Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Kazy.20156 seit gestern Abend (https://www.trojaner-board.de/97872-tr-kazy-20156-seit-gestern-abend.html)

helpblub 22.04.2011 07:07
TR/Kazy.20156 seit gestern Abend
 
Jo wie der Titel schon sagt ständig iwelche "festplatte beschädigt" meldungen ect bekommen sowie datein auf dem Desktop und anders wo unsichtbar geworden, allerdings konnte ich das schon durch Ad-Aware beheben, somit bekomme ich momentan nur im sekunden takt eine Meldung von AntiVir das eben TR/Kazy.20156 noch auf meinem Rechner ist und weiß net was ich tuen soll
vielen dank schonmal im vorraus

markusg 22.04.2011 10:42
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

helpblub 22.04.2011 11:38
OTL Logfile:
Code:
OTL logfile created on: 22.04.2011 11:46:04 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Blub\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 118,12 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: x | User Name: Blub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Blub\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Lachesis\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Lachesis\OSD.exe (razercfg MFC Application)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Razer\Lachesis\razerofa.exe (Razer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Blub\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe (SiSoftware)
SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys ()
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\DRIVERS\nlndis.sys ()
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\DRIVERS\nlndis.sys ()
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys ()
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys ()
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys ()
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys ()
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys ()
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys ()
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys ()
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys ()
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys ()
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS ()
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS ()
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS ()
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS ()
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS ()
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys ()
DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys ()
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.4
FF - prefs.js..extensions.enabledItems: {C8535153-1548-4A71-820D-B219C8B83B00}:1.9.1
FF - prefs.js..extensions.enabledItems: LF@ChaosRing:0.9
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 01:45:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 01:45:34 | 000,000,000 | ---D | M]
 
[2009.10.04 19:09:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Extensions
[2011.04.21 18:03:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions
[2009.10.04 19:10:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.03 18:00:47 | 000,000,000 | -H-D | M] (Zynga Toolbar) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.03.02 22:30:41 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.02 20:29:38 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.09 16:26:58 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\DTToolbar@toolbarnet.com
[2011.01.17 23:28:59 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\foxyproxy@eric.h.jung
[2011.04.16 18:09:20 | 000,000,000 | -H-D | M] (Lolifox by ChaosRing) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\LF@ChaosRing
[2011.04.16 18:12:17 | 000,000,000 | -H-D | M] (BlackFox V1) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\zigboom@hotmail.com
[2011.04.16 18:09:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\LF@ChaosRing\mozapps\extensions
[2011.03.09 16:25:28 | 000,002,059 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\daemon-search.xml
[2011.04.17 11:24:54 | 000,000,950 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-1.xml
[2010.02.10 15:00:53 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-2.xml
[2010.02.12 14:55:39 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-3.xml
[2010.02.19 22:24:50 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-4.xml
[2010.03.02 22:31:51 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-5.xml
[2010.02.03 15:38:36 | 000,000,947 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin.xml
[2011.04.17 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.12.29 17:32:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.17 14:47:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.21 16:47:03 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\BLUB\APPDATA\LOCAL\{C8535153-1548-4A71-820D-B219C8B83B00}
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPMPDRM.dll
[2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPWMDRMWrapper.dll
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Dbedejimijigok] C:\Users\Blub\AppData\Local\pshqlF.dll (Acronis)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [ISUSPM Startup]  File not found
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Octoshape Streaming Services] C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Ojifoxisigih]  File not found
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [uPc+nfdhfngXdaCxl]  File not found
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [uvEWQXCeAJwf]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.193 217.0.43.1
O18:64bit: - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000 Winlogon: Shell - (C:\Users\Blub\AppData\Roaming\hotfix.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\Blub\Pictures\Horrifique 3.jpg
O24 - Desktop BackupWallPaper: C:\Users\Blub\Pictures\Horrifique 3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.14 17:56:17 | 000,464,144 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.12.14 17:56:15 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.12.14 17:56:03 | 002,295,296 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.12.14 17:56:03 | 000,000,139 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2316e0f3-a442-11de-b632-001a4d57079e}\Shell\AutoRun\command - "" = E:\PStart.exe
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell - "" = AutoRun
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\AutoRun\command - "" = E:\setup.exe /autorun
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\directx\command - "" = E:\DirectX\dxsetup.exe
O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\{90a17993-f223-11de-ab02-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{90a17993-f223-11de-ab02-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.12.14 17:56:17 | 000,464,144 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{9a55c014-4161-11df-a0a2-001a4d57079e}\Shell\AutoRun\command - "" = E:\PStart.exe
O33 - MountPoints2\{fed5584e-af1e-11dd-9bed-001a4d57079e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe EGWIF1-005.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk -  - File not found
MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON Stylus D120 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATICCE.EXE ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\valve\steam\steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A81F05CA-1201-3755-1908-6B91DE046902} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {DC96EB4F-0A67-5C55-6674-784171D07270} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 07:57:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Blub\Desktop\OTL.exe
[2011.04.22 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\Blub\AppData\Roaming\Malwarebytes
[2011.04.22 07:36:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.22 07:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.22 07:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.22 07:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.22 07:33:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Blub\Desktop\mbam-setup.exe
[2011.04.21 18:23:23 | 000,000,000 | ---D | C] -- C:\Users\Blub\AppData\Local\Sunbelt Software
[2011.04.21 18:22:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.04.21 17:50:49 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Blub\Documents\Tunngle
[2011.04.21 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\Tunngle
[2011.04.21 17:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011.04.21 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2011.04.21 17:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011.04.21 17:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2011.04.21 16:47:02 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Local\{C8535153-1548-4A71-820D-B219C8B83B00}
[2011.04.21 16:30:06 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Local\SKIDROW
[2011.04.18 07:03:24 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\LolClient
[2011.04.17 22:27:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011.04.17 22:27:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011.04.17 22:27:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011.04.17 22:18:07 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011.04.17 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011.04.17 18:41:40 | 000,000,000 | -H-D | C] -- C:\Users\Blub\Desktop\League of Legends
[2011.04.17 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.04.17 14:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.04.17 14:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.04.16 23:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sven XXX - XS
[2011.04.13 17:39:12 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.13 17:38:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.04.13 17:38:48 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.13 17:38:46 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.04.13 17:38:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.13 17:38:44 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.13 17:38:44 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.13 17:38:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.13 17:38:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011.04.13 17:38:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.13 17:38:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.13 17:38:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.13 17:38:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.13 17:38:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.03.26 14:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2009.08.27 14:52:37 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.08.27 14:52:37 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2008.11.10 16:51:43 | 000,092,672 | ---- | C] (Acronis) -- C:\Users\Blub\AppData\Local\pshqlF.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Blub\*.tmp files -> C:\Users\Blub\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 11:21:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 11:18:10 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.22 10:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 10:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 07:57:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Blub\Desktop\OTL.exe
[2011.04.22 07:37:41 | 000,504,657 | ---- | M] () -- C:\Users\Blub\Desktop\unhide.exe
[2011.04.22 07:36:27 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 07:34:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Blub\Desktop\mbam-setup.exe
[2011.04.22 07:27:27 | 004,326,175 | ---- | M] () -- C:\Users\Blub\Desktop\cofi.exe.exe
[2011.04.22 03:21:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 02:29:34 | 000,005,812 | -H-- | M] () -- C:\aaw7boot.cmd
[2011.04.21 18:46:19 | 000,604,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.21 18:46:19 | 000,107,562 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.21 18:46:18 | 001,472,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.21 18:46:18 | 000,638,510 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.21 18:46:18 | 000,130,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.21 18:39:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 18:39:47 | 545,326,573 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.21 18:28:21 | 000,064,392 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2011.04.21 18:28:21 | 000,064,392 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2011.04.21 18:28:21 | 000,000,904 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx
[2011.04.21 18:26:58 | 000,049,752 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.04.21 18:24:35 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D45BA6FC-B2B5-4AD7-90D8-A5DBBA7FE330}.job
[2011.04.21 17:51:19 | 000,000,120 | ---- | M] () -- C:\ProgramData\~45735688r
[2011.04.21 17:51:19 | 000,000,104 | ---- | M] () -- C:\ProgramData\~45735688
[2011.04.21 17:50:06 | 000,000,344 | ---- | M] () -- C:\ProgramData\45735688
[2011.04.21 17:15:55 | 000,248,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.21 16:47:05 | 000,000,000 | -H-- | M] () -- C:\Users\Blub\AppData\Local\Okomanug.bin
[2011.04.21 16:47:04 | 000,000,120 | -H-- | M] () -- C:\Users\Blub\AppData\Local\Mcoramumusetubet.dat
[2011.04.19 02:00:29 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.04.17 22:27:31 | 000,001,673 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Blub\*.tmp files -> C:\Users\Blub\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.22 07:37:23 | 000,504,657 | ---- | C] () -- C:\Users\Blub\Desktop\unhide.exe
[2011.04.22 07:36:27 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 07:36:23 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.22 07:26:44 | 004,326,175 | ---- | C] () -- C:\Users\Blub\Desktop\cofi.exe.exe
[2011.04.21 19:16:44 | 000,005,812 | -H-- | C] () -- C:\aaw7boot.cmd
[2011.04.21 18:35:39 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.04.21 18:27:00 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.04.21 18:26:58 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.04.21 17:51:19 | 000,000,120 | ---- | C] () -- C:\ProgramData\~45735688r
[2011.04.21 17:51:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~45735688
[2011.04.21 17:50:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\45735688
[2011.04.21 17:11:41 | 000,031,232 | ---- | C] () -- C:\Windows\SysNative\drivers\tap0901t.sys
[2011.04.21 16:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\Blub\AppData\Local\Okomanug.bin
[2011.04.21 16:47:04 | 000,000,120 | -H-- | C] () -- C:\Users\Blub\AppData\Local\Mcoramumusetubet.dat
[2011.04.17 22:27:31 | 000,001,673 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.04.13 17:39:24 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.13 17:39:24 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.13 17:39:24 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.13 17:39:24 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.13 17:39:22 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.13 17:39:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.13 17:39:22 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.13 17:39:15 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.13 17:39:14 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.13 17:39:14 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.13 17:39:14 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.13 17:39:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.13 17:39:14 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.13 17:39:14 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.13 17:39:13 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.13 17:39:12 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.13 17:39:11 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.13 17:39:07 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.13 17:38:52 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.13 17:38:50 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.13 17:38:49 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.13 17:38:47 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.13 17:38:47 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.13 17:38:47 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.13 17:38:47 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.13 17:38:47 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011.04.13 17:38:46 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.13 17:38:46 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.13 17:38:45 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.13 17:38:45 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.13 17:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.13 17:38:44 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.13 17:38:44 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011.04.13 17:38:44 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011.04.13 17:38:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.13 17:38:22 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.13 17:38:22 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.13 17:38:19 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.13 17:38:18 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.13 17:38:12 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.13 17:38:12 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.13 17:38:12 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2010.10.28 01:22:50 | 000,000,006 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\start
[2010.10.28 01:22:08 | 000,000,006 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\completescan
[2010.10.28 01:10:33 | 000,000,010 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\install
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.01 22:52:21 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.07.17 23:44:15 | 000,017,408 | -H-- | C] () -- C:\Users\Blub\AppData\Local\WebpageIcons.db
[2010.05.09 18:53:31 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.03.20 22:36:12 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010.03.20 22:36:12 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.03.20 22:33:56 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2009.12.23 15:31:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.23 15:31:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.11.19 00:20:10 | 000,074,240 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.11.05 19:28:18 | 000,000,029 | ---- | C] () -- C:\Windows\TOBITADD.INI
[2009.10.23 23:09:59 | 000,134,122 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2009.09.18 14:43:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.27 16:48:49 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.08.27 16:48:48 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.08.27 16:48:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.08.27 14:52:39 | 000,390,609 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.08.27 14:52:39 | 000,051,979 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009.08.27 14:52:38 | 000,028,127 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.08.27 14:52:38 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.08.27 14:52:38 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.08.27 14:52:38 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.08.27 14:52:37 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.05.26 02:03:22 | 000,000,600 | -H-- | C] () -- C:\Users\Blub\AppData\Local\PUTTY.RND
[2009.04.04 21:30:27 | 000,007,808 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d9caps.dat
[2009.01.12 20:09:55 | 000,042,326 | ---- | C] () -- C:\Windows\SysWow64\uninstdivx.exe
[2009.01.12 01:10:46 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2008.11.12 15:06:52 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.11.12 15:06:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.11.10 16:53:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.11.10 16:51:35 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.10.09 00:21:06 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2008.09.16 18:02:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2008.09.16 18:02:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2008.09.16 18:02:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2008.09.16 18:02:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2008.09.16 18:02:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2008.09.16 18:02:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2008.09.16 18:02:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2008.09.16 18:02:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2008.09.16 18:02:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2008.09.16 18:02:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2008.09.16 18:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2008.09.16 18:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2008.09.16 18:02:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2008.09.16 18:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2008.09.16 18:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2008.09.16 18:02:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2008.09.16 18:02:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2008.09.16 18:02:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2008.09.16 18:02:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2008.09.16 18:01:31 | 000,000,041 | ---- | C] () -- C:\Windows\CDE D120DEFGIPS.ini
[2008.01.26 20:59:26 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.12.28 19:08:15 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2007.12.22 23:41:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2007.12.09 01:50:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.08 20:40:32 | 000,000,092 | -H-- | C] () -- C:\Users\Blub\AppData\Local\fusioncache.dat
[2007.12.08 19:50:38 | 001,491,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007.12.08 19:48:49 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2007.12.08 19:48:47 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2007.12.08 19:48:47 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2007.12.08 18:00:55 | 000,177,664 | -H-- | C] () -- C:\Users\Blub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.08 17:55:47 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.08 17:35:55 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2007.12.08 17:10:41 | 000,001,100 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d8caps.dat
[2007.12.08 16:57:36 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007.12.08 16:57:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2007.12.08 16:54:52 | 000,002,188 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d9caps64.dat
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2005.11.27 18:12:45 | 000,414,272 | ---- | C] () -- C:\Windows\SysWow64\DivXc32.dll
[2005.11.27 18:12:28 | 000,414,272 | ---- | C] () -- C:\Windows\SysWow64\DivXc32f.dll
[2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll
 
