dir=in | app=d:\games\civilization 4\civilization4.exe |
"{E2D0643D-76A7-4EAD-B89F-EACF8FEB5E44}" = dir=in | app=d:\skype\phone\skype.exe |
"{E2EB4D4D-25B0-40D3-9A3F-96B90DDD6F7A}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{E2F4FFDA-975A-4B4A-9AD2-ACC08B214CD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E332FD06-6132-403E-88F8-5B1005143FDB}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{E419E289-2CAB-4C98-A293-C0CAEF032D56}" = dir=in | app=d:\skype\phone\skype.exe |
"{E4724042-FAB1-40B9-831D-1375CC534ECA}" = protocol=17 | dir=in | app=n:\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{E6B86477-9EBC-4A63-ABE1-E2182E5911D6}" = dir=in | app=d:\skype\phone\skype.exe |
"{E7AD61F7-727E-40C0-AE5A-278AA5674B6A}" = dir=in | app=d:\skype\phone\skype.exe |
"{E8251F03-16CA-4076-B8C9-00BD4288232D}" = dir=in | app=d:\skype\phone\skype.exe |
"{E92D06DF-244C-4E39-A989-AD2CA6699713}" = dir=in | app=d:\skype\phone\skype.exe |
"{E93DEBCD-FADA-4583-BE24-70764DB99516}" = protocol=6 | dir=in | app=d:\games\dragon age 2\dragonage2launcher.exe |
"{E95A2C25-50A2-4BF5-986E-4695EF253F8F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E9C6CF6C-AD9C-4DCC-B421-9DB2B96FC0CD}" = dir=in | app=d:\skype\phone\skype.exe |
"{EB734171-575D-4229-9389-5480FF014437}" = dir=in | app=d:\skype\phone\skype.exe |
"{EC22406F-A30C-4D50-B4F5-4193F489FD35}" = protocol=6 | dir=in | app=c:\program files (x86)\haihaisoft universal player\hmplayer.exe |
"{ED7D4533-13FA-4F48-968C-0C555E1B9267}" = dir=in | app=d:\skype\phone\skype.exe |
"{EDA3075A-F5FA-4E24-8C3B-1122CD833E97}" = dir=in | app=d:\skype\phone\skype.exe |
"{EDD08F90-812B-4EDD-8811-24C6C5C66A88}" = protocol=17 | dir=in | app=n:\assasins creed brotherhood\assassinscreedbrotherhood.exe |
"{EE87FFC8-C238-4933-ACAF-029FDDD5E984}" = protocol=17 | dir=in | app=n:\315884197 saine\elsword_de\data\x2.exe |
"{EF369491-5483-42EF-A735-200D6A8E51C0}" = dir=in | app=d:\skype\phone\skype.exe |
"{EFCF6F5C-4FA2-4ABB-86D8-15D9591EA27F}" = protocol=6 | dir=in | app=d:\games\fable3.exe |
"{EFDD119D-E40B-4DBB-AEDC-6AFE97B4EC38}" = dir=in | app=d:\skype\phone\skype.exe |
"{F267A1DB-7BA0-457B-A85F-82CC90A9916A}" = protocol=6 | dir=in | app=n:\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{F48B68CA-BE4F-4276-9F72-7634205608D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F493C264-18C3-4B7A-98C3-9635FC086D98}" = dir=in | app=d:\skype\phone\skype.exe |
"{F5322A16-F00B-4569-B8AE-D4362ECF6AA6}" = dir=in | app=d:\skype\phone\skype.exe |
"{F54B28DA-2E96-4961-9EB3-5E2125AD3032}" = dir=in | app=d:\skype\phone\skype.exe |
"{F561BFED-1079-4DB3-ACB1-93628AB93DFA}" = protocol=6 | dir=in | app=d:\games\civilization 4\civilization4.exe |
"{F64689C4-8EB5-4927-976B-1ACD229F9DA5}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe |
"{F655A45E-728F-447D-8C93-96B5E805506F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F69DDFA9-0883-4AF2-804C-B0721E71F7EE}" = dir=in | app=d:\skype\phone\skype.exe |
"{F7CE2DE1-82E1-4143-8B5A-02099FE1FD9C}" = dir=in | app=d:\skype\phone\skype.exe |
"{F8236F82-6C82-4F2B-A958-5D5A5ECAF76B}" = dir=in | app=d:\skype\phone\skype.exe |
"{F8C66C54-C760-425D-A746-D62BCB01A1DE}" = dir=in | app=d:\skype\phone\skype.exe |
"{F92C365E-96D6-4A92-A7B7-7331869A666E}" = dir=in | app=d:\skype\phone\skype.exe |
"{FA1DF70F-3049-4B86-8953-DCC2E563E0FC}" = dir=in | app=d:\skype\phone\skype.exe |
"{FA2C9F59-1D53-4E36-9D5C-F0B6F50D65F5}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{FB3E9C69-75C7-4E86-8A93-3A849618C197}" = dir=in | app=d:\skype\phone\skype.exe |
"{FB48CD48-6D5A-49B0-BD98-F4CF65FE630B}" = dir=in | app=d:\skype\phone\skype.exe |
"{FB57D1B2-A120-4041-B870-B2BB26A618E8}" = dir=in | app=d:\skype\phone\skype.exe |
"{FC086C2C-FF33-489B-B9E3-0B53E5DB3E22}" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"{FC44F263-4895-43C3-91A9-1923C9EEE958}" = protocol=6 | dir=in | app=n:\315884197 saine\elsword_de\data\x2.exe |
"{FC8424F5-00FE-423F-82EA-146D95E258F8}" = dir=in | app=d:\skype\phone\skype.exe |
"{FE3E0704-340D-4FB7-9889-60616F776385}" = dir=in | app=d:\skype\phone\skype.exe |
"{FEE2CC0F-AFA1-4551-A2FD-EDFD3D4006FB}" = dir=in | app=d:\skype\phone\skype.exe |
"{FFF23C5E-61A2-483A-A315-4BAA9B13946A}" = dir=in | app=d:\skype\phone\skype.exe |
