| |
| |||||||
Log-Analyse und Auswertung: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.06.2012, 15:18
| #1 |
 |  Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Hallo Ihr Lieben, Das hier ist mein erster Forum Post also entschuldige ich mich hier schonmal für alle Rechtschreibfehler und andere Fehler. Ich nutze Windows 7 Ultimate 64 bit Service pack 1 Ich habe große Probleme mit meinem Computer. vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben. Nach dem doppelklick verschwand die datei und bei jedem Start von windows sah man kurz die eingabeaufforderung mit der Überschrift : amd accelerated video transcoding device initialisation habe das dann über den catalyst deinstalliert hat aber nichts gebracht. Ich kann mit sicherheit sagen das ich einen Redirector habe und bestimmt noch mehr... Benutze Opera und von google aus redirected der mich immer wenn der pc hochfährt ist Microsoft Security Essentials nicht geöffnet... wenn ich im task manager bei prozesse rundll 32 hostprotzess beende lässt sich Microsoft Security Essentials starten ansonsten schliesst es sich sofort wieder. Zusätzlich kann ich in mein Lieblings Onlinerollenspiel Eden Eternal nicht mehr connecten. Vor ein Paar monaten hatte ich schonmal einen redirector den ich aber erfolgreich mit TDSS Killer gekillt habe. Ich habe Malwarebytes anti malware mehrmals durchlaufen lassen das findet nichts mehr. Nur SUPERAntiSpyware findet nach jedem neustart erneut Adware Tracking cookie. Ich habe auch verschiedene Online Scans durchlaufen lassen Ich habe schonmal ein paar logfiles vorbereitet ich hoffe ich poste die hier richtig. Jetzt kommts Malwarebytes anti Malware Quarantäne: hxxp://www10.pic-upload.de/21.06.12/wjpsm322i9ap.png OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2012 22:01:59 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Fab\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free 11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free Paging file location(s): c:\pagefile.sys 8096 8099 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS Computer Name: FAB | User Name: Fab | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\GUILD WARS\Gw.exe (ArenaNet) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE () ========== Modules (No Company Name) ========== MOD - C:\Users\Fab\AppData\Local\Temp\GwA6494.tmp () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (COM Service) -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys () DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (Tosrfhid) -- C:\Windows\SysWOW64\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbd) -- C:\Windows\SysWOW64\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\SysWOW64\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\SysWOW64\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\SysWOW64\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\SysWOW64\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\Windows\SysWOW64\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\SysWOW64\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4 FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M] [2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions [2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions [2012.04.27 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\ CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\ CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.19 22:00:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe [2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe [2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe [2012.06.18 23:05:55 | 000,171,176 | ---- | C] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll [2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad [2012.06.14 17:45:30 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.14 17:45:30 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.14 17:45:09 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.14 17:45:09 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.14 17:43:29 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe [2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41 [2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package [2012.05.22 00:14:58 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Local\Aeria Games [2012.05.22 00:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games [2012.05.22 00:10:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2012.05.22 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.19 22:06:12 | 000,026,786 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat [2012.06.19 22:06:12 | 000,005,598 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new [2012.06.19 22:06:12 | 000,004,382 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat [2012.06.19 22:01:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe [2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat [2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe [2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job [2012.06.19 14:36:50 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.06.19 14:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.19 14:36:01 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 06:19:47 | 002,109,032 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip [2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll [2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini [2012.06.18 22:42:30 | 000,171,176 | ---- | M] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll [2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip [2012.06.18 22:04:17 | 000,850,383 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip [2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url [2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url [2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk [2012.06.14 17:44:44 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.14 17:44:44 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.14 17:44:44 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.14 17:44:43 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.14 17:44:43 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.14 