========== LOP Check ==========
 
[2010.07.21 14:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Atari
[2009.12.01 19:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock
[2010.10.12 17:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock2
[2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools
[2011.03.09 16:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools Lite
[2008.06.25 19:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\dyyno-vlc
[2011.04.16 23:15:38 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\GetRightToGo
[2010.11.11 22:02:50 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HD Tune Pro
[2011.04.22 10:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\ICQ
[2010.06.24 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\JavaEditor
[2010.12.11 11:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\kikin
[2008.10.15 13:45:31 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Locktime
[2011.04.18 07:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient
[2009.09.14 00:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.01.03 21:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Miranda
[2011.03.24 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mumble
[2010.12.18 16:01:42 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Notepad++
[2010.06.05 01:15:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Octoshape
[2009.09.18 17:29:35 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\OpenOffice.org
[2008.08.06 15:36:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Prabang
[2009.12.18 17:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\RayV
[2009.11.13 18:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\runic games
[2007.12.28 20:25:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Screaming Bee
[2010.05.09 19:07:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Subversion
[2010.03.07 17:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TeamViewer
[2010.01.03 21:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Trillian
[2010.03.16 01:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TS3Client
[2011.04.21 17:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Tunngle
[2008.12.20 01:38:06 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ubisoft
[2011.04.21 16:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\uTorrent
[2011.04.21 18:27:51 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.21 18:24:35 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D45BA6FC-B2B5-4AD7-90D8-A5DBBA7FE330}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.21 16:45:02 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Adobe
[2009.12.08 19:36:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Apple Computer
[2010.07.21 14:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Atari
[2009.12.01 19:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock
[2010.10.12 17:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock2
[2009.11.20 16:45:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\codeblocks
[2009.08.27 17:08:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Creative
[2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools
[2011.03.09 16:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools Lite
[2010.09.13 23:49:26 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DivX
[2008.06.25 19:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\dyyno-vlc
[2011.04.16 23:15:38 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\GetRightToGo
[2010.01.23 23:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Hamachi
[2010.11.11 22:02:50 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HD Tune Pro
[2008.06.24 12:45:33 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HP
[2011.04.22 10:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\ICQ
[2007.12.08 16:54:57 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Identities
[2008.04.18 17:26:29 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\InstallShield
[2010.06.24 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\JavaEditor
[2010.12.11 11:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\kikin
[2008.10.15 13:45:31 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Locktime
[2011.04.18 07:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient
[2009.09.14 00:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2007.12.08 19:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Macromedia
[2011.04.22 07:36:43 | 000,000,000 | ---D | M] -- C:\Users\Blub\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Media Center Programs
[2010.05.09 19:12:17 | 000,000,000 | --SD | M] -- C:\Users\Blub\AppData\Roaming\Microsoft
[2010.01.03 21:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Miranda
[2009.08.12 20:46:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\mIRC
[2009.10.05 14:05:10 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mozilla
[2011.03.24 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mumble
[2009.09.05 11:02:22 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\NCH Software
[2010.12.18 16:01:42 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Notepad++
[2010.06.05 01:15:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Octoshape
[2009.09.18 17:29:35 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\OpenOffice.org
[2008.08.06 15:36:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Prabang
[2009.12.18 17:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\RayV
[2009.11.13 18:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\runic games
[2007.12.28 20:25:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Screaming Bee
[2007.12.08 18:30:47 | 000,000,000 | RH-D | M] -- C:\Users\Blub\AppData\Roaming\SecuROM
[2011.04.22 11:35:18 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Skype
[2011.04.22 08:30:46 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\skypePM
[2010.05.09 19:07:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Subversion
[2010.07.15 22:16:41 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\teamspeak2
[2010.03.07 17:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TeamViewer
[2010.05.09 19:23:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TortoiseSVN
[2010.01.03 21:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Trillian
[2010.03.16 01:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TS3Client
[2011.04.21 17:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Tunngle
[2008.12.20 01:38:06 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ubisoft
[2011.04.21 16:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\uTorrent
[2010.04.25 11:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ventrilo
[2011.03.04 23:40:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\vlc
[2007.12.22 23:48:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\WinRAR
[2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
[2010.12.11 11:00:58 | 001,166,568 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
[2009.09.14 00:51:11 | 000,038,208 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.02.13 08:07:36 | 000,393,216 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2009.01.08 15:44:06 | 000,070,936 | -H-- | M] (Octoshape ApS) -- C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.02.14 14:12:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys
[2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.02.14 14:12:07 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2007.12.08 18:24:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2007.12.08 18:24:31 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2007.12.08 18:24:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.19 10:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.19 01:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2007.12.08 18:24:32 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 10:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 10:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.12.08 18:19:11 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 10:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.19 09:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.12.08 18:19:11 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.12.08 18:19:11 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2007.12.08 18:19:11 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 10:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.10.15 00:35:23 | 000,044,484 | -H-- | M] ()(C:\Users\Blub\Documents\?????¯???.txt) -- C:\Users\Blub\Documents\Ƹ̵̡Ӝ̵̨̄Ʒ.txt
[2010.01.30 15:34:01 | 000,044,484 | -H-- | C] ()(C:\Users\Blub\Documents\?????¯???.txt) -- C:\Users\Blub\Documents\Ƹ̵̡Ӝ̵̨̄Ʒ.txt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Blub\YouTube - WotLK Naxxramas - Kel'Thuzad.mp3:TOC.WMV
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---