"TCP Query User{08CA2520-603D-4EE5-A292-DDD55746680A}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{16C42685-63A7-4AD8-B3CB-37CEE6B4361F}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{1AB29601-EF12-454E-B499-C9727B05827B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1EAB6E13-0CB3-4A5C-A2F8-D607B40B9581}C:\windows\syswow64\regsvr32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"TCP Query User{4433F127-07BB-49C7-B4E7-4DEE87E60970}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{4595AE97-8625-4DEE-B10E-FF800772E056}D:\games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=d:\games\age of empires\empiresx.exe |
"TCP Query User{79B0363A-5873-45DC-A17C-B7C46CB77B28}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"TCP Query User{849AB037-B077-410E-A890-BE506A30E100}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{9BBD67F5-48D6-4FD7-9213-3665681224D0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{AE7CC6CD-F628-4183-A853-CA3C67AD1777}N:\portal 2\steamapps\kireille\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=n:\portal 2\steamapps\kireille\team fortress 2\hl2.exe |
"TCP Query User{C202B28C-57C2-4102-B809-6D68F3F6187D}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{C8AF9E86-94B8-4DEA-945C-D9C614A18BFC}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe" = protocol=6 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe |
"TCP Query User{CF97EDB9-D570-4377-9FA9-C696D18CCA47}N:\portal 2\steamapps\kireille\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe |
"TCP Query User{D5C03BDA-7E5D-4C78-83C8-1936300920E6}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe" = protocol=6 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe |
"TCP Query User{E554C061-5BD2-4723-BF46-AE9F45FE2573}D:\games\age of empires\empires.exe" = protocol=6 | dir=in | app=d:\games\age of empires\empires.exe |
"TCP Query User{E6F6B40D-A135-4BBE-8D4E-5E6F7C1EEFCF}D:\games\touhou 12.3 unthinkable natural law\th123\th123.exe" = protocol=6 | dir=in | app=d:\games\touhou 12.3 unthinkable natural law\th123\th123.exe |
"UDP Query User{01FB098E-15B6-43B7-8469-1A87423875B5}N:\portal 2\steamapps\kireille\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=n:\portal 2\steamapps\kireille\team fortress 2\hl2.exe |
"UDP Query User{0A15F45A-CFE8-4A0C-9841-8A51D6040BF3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0FB92DF3-8C14-48B7-9F92-F04C92E6166D}D:\games\age of empires\empires.exe" = protocol=17 | dir=in | app=d:\games\age of empires\empires.exe |
"UDP Query User{41655082-9A15-4EE2-9436-DB0B21F57206}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{48C472D7-85F6-453B-9FE6-B76C5997BDDE}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe |
"UDP Query User{5D489D9D-6317-476C-957D-FA27129EA257}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe" = protocol=17 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\adonise.exe |
"UDP Query User{71469710-2F4E-4324-B275-A78EE65D8960}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{74D132D7-7897-4940-B57A-F31D62748018}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8E62ABBE-B63C-4591-8EA2-57AC1DFFF765}D:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe" = protocol=17 | dir=in | app=d:\games\touhou 09 phantasmagoria of flower view\touhou 09 phantasmagoria of flower view\th09e.exe |
"UDP Query User{8FBBAEB4-9D18-4149-945B-9303DE44C52D}D:\games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=d:\games\age of empires\empiresx.exe |
"UDP Query User{BB73488C-8455-4E4C-A9F5-5671B030AB30}D:\games\touhou 12.3 unthinkable natural law\th123\th123.exe" = protocol=17 | dir=in | app=d:\games\touhou 12.3 unthinkable natural law\th123\th123.exe |
"UDP Query User{C7876A5C-04FE-42FD-86F2-72670E79D04E}N:\portal 2\steamapps\kireille\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=n:\portal 2\steamapps\kireille\counter-strike source\hl2.exe |
"UDP Query User{EF32ADEF-6B6A-4591-BD66-718901861C74}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{F070ABF0-96FF-4CFE-B300-4756463F15C0}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{F085375E-BDF7-431A-A0E8-23D151E70A2A}C:\windows\syswow64\regsvr32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\regsvr32.exe |