17:43:38 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe [2012.06.14 17:32:20 | 001,624,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.14 17:32:20 | 000,709,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 17:32:20 | 000,662,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 17:32:20 | 000,153,626 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 17:32:20 | 000,125,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 17:32:06 | 001,624,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 01:27:30 | 007,214,239 | ---- | M] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar [2012.06.13 03:00:37 | 000,000,612 | ---- | M] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk [2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk [2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk [2012.06.13 01:24:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.13 01:24:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe [2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2012.05.29 10:47:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat [2012.06.19 14:36:53 | 000,026,786 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat [2012.06.19 14:36:53 | 000,005,598 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new [2012.06.19 14:36:53 | 000,004,382 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat [2012.06.19 06:19:42 | 002,109,032 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip [2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job [2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll [2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat [2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini [2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip [2012.06.18 22:04:14 | 000,850,383 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip [2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url [2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url [2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk [2012.06.14 01:27:28 | 007,214,239 | ---- | C] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar [2012.06.13 03:00:37 | 000,000,612 | ---- | C] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk [2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk [2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk [2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe [2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg [2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini [2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini [2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini [2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini [2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif [2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start [2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd [2011.03.29 22:37:47 | 001,624,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe [2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe [2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll [2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll [2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll [2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll [2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll [2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll [2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll [2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll [2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll [2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll [2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll [2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll [2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll [2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll [2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll [2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL [2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL [2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll [2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll [2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll [2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll [2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll [2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll [2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe [2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat [2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat [2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe [2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt [2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment [2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes [2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0 [2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0 [2011.04.09 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite [2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid [2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft [2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs [2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo [2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9 [2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ [2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON [2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World [2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org [2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera [2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0 [2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP [2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA [2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production [2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer [2012.01.28 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client [2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011 [2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X [2012.05.19 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent [2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd [2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj [2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job [2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras Log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.06.2012 22:01:59 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Fab\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free