helpblub 22.04.2011 11:42
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 22.04.2011 11:46:04 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Blub\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 118,12 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: x | User Name: Blub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 14 0E 40 71 49 43 C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12CF4DB7-0DAA-4CBC-B9FB-333C49CA7CFA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe |
"{17A8C42F-0BB9-4CEC-AC14-C94FC368B5E3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{219A1FDD-6128-45E9-9FCF-DC91701A7387}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{48B2DC95-0E81-408E-9A9A-59B5A987AD4C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49640DC1-07C4-4F82-BEAF-2EA50B25F9A2}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{563C6D46-FDFE-4B37-9632-59010387F7D0}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{5E51CB45-F547-4231-9684-D0141E65A22E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1F09BB3-B0E8-456E-950E-DAF963E80B11}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{C243750A-8B92-4BA5-881E-0235518DF899}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe |
"{C4D8BFE2-672E-477E-8FC4-33F8FF3924B7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{E5062893-DB72-48A1-BC16-3C009B44961E}" = lport=3306 | protocol=6 | dir=in | name=localhost |
"{FCC36732-805B-473A-9AB4-4BC5B5CE5FBA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0264D9B1-A1FF-404B-850B-906DA6A37360}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{040F017F-5C9A-4590-86A2-9F89E5EBE776}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe |
"{05DBC8E8-71FC-45E3-9A5B-ACA4EE274297}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{06962F71-0DF5-49E9-81F2-D03C78371FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dark fall lost souls\darkfalllostsouls.exe |
"{08F2EC7B-A35A-4100-B845-12406A652A36}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{0B1D9085-CE45-412C-8AC8-EFB17FD4E18B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{0B6DCD8A-2C2A-43E2-9166-0FAC8D6F5531}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{0B9BB747-985F-43E7-B9D2-C65FB88EEA0A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{0D679EFA-23D2-4BC8-9211-11A9F49143F2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{0D6967BB-F8BD-459E-B62D-C787636FCA34}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{0F9E46AE-8BF4-4737-93B0-4F459BEADFF4}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{0FD2BF8D-D3A2-45CC-9DAD-4F979B4E6595}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{145010F6-BC68-4EE1-8886-F9DD55255C33}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{15E59C53-63F3-4FBE-8414-47D1E00A4A6F}" = protocol=6 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{18EB64B6-7FA1-4400-B175-697469B01D78}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{1A1AE26A-2EEB-4176-B1A1-0A18F69E3AF9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{1BED3890-F693-4455-9344-EF3DDA2F2DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{1E73B1F9-B218-4074-9356-586957D5587F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{1F1C40A4-E60E-41FF-8C2D-F3B70C155B74}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{205481A2-5812-4789-934D-E1B3062E2E14}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{222CCC1B-B798-488E-81C1-0EEAB609091C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\chuzzle deluxe\chuzzle.exe |
"{227C4F0E-D437-46AA-A9E2-963A0721F64A}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{23C87C1D-2DD2-44FE-85BB-495D29C650D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{240FBC89-9974-4CBB-A65F-959F6F08DB99}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{24856F73-F99D-40BB-BBB0-0BE8C8E90425}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{24E8AB99-44F3-494E-A4E3-AD59E90BA728}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{26994095-EC4F-4A06-973C-0ECD2896E2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe |
"{2A43E3C7-E554-4441-8148-DA6A778FB22A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{2A814407-4EE2-42C0-B24E-E5E29AE5908B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe |
"{2D39CB9A-D387-47BB-9B3A-AC7179E259B6}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\counter-strike source\hl2.exe |
"{3052D1A8-B7F7-4D0F-8101-1BB1BD5BBA12}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"{30C22F42-2362-4D25-BE1F-1F3D0A37AD1F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-engb-downloader.exe |
"{32C56732-C007-4BAC-87D2-9C23B7A0DAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{330379D4-DCB6-4A49-9DE2-45F0EAF64530}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-engb-ptr-downloader.exe |
"{35CAA15A-C7C9-4F0E-AE78-0B5C210A4EF4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{394D03B0-A9A6-4CA0-9BD6-FC2F73312C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39AE4A98-2400-4CB9-966C-54F4C3729881}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{3DDCAC50-2D5C-4170-B7CC-9143759C7466}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{3EBC20B6-284E-49A3-BD1A-83B13D4337CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-engb-downloader.exe |
"{4012359A-FE68-4140-A5D6-BA5A2D090620}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{41386F96-F7AC-45B8-BD4C-1B5F05CE4922}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{417EA44E-65DB-4122-94EE-31584FDEF7B3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{419135EE-666D-4277-A1A7-BBEE9458CCD2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe |
"{41F48F44-928F-4414-872A-B0E01A712844}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\counter-strike source\hl2.exe |
"{42C32EF9-6EA7-4EC9-805A-96A46B42F983}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{44EE8BB1-5AA7-4029-9AF2-C08D70723BF9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{4662990D-D239-4D65-A15A-6409BAF3E10C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{46EA6C3A-C51F-46D0-BEBE-8E63BFDC733A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{47BD2E25-4701-4714-90AE-2096900AAF87}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{47D84D13-2903-4040-AD71-90F93FFB00B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{4ACCB5CE-1C4F-481C-B51F-867EABF033C2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe |
"{4C04391E-B63B-49DF-94AC-F9704D37B850}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{4C27E691-E845-4545-ACFA-B3550B2E1BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{4C42A191-0682-4CDD-889E-DE788F3808C1}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{4C5738A2-025C-4C94-AF26-C46FFE2D8BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{4E2BAEBF-66E3-4454-95C4-B8E8DC2F17FB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-engb-downloader.exe |
"{4F30CAE8-531A-48AA-B5E4-2662DBDA42E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-engb-ptr-downloader.exe |
"{52345690-927B-40E6-942F-64F650AE98E2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe |
"{53FBA0C5-0AF1-46FD-B93C-F1E11D2AC0F2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{561882F9-11E9-40E8-A9F1-9447C2B85BF1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{564C0CF7-53B3-47CD-81EC-BC9CB104CCE5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{572237CE-D268-44BF-B7F8-335597AA82DD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe |
"{5CDC6003-C8F2-413B-B777-8153A4BA4ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\chuzzle deluxe\chuzzle.exe |
"{5DE7D8CE-8E8C-4024-ACA6-E2FD9B3B53B7}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{5EF2F955-B232-4D68-A389-5446CF86B4D4}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |
"{612E1709-8573-4F13-9844-141A7294E081}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{676CE437-786C-46BF-9AF9-0DF4533C9AF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{68A8DFD1-BD51-4625-B84C-5379D38C4E13}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{68B827ED-827A-415A-824E-DA9A45AE30BB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{6BF489D5-F975-4967-B2C7-1433374B0699}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{6E011D46-4CE9-49B5-8486-34EF22C98C11}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-engb-ptr-downloader.exe |
"{6E71D27E-4288-4704-9413-8F78BB695EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{6E7797E2-644D-4D5C-BE86-BC803D4BBF7E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{701CA347-17D4-446C-B1E2-964BCED46ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{70A3B442-554E-47E9-90C1-DBEF4177954C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe |
"{720D9FEC-C150-4EFF-9FB5-4B7090443E1B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{72D7884B-89D4-48A6-80CB-849F04431017}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe |
"{761DBA2A-40D4-45E1-8944-5F44721D9F7F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{78E86215-1BDE-482E-80AF-AD9EF6C9DBE8}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{79354D76-C561-47F4-9875-19144B0DFCA7}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe |
"{799E360A-ED64-42BF-96AC-3A71BDA4F786}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{7B4E71C9-E795-4230-921F-F8CA577995B7}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{7CCB3C47-5202-4E4A-B4DA-422890398E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{81C7A85E-46B0-416A-BCFA-5C4125BB2ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{822D1C53-E807-45EC-9DA6-F0F95D187491}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe |
"{832018A0-4F2A-4C5E-AF78-F339F0BE173F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{8B0490E4-2300-4BAC-A925-70985B0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dark fall lost souls\darkfalllostsouls.exe |
"{8C9939D9-B7B9-46A7-80E8-E213735245CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8D469410-57A0-4AD9-B16F-21B2140F6D0F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8EC10A85-4CAD-4242-83E8-38BC58289F52}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8F5051F4-55F1-4356-9C0D-51EEE0B907EF}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe |
"{919B62EE-C900-43F7-94B6-4FD02C3C7645}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe |
"{9246A485-1EF0-421A-8A91-27976B39E75E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{928825A0-C60E-4A11-8688-3F70B29AAB21}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{9391233B-3CE5-41A7-8FF4-0C31ABFB2AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\ghost master\ghost.exe |
"{9574085B-A337-460D-9F2B-E829086AC09F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe |
"{96C843F9-80C8-48B3-AF23-923E72E8FD90}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\ghost master\ghost.exe |
"{9AE55293-614E-4BCE-BDBD-276B53579317}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9D715D5E-8E31-4DB2-8259-8F2C2DD955CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A1E55E53-8B0E-4284-8F18-82ABBA0C0D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{A47FE973-AA0F-4397-8230-B3346229ED76}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe |
"{A4CC26A8-8B7F-45FC-91D9-95897F422D00}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5DAC060-B77D-467F-B19B-F430CC58EA83}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{A6BEE062-6998-427E-A58A-0F7B89C49F52}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{A8232B7A-9602-4374-ABEF-59BC9E495D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{A83A0CD5-B784-4162-89B0-EE88F3431D24}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-engb-downloader.exe |
"{A87540EA-05EB-4E8D-B90D-2378FC5ADDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{AA50EE6F-E5F0-4A6F-B1A9-AE99D5A44D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{AA9A8A62-9ED8-4D4D-909F-6F41C15AB5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{ACBE4BEE-2217-4E43-B3F8-B9CD077B5EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0C4373F-3CD8-4EBC-9441-129731CA03F2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B235BFC2-4EFA-47DF-BA4F-68C14C56A10D}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B259F243-49C9-4E07-8136-592B2D95CD84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2F86696-B237-41D6-A96E-38E02BD07C52}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{B59723DA-48DA-4EEE-AF9A-6239BB7DDD7E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe |
"{B7090879-7492-459B-99AB-F98637D13749}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{BBB00676-56A9-4250-AE8D-0A0ACA9DC685}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{BC020316-5CAF-425B-B680-E3DB0FE0DE69}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BEBF8F36-8B49-4317-908C-491057ECD707}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{C2017633-89A0-403D-B260-A10EC4967D84}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2128307-6EEF-4FCC-8CA5-24BC44EE0C28}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe |
"{C2BFA0E0-DCCF-4491-A7A7-8851B896C369}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{C42F4793-79B3-4FAF-913A-8A30B1050B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{C6A9C4FB-2081-4D7A-8DA5-2E23068DAD46}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{C7A0028F-2EC2-43D0-8A0A-0E6D2FEC8679}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{C7D06970-A18A-4F45-8E40-650EEF172D6D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{C8C06F38-69F2-4E1E-88EA-2ED0750BDDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{C94F7D47-BDB0-4648-A815-E277CF2FEADA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{C96F1C73-9DC8-43AF-860D-2861FC6614EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CB726906-5FF0-4BB1-A722-6BE9E42FF069}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{CBFCCDFC-820A-49F5-A083-1D01958E128A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{CC89DA93-1829-425C-AAB5-3EF1E75D36F0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{CE394FBE-20BE-4D1B-82DD-35620B63DB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe |
"{CF0BCE72-A009-4328-BF49-A617ED57F3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{D34BE9D2-8355-4CE1-8368-11A30C13779E}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{D48AB012-8E92-4661-A7C7-904C71EF6AA1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D4AB8177-EC3D-4E6E-B327-94D10CB2EB4C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-engb-ptr-downloader.exe |
"{D59A0711-1E80-4E63-BCC1-84ECB40370C5}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{D9650B26-CAA0-431C-B1EC-1FD10BB20740}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{D993AFA1-549B-45D9-8413-89A6F374631B}" = protocol=17 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{D9B445AC-0EE4-4601-A23F-0944E079BDE2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe |
"{DB4624C2-B1F3-459B-834C-3DDDA8D7810C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-engb-downloader.exe |
"{DBC56FD3-5004-4779-901E-E7D380060A67}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{DC1B3067-5E0D-4A1B-820A-EAAEC768333F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{DC40BEE3-4B9E-4B0D-A2EA-95E27B133CFD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe |
"{DCB1F339-2BA9-4B5D-A188-0003F6122F45}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{DD24B90F-201C-4536-AC77-CA399A7D1FC9}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{DD84EDB7-5B95-4152-85D4-7AC35E686DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{DEA2045C-73D7-42F4-A526-9686ADF84560}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{E45BF645-9C4B-4D0F-9948-6668CE51E083}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{E50FE606-2815-401A-B13A-B9C96E74A9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{EBC9F0FB-F846-4841-BB36-F00541089217}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{EC147C92-0B71-43C7-8ACA-123BFDEFBA37}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{EFAF3DBF-D3AC-4099-8214-41B46713CEB0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{F2979DA1-5A11-4E23-A365-01A8CE587C77}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{F3C167B5-D55A-4F45-B759-4CAC10BFDC04}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-engb-ptr-downloader.exe |
"{F5E3DA64-706A-4BB5-A401-04872E5AB1B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-engb-downloader.exe |
"{F80678CA-AEDE-4344-85D7-6B256AAAE805}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-engb-ptr-downloader.exe |
"{F864AA5E-9DA0-46C6-995A-D663930FC318}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"TCP Query User{03121608-7C4D-40D3-B6F7-45A32EE7ECAC}C:\users\blub\desktop\neuer ordner\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\valve\hl.exe |
"TCP Query User{03629B3F-6980-4F92-9B7B-758A49DA4683}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{07BA6141-E5FE-473D-B7D4-AC053905271E}C:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe |
"TCP Query User{0945D85B-37EB-42EA-ACCB-A14C1317785D}C:\users\blub\desktop\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\xiii\system\xiii.exe |
"TCP Query User{0BB3C0D6-ABFF-4506-B569-2D9755521693}C:\users\blub\desktop\cabaltemp\estsetuploader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\cabaltemp\estsetuploader.exe |
"TCP Query User{12BAC182-6352-4B8A-85F7-CFCC27D2F17F}C:\sierra\ee-zde\ee-aoc (2).exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc (2).exe |
"TCP Query User{13D4C224-70D7-469F-811C-23EAFC6E08BD}C:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"TCP Query User{1583A3C3-8B55-40AF-B3E5-02316ED396CE}C:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe |
"TCP Query User{1597BE5E-A221-4845-8944-60C4D7CC9064}C:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe |
"TCP Query User{1724854B-A50D-409D-AF57-32EB9534D942}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe |
"TCP Query User{1A3471CC-4B21-4AC8-B51C-9B15977FF162}C:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"TCP Query User{1A63F083-2EBC-4F97-B348-A96F33355126}C:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{1A7C58F7-64E9-4EC1-9573-BBEEAF662C56}C:\users\blub\desktop\stronghold\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\stronghold\stronghold crusader.exe |
"TCP Query User{1DCB847B-6EFE-45F4-9F82-66CC3A2D872A}C:\users\blub\desktop\dg - mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\dg - mangos\mangosd.exe |
"TCP Query User{264134FB-CA7C-4930-B92D-886A45BE3EF3}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe |
"TCP Query User{28578DF1-EDDC-475B-AC09-F9D6E2D0D7CD}C:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe |
"TCP Query User{2A1489B9-30A5-40CB-A92E-F0FEECE1580D}C:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe |
"TCP Query User{2A763B99-6528-4F32-B173-45A1D0700295}C:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe |
"TCP Query User{2AB547F1-17CA-41D8-BAE4-C043A9C887D5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{2DA5FFB0-974E-482C-9225-BCFCA556ED23}C:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"TCP Query User{2E91A64A-03CC-4AB3-9AAA-FE48A77F4211}C:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe |
"TCP Query User{387493AD-16BB-42C6-8495-B85677D33B1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{388E2354-9AC2-4151-B221-BD77C0E19D39}C:\users\blub\desktop\gotcha!\gotcha.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\gotcha!\gotcha.exe |
"TCP Query User{39D01090-F496-44B0-831D-3898771E7675}C:\users\blub\desktop\mangos server\dg - mangos\realmd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\realmd.exe |
"TCP Query User{3A30E95C-3F0F-4A24-B47D-31ECE85871EB}C:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe |
"TCP Query User{3A4ED5E8-5057-4D95-8FDB-88FFAEFFE772}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{3AB5F259-BB9C-4A20-913E-2976818CF806}C:\users\blub\desktop\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\ut2004\system\ut2004.exe |
"TCP Query User{40384B20-5555-4FAD-81CE-5B49F05A3268}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe |
"TCP Query User{408ACE3D-90CF-4FDE-90F9-70B6934FCC66}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{43B2A93F-641D-44BF-B228-3AEA53D92E64}C:\users\blub\desktop\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\flatout\flatout.exe |
"TCP Query User{4D0E7F98-A417-4579-B970-1D5F1707AF17}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"TCP Query User{4FBACF43-582F-4AAA-B9A1-9D965DAE943D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"TCP Query User{52E4A364-D229-41A6-9115-E87BB044D76E}C:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe |
"TCP Query User{5BDEF01C-2AAD-4858-A140-E741A46EB502}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe |
"TCP Query User{6199BAB1-5165-4DE1-8AB7-7B653B01F884}C:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe |
"TCP Query User{63A65B9B-591E-45FF-AB39-34ECA78D6182}C:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe |
"TCP Query User{656A8B37-43D4-4F9A-8769-167F0D6AE28A}\\soeren\games\age of empiresii\age2_x1.exe" = protocol=6 | dir=in | app=\\soeren\games\age of empiresii\age2_x1.exe |
"TCP Query User{6882160C-A1CC-4664-829C-9D1E907B6CE5}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{6A27E0B7-8BC4-40BC-9FED-16E42ABE4CD7}C:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{6BC8D7E8-A863-4DC6-A330-97FC16B09257}C:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe |
"TCP Query User{744E17A5-BECB-48D0-8801-508CE77D627E}C:\users\blub\desktop\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\tmnationsforever\tmforever.exe |
"TCP Query User{79068115-35AA-46FD-B7C9-B56D0C1AEF13}C:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe |
"TCP Query User{7C40660A-BE15-4CC6-B088-6768EC8756F2}C:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"TCP Query User{826DCFD9-7A2E-46F7-AF54-8948E0D1A8CB}C:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe |
"TCP Query User{864FCE63-0B06-47DF-8980-C4EDD46D82EA}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe |
"TCP Query User{88EA9193-F3F2-45BF-B3D1-CC9DC192DC0F}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{8A3CB605-F13A-44EF-9646-36F83AFE2EC6}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{8AA61718-36F7-41B5-8D10-B97D1AC21881}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{8DF04696-E822-453B-A7CD-3D0E8A537419}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8FBDFB7E-9002-43BA-AE22-41846E854178}C:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe |
"TCP Query User{948170EA-E474-4899-9019-13339B38CB7D}C:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe |
"TCP Query User{96FB64EF-1818-408F-9EDD-5554D05C0270}C:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe |
"TCP Query User{971A1A21-0C01-408B-B3E0-2D33FBB0540B}C:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe |
"TCP Query User{999C8B17-29E6-460D-921E-DFBEEC3D324F}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"TCP Query User{9CDD04EA-7426-43EC-A1EF-3EAD7A8BAA3D}C:\users\blub\appdata\local\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\local\dyyno receiver\dppm.exe |
"TCP Query User{A3889922-A3CB-4E68-AE16-650B9D005E42}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{AB1AE069-58F1-4A48-BEFE-C6A55BB76392}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{AEEB176C-7C5D-43FC-A8D0-0D7B1B241CA1}C:\users\blub\desktop\neuer ordner (3)\dx.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner (3)\dx.exe |
"TCP Query User{AF3F7AC2-4570-4580-923C-D184299ADE25}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"TCP Query User{B673B0BB-9145-4565-8F56-01E1766CF08F}C:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe |
"TCP Query User{B9032F5F-010F-4DA6-A17E-2EB1EEC1BB41}C:\users\blub\desktop\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\worms armageddon\wa.exe |
"TCP Query User{BAE3E225-F4D1-4ECB-8F87-A46785E5B4E8}C:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe |
"TCP Query User{BB3579F7-7CEB-4F0B-B223-C618F8AD991F}C:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe |
"TCP Query User{BBCBD572-6D23-4F38-A9CF-0512F9517EBE}C:\users\blub\desktop\dg - mangos\realmd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\dg - mangos\realmd.exe |
"TCP Query User{C17636CA-EA44-42E3-99B5-4D7C247E3B8D}C:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe |
"TCP Query User{C1DAB5FE-8184-4A3D-AED7-F9D505E4A17D}\\soeren\games\age of empiresii\empires2.exe" = protocol=6 | dir=in | app=\\soeren\games\age of empiresii\empires2.exe |
"TCP Query User{C2D1FE59-05E7-4941-97CF-E899E4F31CA6}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{C2F89E00-19B5-40C6-AFE6-460A021121CD}C:\users\blub\desktop\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\counter-strike source\hl2.exe |
"TCP Query User{C4EDAAE4-C737-4DB2-B74A-EEFC428148EF}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{C9EF19EF-E9E0-420D-A985-98C48B049D4D}C:\users\blub\desktop\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\valve\hl.exe |
"TCP Query User{CA32B620-ECFB-49C4-8136-DA32059D00C4}C:\users\blub\desktop\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\cod4\iw3mp.exe |
"TCP Query User{CDA35547-E630-45D9-AFF0-9AD0101F5112}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{CE689387-F08E-4340-B36A-8B91F49AE1E1}C:\program files (x86)\tortun\gui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"TCP Query User{D148C603-D7A4-4A7D-B0A6-9D5DFDF274E7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{D2FA20E0-8B90-456B-8F5E-F140D5997C14}C:\users\blub\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{D36A0FE7-3A94-40A3-B8EB-26F04996800F}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{D3D921DE-23E7-4F97-95CF-6A7AC417D1A1}C:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe |
"TCP Query User{D58E899C-5AAC-4D58-AE88-71AEDC1F3C18}C:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"TCP Query User{DE2934B0-0249-4D83-9C1F-A1DC1259EA67}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{E73300A0-8443-4378-A18D-E50752CA017C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{EC05A8D3-A730-4A6E-8895-281BDDE3A72F}C:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe |
"TCP Query User{EE5B85B8-8621-465F-818F-590D0459750B}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{F19B6413-37FE-4018-92A4-D8F0F1E01114}C:\users\blub\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\warcraft iii\war3.exe |