"UDP Query User{F5A32378-0E56-408F-B9B1-EA098D312A1D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D483C640-09C0-CA54-007D-20BE9FA99C72}" = ccc-utility64
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F4EAF98E-197C-E203-FB2C-9FCAB5337473}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B96515-9EF9-12B5-8A9A-B409E967BDBB}" = Catalyst Control Center Graphics Previews Vista
"{088C8B98-3D9F-4CBD-B37B-A32D9580C4EE}" = LEGO MINDSTORMS NXT Driver
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{19FCAF1A-AD28-C086-B5A6-8E7A6DAB9B7B}" = ccc-core-static
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{257C7A78-535E-1450-C720-AE353876C816}" = Catalyst Control Center InstallProxy
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D79E5F9-A5BA-4162-AAF4-D1BC8C5A83FF}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{430F9E74-B8B1-496C-9684-AF791320DC9F}" = S4 League_EU
"{45CAC750-E555-6DE3-078F-C9A4C2DF8A3E}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION ジンコウガクエン きゃらめいく
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5628829F-3318-4DDA-988D-D301832F1611}" = Singles Patch 1.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6AC4E434-8126-4840-BBD3-6B1EB78BBFF5}" = Solstice
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74DEA59C-41C7-1B77-291F-43108DFBAB14}" = Catalyst Control Center Core Implementation
"{752DE3AC-8AE4-4028-85F9-AAE53B6DE469}" = ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ[ƒiEƒRƒ“ƒvƒŠ[ƒgƒtƒH[ƒ€
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E4B682-219A-2656-44E1-18DF1F57EAE1}" = Catalyst Control Center Graphics Full Existing
"{8C5C2D4E-5027-AC93-0531-B72C5625A0DD}" = CCC Help English
"{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = “Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{95B4269C-7ED9-2E32-0E3D-3F446B495540}" = Catalyst Control Center Graphics Full New
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1463F00-4E89-402E-7DD3-3CF0CE98F1FA}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C109AF5B-69D0-4C93-B360-F28D9FAB6084}" = ILLUSION ジンコウガクエン
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4D9965A-A5F8-6CF6-33E7-A1EECC2E585B}" = Catalyst Control Center HydraVision Full
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E5348080-5B89-40BE-908B-41A4784E0EDE}_is1" = Dragonica
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F4851D03-553C-4ACE-ADBD-CA6BE8451072}" = Singles2
"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V Ver1.06
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DMO" = GDMO
"Doppler's Essence Mod_is1" = v1.0
"Drakensang_is1" = Drakensang
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Grotesque-Tactics" = Grotesque-Tactics 1.0.0.4
"Haihaisoft Universal Player" = Haihaisoft Universal Player
"HijackThis" = HijackThis 2.0.2
"Hisoutensoku English" = NSIS Hisoutensoku English
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.5
"KnightShift - RPG" = KnightShift - RPG
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Maristice English" = NSIS Maristice English
"MediaMonkey_is1" = MediaMonkey 3.0
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"OpenAL" = OpenAL
"Opera 11.62.1347" = Opera 11.62
"Origin" = Origin
"PHANTASY STAR UNIVERSE Ambitionen des Illuminus_is1" = PHANTASY STAR UNIVERSE Ambitionen des Illuminus
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 620" = Portal 2
"SWR English" = NSIS SWR English
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TextMaker Viewer" = TextMaker Viewer
"The I of the Dragon" = The I of the Dragon
"Uninstall_is1" = Uninstall 1.0.0.1
"Venetica_is1" = Venetica
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XBCD 360" = XBCD 360 0.2.5
"XMedia Recode" = XMedia Recode 2.3.2.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 11:44:59 | Computer Name = Kirelle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.05.2012 13:43:01 | Computer Name = Kirelle-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.0.5.0, Zeitstempel:
 0x4b64ae05  Name des fehlerhaften Moduls: vlc.exe, Version: 1.0.5.0, Zeitstempel:
 0x4b64ae05  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001749  ID des fehlerhaften Prozesses:
 0x15a8  Startzeit der fehlerhaften Anwendung: 0x01cd2bafa81f43ec  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: ec9afaeb-97a2-11e1-86a8-001d7d9b41ed
 
Error - 06.05.2012 20:07:58 | Computer Name = Kirelle-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.2.0.3525, Zeitstempel:
 0x4d2389db  Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16443, Zeitstempel:
 0x4f4c3300  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00478af8  ID des fehlerhaften Prozesses:
 0x1434  Startzeit der fehlerhaften Anwendung: 0x01cd2b9257dfe84a  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\ICQ7.2\ICQ.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\mshtml.dll
Berichtskennung:
 b37e1c86-97d8-11e1-86a8-001d7d9b41ed
 
Error - 11.05.2012 04:30:05 | Computer Name = Kirelle-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8117.416,
 Zeitstempel: 0x4bc935af  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00038df9  ID des fehlerhaften
 Prozesses: 0x8d0  Startzeit der fehlerhaften Anwendung: 0x01cd2f3d8ab1c2bf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 82476c4c-9b43-11e1-8682-001d7d9b41ed
 
[ Media Center Events ]
Error - 14.06.2011 06:05:08 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 12:05:08 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..) 
 
Error - 20.06.2011 17:09:34 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 23:09:34 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..) 
 
Error - 20.06.2011 17:12:19 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 23:12:11 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..) 
 
Error - 07.07.2011 04:25:49 | Computer Name = Kirelle-PC | Source = MCUpdate | ID = 0
Description = 10:25:49 - Directory konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten) 
 
[ System Events ]
Error - 12.05.2012 03:48:02 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 12.05.2012 03:48:46 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 12.05.2012 03:56:51 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 12.05.2012 03:58:01 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 12.05.2012 04:09:02 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 12.05.2012 04:09:37 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 13.05.2012 05:23:55 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 13.05.2012 05:24:39 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 14.05.2012 06:36:02 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 14.05.2012 06:36:47 | Computer Name = Kirelle-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >
--- --- ---


malewarebytes:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Kirelle :: KIRELLE-PC [Administrator]

Schutz: Aktiviert

11.05.2012 10:11:13
mbam-log-2012-05-11 (10-11-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202366
Laufzeit: 9 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Kirelle\Downloads\SoftonicDownloader_fuer_haihaisoft-universal-player.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kirelle\AppData\Local\Temp\.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Avira Funde:

Code:
In der Datei 'C:\Users\Kirelle\AppData\Local\Opera\Opera\cache\dcache4.url'
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen2' [virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
Die Datei 'C:\Users\Kirelle\AppData\Local\Temp\jar_cache1748299144970956868.tmp'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56e453a3.qua' verschoben!
Leider keine Logs von Avira vorhanden aus irgendeinem Grund.