"TCP Query User{F6328364-CD49-4B19-83C0-D979AC20BF7D}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{F7E13548-723E-4169-A14D-0CCA8DED1465}C:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"UDP Query User{04BE7518-CF86-4692-915C-56A4CC331666}C:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe |
"UDP Query User{05A8E5ED-D2F0-4045-AE31-39B92A0ED6BC}C:\users\blub\desktop\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\ut2004\system\ut2004.exe |
"UDP Query User{07B7AE82-97A4-4B8C-B4CA-A17A4737BC65}C:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe |
"UDP Query User{097B793F-B6AD-4892-A0F6-B074C709E516}C:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{0DB93BFA-FCE7-40B3-8135-E01AFDCF870A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{0F888632-92FA-458C-BEEE-11CEA1B2E758}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{0F8D2C33-3882-42AB-B735-425407A1C321}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{10109B2C-16F9-4473-8019-9A577A06708E}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"UDP Query User{162FC2F1-058A-432C-B9FB-41E3B82A5F35}C:\users\blub\desktop\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\tmnationsforever\tmforever.exe |
"UDP Query User{1C69ACD0-7346-4B92-9FF6-4B5B0A080165}C:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe |
"UDP Query User{1D7B2BEC-84C3-476A-B33E-53BF6C334BC9}C:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe |
"UDP Query User{1DF29935-3642-436B-AD13-48BE08C5BD1E}C:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe |
"UDP Query User{2B456A91-6879-462C-AEFC-0EAB348A1151}C:\users\blub\desktop\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\xiii\system\xiii.exe |
"UDP Query User{2CFC2079-29D3-42EB-9F41-FB45AA607216}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe |
"UDP Query User{2ED4FAB2-7242-4791-8269-9589219FE406}C:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe |
"UDP Query User{30DEFF4E-30C6-443E-9AAE-C97720D69B42}C:\users\blub\desktop\dg - mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\dg - mangos\mangosd.exe |
"UDP Query User{33262D80-5004-4CD6-979A-CA8B16B37040}C:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"UDP Query User{39175166-91FA-402A-8EB2-7ECEEFAC8BAD}C:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe |
"UDP Query User{39EBD447-A01D-41BD-962B-64E645622301}C:\users\blub\desktop\neuer ordner (3)\dx.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner (3)\dx.exe |
"UDP Query User{3D37212E-185D-4023-8908-2E0F41D3069A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3F68D1A9-3C75-43E8-9919-93C047BB616F}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{4236A288-D6D7-4C4F-B640-7376C8F0A252}C:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe |
"UDP Query User{464AE905-B702-4983-82EE-2264EA2ACD14}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe |
"UDP Query User{4B106ACC-8909-4300-8DDE-29C71D06DDA3}C:\users\blub\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\warcraft iii\war3.exe |
"UDP Query User{4F4A48C3-D0AA-415D-BA93-32853F1FF37D}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe |
"UDP Query User{50493F05-71C3-44BD-BF99-0D6CB2963F0A}C:\program files (x86)\tortun\gui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"UDP Query User{55A4C9FC-E476-4D5F-961A-A89B1E9E21EF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{55E037CA-426F-4FE9-B6A6-623E1C31C826}C:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{58C50F49-278F-4945-8E59-31A767501D89}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{5DCA5BD1-4670-445B-BF2A-368DE68CCE8A}\\soeren\games\age of empiresii\empires2.exe" = protocol=17 | dir=in | app=\\soeren\games\age of empiresii\empires2.exe |
"UDP Query User{607E039F-8B7C-4FFB-8EFD-6799921040C0}C:\sierra\ee-zde\ee-aoc (2).exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc (2).exe |
"UDP Query User{61AA40FF-A4AC-4A87-B29B-DD2D1FBAA44D}C:\users\blub\desktop\stronghold\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\stronghold\stronghold crusader.exe |
"UDP Query User{638E8C6E-7BEC-48E8-BF37-FE62FB10C062}C:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe |
"UDP Query User{64CFB000-967F-436F-9A7E-B10B6B3C9605}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{684BF62F-0CAE-4617-999E-58B00B8B5B4F}C:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe |
"UDP Query User{69E5CE65-4F51-4B9A-A735-9FACA2CF9E92}C:\users\blub\desktop\mangos server\dg - mangos\realmd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\realmd.exe |
"UDP Query User{6FCA580D-2471-4480-B18A-CD542E0E1DF4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{74E50039-718F-4663-ACB5-F7E7F033A2E9}C:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe |
"UDP Query User{7B7CF558-B883-4BEA-88F1-8ABCC056D5CE}C:\users\blub\desktop\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\flatout\flatout.exe |
"UDP Query User{7CB41976-3D88-4B0E-84B4-5EB9635971B8}C:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe |
"UDP Query User{818F2364-4CCD-4FA9-B101-51DFC0733919}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe |
"UDP Query User{88BA9FAD-F5A2-4906-9B62-2DA1DB8D927A}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{8AEB909D-C6B0-45D4-842B-36C758C215ED}C:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe |
"UDP Query User{8B1EE463-2FAE-49CA-A88D-FD0DF4B4F2BB}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"UDP Query User{8B5CE374-8819-45B0-AFA7-57318F8A0AF2}C:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe |
"UDP Query User{8BEA10BE-C65F-445B-9BA5-F9CD985D6170}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8C5A97AA-B83E-4E81-B803-DFB5CC645D41}C:\users\blub\desktop\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\valve\hl.exe |
"UDP Query User{906CFD00-CEE4-49B1-86E5-352EC565040E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{90FD74F7-1FE1-4701-A357-705D8E1B525E}C:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe |
"UDP Query User{912C4E25-8BBA-42B7-A63D-8719A0BE0AFB}C:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe |
"UDP Query User{928C1903-F6F7-4695-9761-8908BB5B33D5}C:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe |
"UDP Query User{94878407-284A-4EF9-9DE4-785427B953F8}C:\users\blub\desktop\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\cod4\iw3mp.exe |
"UDP Query User{95AF5BF4-9679-44A1-886E-0D273857A226}C:\users\blub\appdata\local\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\local\dyyno receiver\dppm.exe |
"UDP Query User{99C35F84-A444-4D41-BAB2-9949F3BC3204}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{9C78EB0E-8870-4D5F-AD46-39F7BBE9524C}C:\users\blub\desktop\cabaltemp\estsetuploader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\cabaltemp\estsetuploader.exe |
"UDP Query User{9E13CA69-9F22-49F5-B301-E1DBB3E0BCE9}C:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe |
"UDP Query User{9E4C1147-BB6C-474E-AC34-31755527205C}C:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"UDP Query User{A0426E05-294B-4D99-AAED-CD82CEE7FB08}C:\users\blub\desktop\gotcha!\gotcha.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\gotcha!\gotcha.exe |
"UDP Query User{A8A49E56-3EC8-4071-A509-6F2F0D26BEEE}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{A8E3D995-D0A3-4F8D-B2CE-E3DDCF5BEA30}C:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"UDP Query User{ACEF5D13-3EFB-4ECE-BD30-98BB484F5C32}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{AEC4E53F-9A77-42F0-8E95-DA396C831B16}C:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe |
"UDP Query User{AFC7A7DB-2B25-4B7A-B335-B14D96CE7589}C:\users\blub\desktop\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\counter-strike source\hl2.exe |
"UDP Query User{B0242723-7AFD-4C62-99FB-EACC8A6F7BE2}C:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"UDP Query User{B10D2825-2303-44B9-9565-D01DB4560093}C:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"UDP Query User{B33B64E4-23FB-402D-A2FD-4AC878B9D7B9}C:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe |
"UDP Query User{B625BB6E-43AD-4495-BE83-DF76BBB38288}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{C5E8F48F-A2B5-4106-A2EB-2489B06A593C}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe |
"UDP Query User{C62F3AF4-DD72-4B1D-8055-D4BFE9DE0946}C:\users\blub\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{C97329C2-6D05-4011-A747-60542885F642}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{CA638E1A-AAC8-4771-BD98-CD6BF4D68B08}C:\users\blub\desktop\dg - mangos\realmd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\dg - mangos\realmd.exe |
"UDP Query User{CBC6F1D3-E612-4809-9881-25E19EC7C291}\\soeren\games\age of empiresii\age2_x1.exe" = protocol=17 | dir=in | app=\\soeren\games\age of empiresii\age2_x1.exe |
"UDP Query User{CD3159D3-FB3C-4E87-A7A1-65796CB195BA}C:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe |
"UDP Query User{CE763308-89FF-42DB-887D-1D90DFF74893}C:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe |
"UDP Query User{D01848A3-8594-49F8-A794-3D77255ACFE7}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"UDP Query User{D64A7A5D-F97D-4267-8451-A4FD10F4B9A3}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"UDP Query User{D8B3BC60-CEC3-46D3-BB33-C61E540F2398}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{E06196A5-C27F-4E4A-B501-26E17B5A5013}C:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe |
"UDP Query User{E147E616-854E-47F5-B48C-E81EB6AA1401}C:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"UDP Query User{E3452429-2DAD-4276-89D3-F2E0443591AD}C:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe |
"UDP Query User{E7B6F56D-276A-4EF1-8621-C0C50B26739F}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"UDP Query User{EC0092D3-0122-40DF-8887-BB632B493C7A}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{F6AFECEB-23B1-4BD4-A089-B188231C8785}C:\users\blub\desktop\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\worms armageddon\wa.exe |
"UDP Query User{FB4DC75A-A07D-4A67-9E19-F0B03197828F}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{FBB93E2A-1790-41B1-BCF6-EC54689A8D0D}C:\users\blub\desktop\neuer ordner\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\valve\hl.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02412CEB-47C0-4157-80DE-6E96AAE67604}" = MySQL Server 5.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07C903D3-2996-4683-9B49-7839207148CA}" = NGists G15/TeamSpeak Display
"{08CFF9D1-BD86-4CA3-BC4A-AC51EF7640A4}" = X-Fi Forte 7.1
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{38281E4F-B7AF-42C6-B7F9-8C9DC0024A16}" = MorphVOX Pro
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.14p, 2010.04.20
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB9EA451-351D-4EDC-B23E-BFECFCEC0E0F}" = Sven XXX - XS
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (murb.com Edition) 2.2
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"Avira Unerase Personal" = Avira Unerase Personal
"Battle.net" = Battle.net
"ColorPic" = ColorPic
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Media Codec" = DivX Media Codec 4.2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EADM" = EA Download Manager
"EPSON Stylus C110_D120 Benutzerhandbuch" = EPSON Stylus C110_D120 Handbuch
"FLV Player" = FLV Player 2.0, build 23
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"Garena" = Garena
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.1.5
"HD Tune Pro_is1" = HD Tune Pro 4.60
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Basic 6.0 Ablaufmodell Edition (deu)" = Microsoft Visual Basic 6.0 Ablaufmodell Edition (Deutsch)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDF Reader 2" = PDF Reader 2
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Postal 2" = Postal 2
"Postal 2_is1" = Portal 2
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"Runic Games Torchlight" = Torchlight
"Steam App 11020" = TrackMania Nations Forever
"Steam App 13140" = America's Army 3
"Steam App 17470" = Dead Space
"Steam App 19900" = Far Cry 2
"Steam App 205" = Source Dedicated Server
"Steam App 22380" = Fallout: New Vegas
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 3302" = Bejeweled 2 Deluxe Demo
"Steam App 3312" = Chuzzle Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 3562" = Bejeweled Twist Demo
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 45700" = Devil May Cry 4
"Steam App 46750" = Dark Fall: Lost Souls
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6200" = Ghost Master
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SWiSH Max2" = SWiSH Max2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmUnitedForever_is1" = TmUnitedForever StarEdition
"Tunngle beta_is1" = Tunngle beta
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Videoload Manager" = Videoload Manager 1.0.1545
"VideoMach 4.0.2" = VideoMach 4.0.2
"VLC media player" = VLC media player 1.1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2011 16:41:38 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Crysis2.exe, Version 1.0.0.5858 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 13c8  Anfangszeit: 01cbee4d5015ecd2  Zeitpunkt der Beendigung:
 163
 
Error - 29.03.2011 16:46:10 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: c04  Anfangszeit: 01cbee1ee5e84f22  Zeitpunkt
 der Beendigung: 22
 
Error - 03.04.2011 16:59:35 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f74  Anfangszeit: 01cbf21ac8a25a64  Zeitpunkt der Beendigung:
 2392
 
Error - 07.04.2011 12:02:12 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 900  Anfangszeit: 01cbf53c118e3a87  Zeitpunkt der Beendigung:
 67
 
Error - 15.04.2011 12:17:10 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.968.628 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 2e0  Anfangszeit: 01cbfb872b399c6d  Zeitpunkt der Beendigung:
 64
 
Error - 17.04.2011 12:48:55 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm LeagueofLegends.exe, Version 0.0.0.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 12e0  Anfangszeit: 01cbfd1e1b632640  Zeitpunkt
 der Beendigung: 7
 
Error - 17.04.2011 16:27:16 | Computer Name = x | Source = System Restore | ID = 8193
Description =
 
Error - 21.04.2011 10:27:14 | Computer Name = x | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung portal2.exe, Version 0.0.0.0, Zeitstempel 0x4d4c804d,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x1480, Anwendungsstartzeit 01cc00300e0b8d10.
 
Error - 21.04.2011 10:27:21 | Computer Name = x | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung portal2.exe, Version 0.0.0.0, Zeitstempel 0x4d4c804d,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x6f725056,  Prozess-ID 0x1480, Anwendungsstartzeit 01cc00300e0b8d10.
 
Error - 21.04.2011 12:23:11 | Computer Name = x | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
[ NetLimiter 3 Events ]
Error - 17.04.2011 01:38:50 | Computer Name = x| Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 18.04.2011 11:36:31 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 19.04.2011 10:00:30 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 20.04.2011 09:20:57 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 10:52:08 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 11:16:04 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 11:26:42 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 11:49:19 | Computer Name =x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 12:29:38 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 21.04.2011 12:40:09 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
[ System Events ]
Error - 21.04.2011 12:29:49 | Computer Name = x | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = DCOM | ID = 10005
Description =
 
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.04.2011 12:34:59 | Computer Name = x | Source = Service Control Manager | ID = 7022
Description =
 
Error - 21.04.2011 12:39:54 | Computer Name =x | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.04.2011 um 18:37:26 unerwartet heruntergefahren.
 
Error - 21.04.2011 12:39:59 | Computer Name = x| Source = HTTP | ID = 15016
Description =
 
Error - 21.04.2011 12:41:45 | Computer Name = x | Source = Service Control Manager | ID = 7022
Description =
 
Error - 21.04.2011 12:41:46 | Computer Name = x | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.04.2011 21:00:52 | Computer Name = x | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
 
< End of report >
--- --- ---

markusg 22.04.2011 12:10
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Dbedejimijigok] C:\Users\Blub\AppData\Local\pshqlF.dll (Acronis)
:Files
C:\Users\Blub\AppData\Local\pshqlF.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
das archiv nach anleitung hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

helpblub 22.04.2011 12:36
so hier schon mal das
PHP-Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dbedejimijigok deleted successfully.
C:\Users\Blub\AppData\Local\pshqlF.dll moved successfully.
========== FILES ==========
File\Folder C:\Users\Blub\AppData\Local\pshqlF.dll not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
UserAll Users
 
UserBlub
->Flash cache emptied247923 bytes
 
Userdas ziehen!
 
User: Default
->Flash cache emptied41085 bytes
 
User: Default User
->Flash cache emptied0 bytes
 
User: Public
 
UserSierra
 
Total Flash Files Cleaned 0,00 mb
 
 
[EMPTYTEMP]
 
UserAll Users
 
UserBlub
->Temp folder emptied3539088004 bytes
->Temporary Internet Files folder emptied73315084 bytes
->Java cache emptied10299 bytes
->FireFox cache emptied162162705 bytes
->Google Chrome cache emptied6271770 bytes
->Flash cache emptied0 bytes
 
Userdas ziehen!
 