markusg 14.05.2012 15:17
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kireille 14.05.2012 16:35
Combofix Logfile:
Code:
ComboFix 12-05-14.02 - Kirelle 14.05.2012  16:52:21.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2046.785 [GMT 2:00]
ausgeführt von:: c:\users\Kirelle\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jce06_SP.pp
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
N:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-14 bis 2012-05-14  ))))))))))))))))))))))))))))))
.
.
2012-05-14 15:04 . 2012-05-14 15:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-14 10:42 . 2012-04-13 08:46        8917360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E8A6B02-82EB-47F7-B131-CC0B56005C0A}\mpengine.dll
2012-05-13 09:37 . 2012-05-13 09:37        --------        d-----w-        c:\program files\CCleaner
2012-05-11 08:07 . 2012-05-11 08:07        --------        d-----w-        c:\users\Kirelle\AppData\Roaming\Malwarebytes
2012-05-11 08:06 . 2012-05-11 08:06        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-11 08:06 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-11 08:06 . 2012-05-11 08:06        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 07:58 . 2012-03-30 11:09        1895280        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-11 07:58 . 2012-04-02 05:26        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 07:58 . 2012-04-02 05:24        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:58 . 2012-04-02 04:40        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:58 . 2012-04-02 05:24        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 07:58 . 2012-04-02 05:24        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 07:46 . 2012-03-03 06:29        1541120        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-11 07:46 . 2012-03-03 06:29        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-05-11 07:46 . 2012-03-03 06:29        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-05-11 07:46 . 2012-03-03 05:40        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-11 07:46 . 2012-03-03 05:40        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2012-05-11 07:46 . 2012-03-03 06:29        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-05-11 07:46 . 2012-03-03 06:29        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-05-11 07:46 . 2012-03-03 05:40        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2012-05-11 07:46 . 2012-03-03 05:40        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-05-11 07:46 . 2012-03-03 05:40        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-05-11 07:39 . 2012-04-02 05:34        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-11 07:39 . 2012-04-02 03:01        3143680        ----a-w-        c:\windows\system32\win32k.sys
2012-05-11 07:39 . 2012-04-02 04:46        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 07:39 . 2012-04-02 04:46        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 06:59 . 2012-03-17 07:55        75632        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-06 15:02 . 2012-05-06 15:02        --------        d-----w-        c:\users\Kirelle\AppData\Local\Kalypso Media
2012-05-06 14:58 . 2012-05-06 14:58        --------        d-----w-        c:\users\Kirelle\AppData\Roaming\Kalypso Media
2012-04-28 06:17 . 2012-04-28 06:17        --------        d-----w-        c:\users\Kirelle\AppData\Local\Risen2
2012-04-28 06:17 . 2012-04-28 06:17        --------        d-----w-        c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-16 16:34 . 2012-04-16 16:34        --------        d-----w-        c:\programdata\Nexon
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 16:05 . 2012-02-27 15:36        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 16:05 . 2012-02-27 15:36        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-03-10 04:15 . 2012-03-10 04:15        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-10 04:15 . 2012-03-10 04:15        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-03-10 04:15 . 2012-03-10 04:15        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-10 04:15 . 2012-03-10 04:15        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-03-10 04:15 . 2012-03-10 04:15        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-03-10 04:15 . 2012-03-10 04:15        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-03-10 04:15 . 2012-03-10 04:15        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-03-10 04:15 . 2012-03-10 04:15        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-03-10 04:15 . 2012-03-10 04:15        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-03-10 04:15 . 2012-03-10 04:15        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-03-10 04:15 . 2012-03-10 04:15        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-03-10 04:15 . 2012-03-10 04:15        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-03-10 04:15 . 2012-03-10 04:15        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-03-10 04:15 . 2012-03-10 04:15        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-03-10 04:15 . 2012-03-10 04:15        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-03-10 04:15 . 2012-03-10 04:15        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-03-10 04:15 . 2012-03-10 04:15        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-03-10 04:15 . 2012-03-10 04:15        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-03-10 04:15 . 2012-03-10 04:15        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-03-10 04:15 . 2012-03-10 04:15        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-03-10 04:15 . 2012-03-10 04:15        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-03-10 04:15 . 2012-03-10 04:15        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-03-10 04:15 . 2012-03-10 04:15        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-03-10 04:15 . 2012-03-10 04:15        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-03-10 04:15 . 2012-03-10 04:15        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-03-10 04:15 . 2012-03-10 04:15        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-03-10 04:15 . 2012-03-10 04:15        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-03-10 04:15 . 2012-03-10 04:15        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-03-10 04:15 . 2012-03-10 04:15        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-03-10 04:15 . 2012-03-10 04:15        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-03-10 04:15 . 2012-03-10 04:15        448512        ----a-w-        c:\windows\system32\html.iec
2012-03-10 04:15 . 2012-03-10 04:15        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-03-10 04:15 . 2012-03-10 04:15        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-03-10 04:15 . 2012-03-10 04:15        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-03-04 10:34 . 2012-03-04 10:34        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2012-03-01 06:54 . 2012-04-13 03:00        22896        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-13 03:00        220672        ----a-w-        c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-13 03:00        80896        ----a-w-        c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-13 03:00        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-13 03:00        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-13 03:00        158720        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-13 03:00        5120        ----a-w-        c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 03:05        2311168        ----a-w-        c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 03:05        1390080        ----a-w-        c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 03:05        1493504        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 03:05        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 03:05        1799168        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 03:05        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 03:05        1127424        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 03:05        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2009-12-12 13:43        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-19 11:01 . 2011-11-20 13:36        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 06:27 . 2012-03-14 04:30        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 04:30        826368        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 04:30        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 04:30        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\skype\Phone\Skype.exe" [2010-04-06 26105128]
"Akamai NetSession Interface"="c:\users\Kirelle\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Kirelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-21 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dump_wmimmc;dump_wmimmc;n:\sega\PHANTASY STAR UNIVERSE Illuminus\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\Kirelle\AppData\Local\Temp\0012B5E.tmp [x]
R3 X6va006;X6va006;c:\users\Kirelle\AppData\Local\Temp\006BAE3.tmp [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://plasmoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Kirelle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Kirelle\AppData\Roaming\Mozilla\Firefox\Profiles\yn0af9e6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/result.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-UpgradeHelper - c:\users\Kirelle\AppData\Roaming\Microsoft Corporation\{4175EF9F-776E-430A-ABAF-11A5AC0715DF}\UpgradeHelper.exe
AddRemove-Age of Empires Expansion 1.0 - g:\aoeger\UNINSTX.EXE
AddRemove-Maristice English - d:\games\Maristice\[@N-Factory] Maristice\[@N-Factory] Maristice \??????\uninstall_maristice_e.exe
AddRemove-SWR English - d:\games\Touhou Scarlet Weather Rhapsody\TH10.5 ~ Scarlet Weather Rhapsody\Scarlet Weather Rhapsody\uninstall_th105e.exe
AddRemove-{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1 - d:\games\Touhou Scarlet Weather Rhapsody\TH10.5 ~ Scarlet Weather Rhapsody\Scarlet Weather Rhapsody\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Kirelle\AppData\Local\Temp\0012B5E.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Kirelle\AppData\Local\Temp\006BAE3.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3649425916-2671288558-1417801097-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,44,a5,1a,b1,4e,69,ba,8d,58,55,51,91,fe,a3,9e,d9,e6,22,9a,3a,ea,bb,
  1e,17,0c,26,d4,a2,f3,31,ec,f3,4e,8e,42,a5,2a,ab,d0,ce,20,20,ff,04,d2,3d,7e,\
"??"=hex:34,97,19,04,a0,a5,3e,ed,1f,b8,8d,9f,67,04,82,79
.
[HKEY_USERS\S-1-5-21-3649425916-2671288558-1417801097-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,ee,d4,61,a1,f6,38,d2,4b,c0,2b,a0,2d,6e,46,69,a9,3c,b4,06,5e,
  a4,b5,84,15,71,c2,8d,11,a2,b4,df,ce,89,97,38,51,ed,6b,5f,2d,b5,bd,7c,fe,bd,\
"rkeysecu"=hex:21,44,d9,09,dc,ac,10,5c,43,9d,11,1e,e9,28,36,96
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
d:\hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-14  17:26:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-14 15:26
.
Vor Suchlauf: 9 Verzeichnis(se), 46.580.600.832 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 48.667.041.792 Bytes frei
.
- - End Of File - - 8F824B6F761692997BF95C37EE5305F5
--- --- ---

Kireille 20.05.2012 12:30
Mein Problem ist leider irgendwie in Vergessenheit geraten. Also die Symptome haben schon aufgehört, ich würde nur gerne wissen, ob noch irgendetwas zu tun ist, also ob mein Rechner nun wirklich sauber ist.

markusg 22.05.2012 16:33
lade den CCleaner standard:
CCleaner Download - CCleaner 3.18.1707
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Kireille 22.05.2012 18:46
Code:
7-Zip 4.65                13.02.2010        benötigt       
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        19.11.2011        6,00MB        11.1.102.55  benötigt
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        18.02.2012        6,00MB        11.1.102.62  benötigt
Adobe Photoshop CS2        Adobe Systems, Inc.        07.08.2010                9.0  benötigt
Adobe Reader X (10.0.1) - Deutsch        Adobe Systems Incorporated        14.02.2011        115,9MB        10.0.1  benötigt
Akamai NetSession Interface                22.02.2012  unbekannt               
Akamai NetSession Interface Service                22.02.2012  unbekannt               
Apple Application Support        Apple Inc.        21.07.2011        52,8MB        1.4.1
Apple Software Update        Apple Inc.        22.07.2011        2,16MB        2.1.1.116
Assassin's Creed Brotherhood        Ubisoft        04.12.2011                  1.03  benötigt
ATI Catalyst Install Manager        ATI Technologies, Inc.        11.12.2009        20,7MB        3.0.750.0  benötigt
Avira Free Antivirus        Avira        07.05.2012        109,3MB        12.0.0.1125  benötigt
BioShock 2        2K Games        25.11.2011                1.00.0000  benötigt
Canon CanoScan Toolbox 4.1                22.06.2011        unbekannt       
CCleaner        Piriform        12.05.2012                3.18  benötigt
Counter-Strike: Source        Valve        17.03.2012        494MB        1.0.0.0  benötigt
Divinity II - Ego Draconis        dtp        26.05.2011                benötigt
Dragon Age II        Electronic Arts, Inc.        22.08.2011        1.942MB        1.03  benötigt
Dragon Age Toolset        Electronic Arts, Inc.        03.06.2011        2.170MB        1.01  benötigt
Dragon Age: Origins        Electronic Arts, Inc.        29.05.2011        3.629MB        1.04  beötigt
Dragonica        GALA Networks Europe Limited        13.04.2012        2.552MB        Neuer Mythos  benötigt
Drakensang        dtp        24.12.2009        benötigt       
Fable III        Microsoft Game Studios        04.08.2011                1.0.0000.131  benötigt
Free M4a to MP3 Converter 6.2        ManiacTools.com        23.07.2011        3,92MB        nicht nötig
GameSpy Comrade        GameSpy        19.12.2010        16,7MB        1.4.3.154 benötigt
Grotesque-Tactics 1.0.0.4                28.01.2012        benötigt       
Haihaisoft Universal Player        Haihaisoft        16.07.2011                1.5.7.0  benötigt
Heroes of Might & Magic V: Hammers of Fate                05.04.2012  benötigt               
Heroes of Might and Magic V                05.04.2012                benötigt
Heroes of Might and Magic V - Tribes of the East                05.04.2012 benötigt               
HijackThis 2.0.2        TrendMicro        11.05.2012                2.0.2 benötigt
ICQ Toolbar        ICQ        25.10.2010                3.0.0 nicht nötig
ICQ7.2        ICQ        25.10.2010                7.2  benötigt
ILLUSION ジンコウガクエン        ILLUSION        04.08.2011        1.250MB        1.00.0000  benötigt
ILLUSION ジンコウガクエン きゃらめいく        ILLUSION        04.08.2011        223MB        1.00.0000  benötigt
IrfanView (remove only)                11.12.2009  benötigt               
Jade Empire        BioWare Corp.        21.09.2011  benötigt               
Java(TM) 6 Update 22        Sun Microsystems, Inc.        14.01.2010        95,0MB        6.0.220  benötigt
JDownloader 0.9        AppWork GmbH        22.06.2011                0.9  benötigt
K-Lite Mega Codec Pack 3.7.5                06.02.2008                3.7.5 unbekannt
KnightShift - RPG                06.01.2012 benötigt               
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket        The LEGO Group        02.07.2010        21,2MB        1.0.439.0 benötigt
LEGO MINDSTORMS NXT Driver        LEGO        02.07.2010        1,52MB        1.1.770  benötigt
Logitech GamePanel Software 3.03.133        Logitech Inc.        11.12.2009        17,9MB        3.03.133 benötigt
Logitech SetPoint        Logitech        20.04.2011        17,00KB        4.80 benötigt
LogMeIn Hamachi        LogMeIn, Inc.        02.03.2012                2.1.0.166  benötigt
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        10.05.2012        18,0MB        1.61.0.1400 benötigt