User: Default
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied33170 bytes
->Flash cache emptied0 bytes
 
User: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
->Flash cache emptied0 bytes
 
User: Public
 
UserSierra
 
%systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed401408 bytes
%systemroot%\System32 .tmp files removed0 bytes
%systemroot%\System32 (64bit) .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied1268233505 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied33170 bytes
RecycleBin emptied0 bytes
 
Total Files Cleaned 4.816,00 mb
 
 
OTL by OldTimer Version 3.2.22.3 log created on 04222011_130935

Files\Folders moved on Reboot...
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QD9EXZ4J\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYXAXUO8\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D55KAQ8V\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RY93GLB\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failedC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot... 
und ich bin mir bei dem unhide nich ganz sicher hab das gestartet und da steht zwar "Please be patient while your files ar made visible again.
Porcessing C:\" aber irgendwie sieht es so aus als würd sich garnix tun passt das?

markusg 22.04.2011 12:44
das dauert immer ne weile.
und das nächste mal bitte nicht in php code posten.
falls unhide nach 20 min immernoch nicht fertig ist, brich mal ab und starte erneut, mit rechtsklick und als admin

helpblub 22.04.2011 12:57
Achso sry dann noch mal so
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dbedejimijigok deleted successfully.
C:\Users\Blub\AppData\Local\pshqlF.dll moved successfully.
========== FILES ==========
File\Folder C:\Users\Blub\AppData\Local\pshqlF.dll not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Blub
->Flash cache emptied: 247923 bytes

User: das ziehen!

User: Default
->Flash cache emptied: 41085 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Sierra

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Blub
->Temp folder emptied: 3539088004 bytes
->Temporary Internet Files folder emptied: 73315084 bytes
->Java cache emptied: 10299 bytes
->FireFox cache emptied: 162162705 bytes
->Google Chrome cache emptied: 6271770 bytes
->Flash cache emptied: 0 bytes

User: das ziehen!

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sierra

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1268233505 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.816,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_130935

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QD9EXZ4J\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYXAXUO8\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D55KAQ8V\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RY93GLB\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

unhide is jetzt fertig und hab die datei hochgeladen

markusg 22.04.2011 13:46
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

helpblub 22.04.2011 16:03
So

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6417

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 16:49:05
mbam-log-2011-04-22 (16-49-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Durchsuchte Objekte: 571921
Laufzeit: 1 Stunde(n), 55 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+nfdhfngXdaCxl (Trojan.Downloader.Gen) -> Value: uPc+nfdhfngXdaCxl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ojifoxisigih (Trojan.Agent.U) -> Value: Ojifoxisigih -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dbedejimijigok (Trojan.Agent.U) -> Value: Dbedejimijigok -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\video add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 22.04.2011 16:04
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

helpblub 22.04.2011 16:40
hm da scheint irgendwas schief gegangen zu sein und zwar habe ich die meldung bekommen "kann syntaktisch an dieser Stelle nicht verarbeitet werden", ich versuchs jetzt nochmal

helpblub 22.04.2011 16:45
hm ok wieder das gleiche die genaue Meldung ist: " "\STARtools\StartoolsUP\" ECHO. "C:\Program" kann syntaktisch an dieser Stelle nicht verarbeitet werden."

markusg 22.04.2011 16:48
ok folgendes:
sp2:
Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone für x64-Systeme (KB948465)
internet explorer 9:
Internet Explorer - Microsoft Windows
windows update:
Microsoft Windows Update
hier instalierst du so lange updates, bis es keine neuen mehr gibt.
windows updates automatisch laden/instalieren:
Aktivieren oder Deaktivieren von automatischen Updates
damit dein system ab sofort immer aktuell bleibt.


wenn du so weit bist, sag bescheid

helpblub 22.04.2011 16:54
Ok wird wohl erstmal nen bissel dauern hab nich die schnellste Leitung

markusg 22.04.2011 16:57
jo, wenn man die regelmäßig macht, also jeden monat, braucht man keine schnelle leitung dann sinds meist nur ein paar mb. das sollte eig immer drinn sein, zumal man damit die gefahr von infektionen verringert

helpblub 22.04.2011 19:45
so bin dann wieder soweit

markusg 22.04.2011 19:47
1. berichten wie der pc läuft
2.
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