Mass Effect        Electronic Arts, Inc.        21.08.2011                1.00  benötigt
Mass Effect 2        Electronic Arts, Inc.        17.01.2012                1.02  benötigt
Mass Effect™ 3        Electronic Arts        09.03.2012                1.0.0.0  benötigt
MediaMonkey 3.0        Ventis Media Inc.        12.12.2009                3.0  benötigt
Messenger Plus! Live & Sponsor (CiD)        Patchou        11.12.2009                4.60 (build 326) benötigt
Microsoft .NET Framework 1.1        Microsoft        19.12.2010        34,8MB        1.1.4322
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.06.2010        38,8MB        4.0.30319
Microsoft Age of Empires Expansion                19.08.2010  benötigt               
Microsoft AppLocale        MS        12.09.2010        3,62MB        1.0.0  benötigt
Microsoft DirectX SDK (August 2009)        Microsoft Corporation        22.12.2009                9.27.1734.0 benötigt
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        25.11.2011        31,3MB        3.5.92.0 benötigt
Microsoft Games for Windows Marketplace        Microsoft Corporation        04.08.2011        6,04MB        3.5.50.0  benötigt
Microsoft SQL Server 2005        Microsoft Corporation        03.06.2011               
Microsoft SQL Server Native Client        Microsoft Corporation        03.06.2011        5,84MB        9.00.5000.00
Microsoft SQL Server Setup Support Files (English)        Microsoft Corporation        04.06.2011        25,1MB        9.00.5000.00
Microsoft SQL Server VSS Writer        Microsoft Corporation        03.06.2011        1,10MB        9.00.5000.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        12.12.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        22.04.2011        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29MB        8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        11.12.2009        0,69MB        8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        03.06.2011        0,57MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        24.04.2011        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        12.12.2009        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        28.01.2012        1,71MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        23.04.2011        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        24.06.2011        0,23MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        07.01.2012        0,22MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        11.12.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        24.06.2011        0,22MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        10.03.2012        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        27.02.2012        12,3MB        10.0.40219
Microsoft Windows Application Compatibility Database                12.09.2010               
Mozilla Firefox (3.6.28)        Mozilla        18.03.2012                3.6.28 (de) benötigt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        09.01.2012        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        09.01.2012        1,33MB        4.20.9876.0
NSIS Hisoutensoku English                03.09.2010 benötigt               
NSIS Maristice English                21.08.2010 benötigt               
NSIS SWR English                03.09.2010 benötigt               
NVIDIA PhysX        NVIDIA Corporation        09.03.2012        86,1MB        9.11.1107 benötigt
ooVoo        ooVoo LLC.        09.02.2012        23,6MB        3.0.7040 nicht nötig
OpenAL                28.01.2012        unbekannt       
OpenOffice.org 3.3        OpenOffice.org        24.06.2011        415MB        3.3.9567 benötigt
Opera 11.62        Opera Software ASA        29.03.2012                11.62.1347  benötigt
Origin        Electronic Arts, Inc.        09.03.2012                8.5.0.4554  benötigt
Overlord        Codemasters        03.03.2012                1.00.0606  benötigt
Pando Media Booster        Pando Networks Inc.        14.01.2010        5,47MB        2.3.3.5  unbekannt
PHANTASY STAR UNIVERSE Ambitionen des Illuminus        SEGA SONIC TEAM        14.03.2012  benötigt               
Port Royale 3        Gaming Minds Studios GmbH        05.05.2012        628MB        1.1.1.0  benötigt
Portal 2        Valve        15.01.2012        benötigt       
ProtectDisc Driver, Version 11        ProtectDisc Software GmbH        24.12.2009                11.0.0.12  unbekannt
PunkBuster Services        Even Balance, Inc.        04.12.2011                0.990  unbekannt
QuickTime        Apple Inc.        21.07.2011        73,7MB        7.69.80.9 benötigt
RGSS-RTP Standard        Enterbrain        25.03.2012        22,5MB        1.0.0  benötigt
Risen        Deep Silver        19.12.2011                1.00.0000 benötigt
Risen 2 - Dark Waters                26.04.2012          benötigt       
RPGXP        Enterbrain        25.03.2012        4,11MB        1.0.0 benötigt
RPGツクール2000 ランタイムパッケージ                12.09.2010        benötigt       
S4 League_EU                23.02.2012                1.00.0000  benötigt
Samsung Scan Assistant        Samsung Electronics Co., Ltd.        07.01.2012        24,7MB        1.04.22.00 benötigt
Samsung SCX-3200 Series        Samsung Electronics Co., Ltd.        07.01.2012        benötigt       
Sid Meier's Civilization 4 - Beyond the Sword        Firaxis Games        20.12.2010                3.17 benötigt
Sid Meier's Civilization 4 Complete        Firaxis Games        19.12.2010                1.74 benötigt
Singles Patch 1.4                22.02.2011        benötigt       
Singles2        Deep Silver        22.02.2011                2.02.000  benötigt
Skype™ 4.2        Skype Technologies S.A.        14.04.2010        25,6MB        4.2.158 benötigt
Steam        Valve Corporation        15.01.2012        34,4MB        1.0.0.0 benötigt
TeamSpeak 2 RC2        Dominating Bytes Design        05.04.2010                2.0.32.60 benötigt
TeamSpeak 3 Client        TeamSpeak Systems GmbH        23.08.2010        benötigt       
TeamViewer 5        TeamViewer GmbH        05.06.2010                5.0.8421 nicht nötig
TextMaker Viewer        SoftMaker Software GmbH        21.05.2011        nicht nötig       
The I of the Dragon        Deep Silver (Koch Media)        06.01.2012                1.00 Ger / Eng benötigt
The Witcher Enhanced Edition        CD Projekt Red        04.02.2012                1.4.5.1280 benötigt
Torchlight        JoWooD        13.11.2011        455MB        1.0.0  benötigt
Ubisoft Game Launcher        UBISOFT        04.12.2011                1.0.0.0  benötigt
Uninstall 1.0.0.1                25.04.2011        11,2MB        unbekannt
v1.0                04.02.2012        415MB        1.0.0  unbekannt
Venetica        dtp        22.04.2011        benötigt       
VLC media player 1.0.5        VideoLAN Team        22.05.2010                1.0.5 benötigt
Windows Live Essentials        Microsoft Corporation        26.01.2011                14.0.8117.0416 benötigt
Windows Live ID Sign-in Assistant        Microsoft Corporation        04.08.2011        10,0MB        6.500.3165.0  benötigt
Windows Live-Uploadtool        Microsoft Corporation        11.12.2009        0,22MB        14.0.8014.1029  benötigt
Windows Movie Maker 2.6        Microsoft Corporation        16.05.2011        8,85MB        2.6.4037.0  benötigt
WinRAR                11.12.2009 benötigt               
XBCD 360 0.2.5        Dhruvb14        21.12.2009                0.2.5 benötigt
XMedia Recode 2.3.2.8        Sebastian Dörfler        15.05.2011                2.3.2.8 benötigt
ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ[ƒiEƒRƒ“ƒvƒŠ[ƒgƒtƒH[ƒ€                05.02.2010  unbekannt               
“Œ•û”ê‘z“V Ver1.06        ‰©¨ƒtƒƒ“ƒeƒBƒA        03.09.2010        benötigt       
“Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg        ‰©¨ƒtƒƒ“ƒeƒBƒA        03.09.2010        benötigt
Hinter die Programme von Apple habe ich nichts geschrieben, weil ich mir nicht sicher bin, ob ich sie brauche und auch bei einigen Programmen von Microsoft kenne ich einfach nicht wirklich ihren Zweck, um ein Urteil zu fällen.

markusg 23.05.2012 16:06
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
HijackThis
bringt kaum gewünschte infos und funktioniert unter win7 nicht richtig.
ICQ Toolbar
Java
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
K-Lite
Mozilla Firefox
öffnen hilfe update, version 12 instalieren.

deinstaliere:
ooVoo

öffne otl cleanup, pc startet neu
öffne ccleaner analysieren ccleaner starten, pc neustarten testen wie er läuft

Kireille 23.05.2012 18:50
Hab alles gemacht, wie du gesagt hast und der PC läuft gut.

markusg 23.05.2012 19:22
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie Download - Sandboxie 3.68

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

Kireille 23.05.2012 21:55
Habe die Punkte abgearbeitet und würde gerne avast! Free Antivirus und Opera als Browser benutzen.

markusg 24.05.2012 16:16
ok, dann machst du bei der sandbox die freigabe für opera.exe anstelle von chrome.exe und bei anwendungen, webbrowser, andere die freigaben für opera, außer gesammten profil ordner.

Kireille 24.05.2012 21:04
Ok, habe ich gemacht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:49 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131