helpblub 22.04.2011 20:04
1. hm grad würde ich sagen der rechner läuft normal wie immer, allerdings hat er das ja vorher auch schon bis auf das ständig eben noch die viren meldung kam, die "festplatte kaputt" meldungen waren ja bereits nach eim ad aware durchlauf behoben.
2:
7-Zip 4.57 08.12.2007 2,86MB notwenig
7-Zip 9.10 (x64 edition) Igor Pavlov 09.10.2010 9.10.00.0 notwendig
Acrobat.com Adobe Systems Incorporated 20.06.2009 1.1.377 notwendig
Ad-Aware Lavasoft 21.04.2011 notwendig
Adobe AIR Adobe Systems Inc. 14.09.2009 1.5.2.8870 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.22.87 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.1.85.3 notwendig
Adobe Reader 9 Adobe Systems Incorporated 20.06.2009 9.0.0 notwendig
AGEIA PhysX v2.4.4 unbekannt
America's Army 3 U.S. Army unnötig
Amnesia: The Dark Descent notwendig
Apple Application Support Apple Inc. 14.11.2010 1.4.0 notwendig
Apple Mobile Device Support Apple Inc. 14.11.2010 3.3.0.69 notwendig
Apple Software Update Apple Inc. 08.12.2009 2.1.1.116 notwendig
Audacity 1.2.6 unnötig
Avira AntiVir Personal - Free Antivirus Avira GmbH notwendig
Avira Unerase Personal notwendig
Battle.net notwendig
Bejeweled 2 Deluxe Demo PopCap unnötig
Bejeweled Twist Demo PopCap unnötig
BioShock 2K Games 28.11.2009 2.62.0000 notwendig
BioShock 2 2K Games 08.03.2010 1.00.0000 notwendig
Bonjour Apple Inc. 14.11.2010 2.0.4.0 notwendig
Bulletstorm EA 09.03.2011 1.0.0000.130 notwendig
CCleaner Piriform 21.04.2011 6,97MB 3.05 notwendig
Chuzzle Deluxe Demo PopCap unnötig
CodeBlocks The Code::Blocks Team 21.09.2009 105,2MB 8.02 notwendig
ColorPic Iconico 4.1 unbekannt
CPUID CPU-Z 1.56 10.11.2010 3,48MB notwendig
Creative ALchemy for X-Fi (Shared Components) Creative Labs 2.80.12 notwendig
Creative MediaSource 5 Creative Technology Limited 5.00 notwendig
Crysis(R) Electronic Arts 23.03.2008 1.20.0000 notwendig
Crysis® 2 Electronic Arts 26.03.2011 1.0.0.0 notwendig
DAEMON Tools Lite DT Soft Ltd 4.40.2.0131 notwendig
DAEMON Tools Toolbar DT Soft Ltd 1.1.4.0024 notwendig
Dark Fall: Lost Souls unnötig
Dead Space EA Redwood Shores notwendig
Dead Space™ 2 Electronic Arts 01.03.2011 1.0.941.0 notwendig
Devil May Cry 4 Capcom notwendig
DivX Converter DivX, Inc. 7.0.0 notwendig
DivX Media Codec 4.2.1 4.2.1 notwendig
DivX Player DivX, Inc. 7.0.0 notwendig
DivX Plus DirectShow Filters DivX, Inc. notwendig
DivX-Setup DivX, Inc. 1.0.2.23 notwendig
Dolby Digital Live Pack Creative Technology Limited 3.00 notwendig
Dragon Age II Electronic Arts, Inc. 1.00 notwendig
DTS Connect Pack Creative Technology Limited 1.00 unbekannt
DyynoPlayer 0.8.6f.2 Dyyno 0.8.6f.2 notwendig
EA Download Manager Electronic Arts, Inc. 7.1.3.3 notwendig
EPSON Attach To Email SEIKO EPSON 16.09.2008 1.01.0000 notwendig
EPSON Easy Photo Print SEIKO EPSON CORPORATION 1.5.0.0 notwendig
EPSON File Manager 1.3.0.0 notwendig
EPSON Scan Assistant 1.10.00 notwendig
EPSON Stylus C110_D120 Handbuch notwendig
EPSON-Drucker-Software SEIKO EPSON Corporation 15.09.2008 notwendig
Fallout: New Vegas Bethesda Softworks notwendig
Far Cry 2 Ubisoft notwendig
FLV Player 2.0, build 23 Martijn de Visser 2.0, build 23 notwendig
Fraps (remove only) unnötig
Free M4a to MP3 Converter 6.1 ManiacTools.com notwendig
G15_TeamSpeak (NSIS) unnötig
Garena Garena Interactive Pte Ltd. 3.2 notwendig
Ghost Master Empire Interactive unnötig
Google Chrome Google Inc. 23.07.2009 10.0.648.204 unnötig
Google Earth Google 29.09.2010 5.2.1.1588 unnötig
Google Updater Google Inc. 2.4.1536.6592 unnötig
Half-Life 2: Deathmatch Valve unnötig
Half-Life(R) 2 Valve 08.12.2007 1.0.0.0 unnötig
Hamachi 1.0.1.5 notwendig
HD Tune Pro 4.60 EFD Software 11.11.2010 unbekannt
Hellgate: London Flagship Studios 21.02.2010 1.10.180.3416 unnötig
ICQ7 ICQ 02.03.2010 7.0 notwendig
iTunes Apple Inc. 14.11.2010 10.1.0.54 notwendig
Java(TM) 6 Update 17 Sun Microsystems, Inc. 18.09.2009 6.0.170 notwendig
Java(TM) 6 Update 3 Sun Microsystems, Inc. 31.01.2008 1.6.0.30 notwendig
Java(TM) 6 Update 5 Sun Microsystems, Inc. 15.03.2008 1.6.0.50 notwendig
Java-Editor 9.14p, 2010.04.20 Gerhard Röhner 24.06.2010 notwendig
kikin plugin (murb.com Edition) 2.2 kikin 2.2 unbekannt
LastChaosGER T - Entertainment CO., LTD. 19.06.2010 1.00.000 unnötig
League of Legends Riot Games 17.04.2011 1.02.0000 notwendig
Left 4 Dead Valve notwendig
Left 4 Dead 2 Valve notwendig
Logitech GamePanel Software 2.00 Logitech 17.07.2008 2.00.171 notwendig
LPS 2009v 3.0 USB VVR 18.09.2009 LPS 2009v 3.0 USB notwendig
Malwarebytes' Anti-Malware Malwarebytes Corporation 22.04.2011 notwendig
Microsoft .NET Framework 1.1 09.10.2010
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.08.2009 42,1MB notwendig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 03.04.2009 32,4MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 189,3MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 46,5MB 4.0.30319 notwendig
Microsoft Games for Windows - LIVE Microsoft Corporation 17.11.2010 3.4.54.0 notwendig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 17.11.2010 3.4.18.0 notwendig
Microsoft Office Access 2003 Runtime Microsoft Corporation 14.04.2011 11.0.8173.0 notwendig
Microsoft Silverlight Microsoft Corporation 22.04.2011 4.0.60310.0 unnötig
Microsoft SQL Server 2008 Management Objects Microsoft Corporation 09.05.2010 10.0.1600.22 notwendig
Microsoft Visual Basic 6.0 Ablaufmodell Edition (Deutsch) notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 30.07.2009 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.03.2010 8.0.59193 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 08.12.2007 8.0.56336 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 14.04.2011 8.0.51011 notwendig
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 14.04.2011 8.0.51011 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 22.04.2011 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU Microsoft Corporation 09.05.2010
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.04.2011 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 14.11.2009 9.0.30411 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 26.03.2011 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.11.2009 9.0.30729.4148 notwendig
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Microsoft Corporation 08.05.2010 12,1MB notwendig
Microsoft Web Publishing Wizard 1.53 notwendig
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Corporation 09.05.2010 6.1.5288.17011 notwendig
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Corporation 09.05.2010 3.5.30729 notwendig
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Microsoft Corporation 09.05.2010 6.1.5295.17011 notwendig
mIRC mIRC Co. Ltd. 6.35 notwendig
MorphVOX Pro Screaming Bee 28.12.2007 3.4.15 unnötig
Mozilla Firefox (3.6.16) Mozilla 3.6.16 (de) notwendig
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 10.02.2008 4.20.9848.0 unbekannt
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 10.02.2008 4.20.9849.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2008 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 4.20.9876.0 unbekannt
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 09.02.2008 4.20.9818.0 unbekannt
Mumble and Murmur Mumble 1.2.2 unnötig
MySQL Server 5.1 MySQL AB 09.05.2010 5.1.46 unnötig
NetLimiter 3 Locktime Software s.r.o. 30.07.2010 3.0.0.9 unnötig
NGists G15/TeamSpeak Display Prabang Ltd 06.08.2008 1.1.0.2 unnötig
Notepad++ 5.8.5 notwendig
NVIDIA Drivers NVIDIA Corporation 22.07.2009 3.276MB 1.4 notwendig
NVIDIA PhysX NVIDIA Corporation 09.03.2011 9.10.0224 notwendig
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 7.15.11.9038 notwendig
Octoshape Streaming Services 04.06.2010 0,74MB notwendig
OpenAL notwendig
OpenOffice.org 3.1 OpenOffice.org 18.09.2009 3.1.9420 notwendig
Pando Media Booster Pando Networks Inc. 2.3.5.6 unbekannt
PC Inspector File Recovery 4.0 notwendig
PC Inspector smart recovery 4.50 notwendig
PDF Reader 2 notwendig
Peggle Extreme PopCap notwendig
Peggle Nights Deluxe notwendig
Peggle Nights Deluxe 1.0.3.5802 PopCap Games 1.0.3.5802 notwendig
Portal Valve notwendig
Portal 2 21.04.2011 notwendig
Postal 2 notwendig
PremiumSoft Navicat 8.0 for MySQL PremiumSoft CyberTech Ltd. 22.12.2007 unnötig
PremiumSoft Navicat Lite 9.0 PremiumSoft CyberTech Ltd. 09.05.2010 unnötig
Prism Video Converter NCH Software notwendig
PunkBuster Services Even Balance, Inc. 0.986 unbekannt
QuickTime Apple Inc. 14.11.2010 7.68.75.0 notwendig
Razer Lachesis Razer USA Ltd. 09.12.2007 1.00.0000 notwendig
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek 18.04.2008 1.00.0000 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.12.2007 6.0.1.5449 notwendig
RPG Maker 2000 1.05 notwendig
RPG Maker 2003 v1.08 Enterbrain, Inc. notwendig
RTP 1.32 Add-On for RM2k unbekannt
SiSoftware Sandra Lite XII.SP1 SiSoftware 20.01.2008 30,2MB 13.12.2008.1 unbekannt
Skype Toolbars Skype Technologies S.A. 17.04.2011 5.3.7280 notwendig
Skype™ 5.3 Skype Technologies S.A. 17.04.2011 5.3.108 notwendig
Source Dedicated Server Valve notwendig
SQL Server System CLR Types Microsoft Corporation 09.05.2010 10.0.1600.22 notwendig
Steam(TM) Valve 08.12.2007 1.0.0.0 notwendig
SUPER © Version 2010.bld.38 (May 2, 2010) eRightSoft Version 2010.bld.38 (May 2, 2010) unbekannt
Sven XXX - XS unnötig
SWiSH Max2 unnötig
TeamSpeak 3 Client TeamSpeak Systems GmbH notwendig
TeamViewer 5 TeamViewer GmbH 5.0.7904 notwendig
TmUnitedForever StarEdition Nadeo 25.12.2009 notwendig
Torchlight 1.0.67.91 unnötig
Torchlight Runic Games, Inc unnötig
TortoiseSVN 1.6.8.19260 (64 bit) TortoiseSVN 09.05.2010 1.6.19260 unbekannt
TrackMania Nations Forever Nadeo notwendig
Tunngle beta Tunngle.net GmbH 21.04.2011 unnötig
Ventrilo Client Flagship Industries, Inc. 25.04.2010 3.0.5 notwendig
Videoload Manager 1.0.1545 T-Online 1.0.1545 notwendig
VideoMach 4.0.2 notwendig
VLC media player 1.1.7 VideoLAN 1.1.7 notwendig
Windows Live Essentials Microsoft Corporation 04.03.2009 14.0.8064.0206 notwendig
Windows Live ID Sign-in Assistant Microsoft Corporation 17.11.2010 6.500.3165.0 notwendig
Windows Live-Uploadtool Microsoft Corporation 04.03.2009 14.0.8014.1029 notwendig
Windows Media Player Firefox Plugin Microsoft Corp 20.01.2008 1.0.0.8 notwendig
WinRAR notwendig
World of Warcraft Blizzard Entertainment 4.0.6.13623 notwendig
World of Warcraft Beta Blizzard Entertainment 4.0.0.12635 notwendig
World of Warcraft Public Test Blizzard Entertainment 0.0.0.0 notwendig
X-Fi Forte 7.1 1.0 notwendig
Xfire (remove only) unnötig
µTorrent 15.01.2008 0,21MB 1.7.6 notwendig

markusg 22.04.2011 20:17
deinstaliere
7-Zip 4.57 Adobe Reader 9.4.2

macht ja kein sinn das 2mal zu haben

adobe reader
neue version:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
America's
Audacity
Bejeweled
Bonjour
Chuzzle
ColorPic
DAEMON Tools Toolbar sicherheitsrisiko, weg
Dark Fall:
Fraps
G15_TeamSpeak
Ghost Master Empire
Google alle 3
Half-Life beide
HD Tune
Hellgate:
Java(TM) 6 alle.
Java SE Downloads
klicke download jre

kikin
LastChaosGER
Microsoft Silverlight
MorphVOX
Mozilla Firefox öffnen hilfe update, version 4

Mumble
MySQL
NetLimiter
NGists
PremiumSoft beide
SiSoftware
Skype Toolbars sicherheitsrisiko, weg
SUPER ©
Sven
SWiSH
Torchlight
Tunngle
Xfire
bereinige mit dem ccleaner.

helpblub 22.04.2011 21:36
so wäre damit nun durch

markusg 26.04.2011 19:44
wie läuft das system

helpblub 26.04.2011 19:48
Soweit ganz ok hab nix bemerkt, was mach ich denn jetzt mit dem ordner wo das teil drin is, soll ich den löschen?

markusg 26.04.2011 20:01
öffne otl klicke bereinigen.
was heißt soweit. läuft nun alles oder nicht

helpblub 26.04.2011 20:12
Kommt mir manchmal nen bissel langsamer vor als sonst

markusg 26.04.2011 20:13
was genau ist langsamer?

helpblub 26.04.2011 21:54
der rechner halt allgemein so programme öffnen ect

markusg 27.04.2011 11:39
start ausführen msconfig
enter
systemstart
überall haken raus außer
avgnt (avira)
ok, neustarten, verbesserung?

helpblub 27.04.2011 23:16
hm ne das hat irgendwie garnix gebracht

markusg 28.04.2011 11:37
poste mir doch mal neue otl logs.

helpblub 30.04.2011 00:00
mit was für einstellungen soll ich das denn laufen lassen?

markusg 30.04.2011 09:33
mit den selben wie beim ersten mal


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132