Paging file location(s): c:\pagefile.sys 8096 8099 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS
Computer Name: FAB | User Name: Fab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08EF41B0-CAB2-470A-BE02-58C62994F8B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C03FC63-0AE1-4FAE-8B81-B033A73F7447}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11F7058B-800D-4970-BFFA-D9F2751EE613}" = lport=139 | protocol=6 | dir=in | app=system |
"{178588F0-1F8A-42B4-B530-56DCB7D4DB6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A6427FB-ADAB-4E9C-A376-6BEC986C5471}" = lport=137 | protocol=17 | dir=in | app=system |
"{266A12B9-1295-4127-97FD-5E9F018B181A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26DE9AA3-E51D-4051-B540-B90F870ED3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{581D7069-049E-4F1D-8D60-2A60EBA251A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6585C237-A68E-41E1-803D-F08C0B0C7BAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{690B3DB0-23FC-4355-A09C-828065EFD61A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{741F91D2-7ABC-41C5-8EEB-D62C2DDE513A}" = rport=139 | protocol=6 | dir=out | app=system |
"{98D1F993-70B2-4699-B120-0DC1E49B31C2}" = lport=3389 | protocol=6 | dir=in | app=system |
"{A23EC258-F84B-4401-885C-97668D10EE82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5C51AC0-E014-44BB-87A6-D51D1404C544}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD6027F0-DB44-4EA6-8898-418E6B8D1DCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADBC0A2E-2EE9-43BF-A4D0-52D9AC8EAFB5}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADCC6908-15FF-450B-83D5-B32C1E7EB813}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C959795E-BC98-40DD-81D0-719775323F43}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9A11643-2764-4CFF-9701-AC4540B04984}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD9042B4-AC28-4145-8957-A0DDF32D9AE1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{CD9D8EE6-65EA-4564-8D0A-FBE30B8535CA}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface |
"{D623C146-4ECE-400C-9C21-113D52E4E56B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8922840-E9CF-4867-B6E2-53B52091C955}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E14974BC-2AE1-4AE2-9DC7-8B5B26E37EB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E4E4443E-65A3-4C4C-83FD-1B551A8F324F}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6D05149-14A8-4164-BF50-27753EC84CFE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EC0D9165-2E7D-4A06-9A34-EEA1249BC416}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{ECE92AFE-B286-47AA-B5FC-382536AECA50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EED8BC73-0341-42F9-9DFC-D34DAFF9B84D}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |
"{F03203A7-463C-477A-BCD9-4B207C8AA7E4}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0C8BA13-109F-4CEC-AD5F-0B94ED493C3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC383E-E754-43D0-8325-9257E063AF59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{09F746B0-87D8-4B32-A609-7DD7179DB6A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11FBC199-A243-40C7-843B-D2C1399DBFA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{125091D0-AA6A-4CE7-9368-E8A70077A5CC}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{1379ED50-F62F-431B-BB64-B00F9582B5C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{13A8BD29-D37A-4334-B23B-144BA174AC96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{14D815F2-FE8C-4947-BEFA-D237674DDD60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{176BCD48-06F9-4EBF-A556-A4F6743683FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17ACC1BA-DBA5-42EB-8FB4-8501F680B2C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1DECC78F-4579-4B6A-B4CA-4A4102B1F4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1F51B874-C061-43DA-ADDD-6FC81646A7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8A2EDB-AD4C-48E9-8FD6-95C9C5F912BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{22EE52EF-C2AA-4871-A14A-3EDD6822FF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{2DEC0B17-E82E-4C3A-9393-55F50D587EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{2EA01679-A5BB-43C6-A9A9-3FC5E00BF97F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{38306820-5691-4862-9C06-11BA08ED269D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{385BB579-8E89-4188-8B8F-488E3B0B42D8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40F25EA6-B2D1-4244-A1B2-FDA9C51F524C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{416DFF77-5D8F-4EB0-B117-7254F21F1768}" = protocol=6 | dir=out | app=system |
"{4377EDCB-EFD6-4F68-AF14-79DEB1B093E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4764E023-B81C-4ED3-8A74-25FE49CA366B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49682710-7B59-4970-B69A-0AD196DA637B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C227F96-4237-4069-BA5C-61824F85D807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C566F24-1F77-4F7E-9B2A-A09A6E1BBDD6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{4C7A56C3-B0B0-466E-911A-06EF46342BCA}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{4D37F240-74AF-4B2F-9FEC-8E306C7A655E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{4F61D0E1-7C66-4E00-A4AE-FD8245997048}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{563DE42C-FA31-4CAA-83E6-8440CD98FFD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3986C7-A275-49DE-9BD8-3A9CC5A6B7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{5F3DFFA2-1F95-471B-BB95-16212902DDFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64CE7BC5-53A8-4C35-A7D3-118C58CD5286}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68D012D4-EC77-4722-B628-F96C7CEFA910}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{6B774879-3A14-44F2-A16B-88B9A340E1E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CB74588-476F-40E4-936D-53B2AB371457}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6E1202A1-8315-4788-9BB6-035C206EE951}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{75198A66-70C1-4128-BA36-5E9E007D668C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{75D02F41-5F26-4D97-9C55-40A83B1566CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7ADB45AD-022B-474B-8129-12D5522E5EA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{7D52E935-95CE-4A8D-98B6-7BF9F493AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe |
"{7F8B91C0-CA76-46E4-A1EE-2FED8CB2BE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FC2A7B1-7646-4F6D-BE1B-0742B3B64DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe |
"{7FEED177-8664-4D08-BFC3-AFC571021C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{84CF5879-B40B-47FB-96B5-F78462163A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{873D9CDE-CCC0-4D36-BD12-FAD47F6B533E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88142BA3-7B75-4CBB-8B8D-0EB93E1585E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E9C6E54-0DC7-4AA5-828C-A0071C05934A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{90A79170-E002-4EE6-95A5-F1BB8FC2BBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe |
"{94434C26-1448-4B8A-8044-B593957808A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{953D439F-765F-494E-A2B5-FBBD285B82CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{9AC8D63F-49FD-4B8B-881B-AD71479312E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9F2CBEA9-F6E0-4004-955F-247903196534}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5DBD9DE-F67B-4EC9-A570-8B614D30F988}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A9CC0F2A-5545-48D3-A1DA-6BFDC2DF7A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{AF62CEBA-2114-4959-B847-B3A225AD8EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{AF92B122-BC71-4CB2-A1EC-48C2486A3D27}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AFC9D55A-F513-46B4-A00C-F7D1CBB7BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B0AEAE3F-0F78-4BF4-94DD-15296BCA2A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{B4E06326-5D8D-4D3D-B8FA-8DFA1CC4B64B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9FD189F-C4AB-4E31-919B-E3CB9AA5EF8A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{BA1E0A5D-9A38-4F27-8734-58CBB7223921}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{C79F3D64-D5ED-415E-8CAC-35A7C5057251}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CB5F2B29-43AA-4FE2-8146-50EA06ED5F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{CC86ECB0-DC4B-4350-967F-8A1B69B445BA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CD732F82-EA33-42BA-958D-CC3BA86559DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1B75B1C-DB22-4A24-912A-D352BA54D669}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{D7862D59-C2BF-42E1-89EC-4B2B7920DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{D8228A9D-5651-4515-A4E1-18D585B6C5AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D8909193-565D-418F-B443-4E6E530D72DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E1713D19-A052-4DDF-B509-01D90FC85B39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E190C9C8-AA75-4B8C-8E19-54FF669CA775}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E4B72983-D2B5-4561-B9CF-76366D5998F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5CF9753-F3E6-4B36-A167-A9E352B953FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{E7D8D36F-F577-4413-B8D7-C09F30187A68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EA78ED9E-7028-4749-9F8F-154475A4A8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{ED96ADED-92DF-4C35-8BA2-93041AC7E730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{EDF229CB-26F4-402B-A241-11AC4BD39994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F733AF3C-2149-42A2-BEF4-A536999C66AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9BEC370-8756-4966-B98B-1B6DD8863FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{FC80EB70-127E-4964-868B-550095424FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"TCP Query User{02EC41FD-6434-4D47-9251-3574A2D8AC10}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe |
"TCP Query User{180F4CDE-D0E6-4FE6-A744-12A97C0DDB82}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe |
"TCP Query User{186D5C6B-08CA-40F4-B3C6-DFB6355886F9}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe |
"TCP Query User{19FA06A6-7EA0-4BF5-9A94-033E8A10BDFC}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{254F1699-BDD7-4122-BBEF-2E6EB28CCE15}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe |
"TCP Query User{265C4279-8513-4F61-83C4-2D428E3F9694}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe |
"TCP Query User{29F09BA2-03FE-41E3-B8F0-C8E5117966DD}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe |
"TCP Query User{360102C7-ADFE-41FA-AC1B-592B28EB6965}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe |
"TCP Query User{397E11B9-713D-4FB8-9AA7-E30CE9DAE587}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe |
"TCP Query User{4261E750-B22B-432C-A586-E1DD4BC6D4B3}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe |
"TCP Query User{4AC25604-EE34-48F9-92C5-8DB18A8FFBF6}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe |
"TCP Query User{5364CCD5-942C-45E0-AFD4-E3527413D92C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{58E1807B-2D0E-4F5F-BDEC-1638E39588F2}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{7016029C-CA4B-4717-8F5B-46E773F00E82}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{833DA657-F368-49D9-8ACD-37526A312ECB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{8CBE8C06-B119-4392-9CFD-40C5007947CF}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe |
"TCP Query User{8D6C454B-1E36-4549-98F6-E8B0F3E2CCAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{9496B09A-C614-4EAD-B854-63BB23D97453}C:\program files (x86)\remote mouse\server\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"TCP Query User{96A9022F-8DF6-447F-9A67-ECD4AA6335BE}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe |
"TCP Query User{9DFB931E-1C7B-44A3-B705-2422B384F580}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe |
"TCP Query User{AB7EDAB9-9C0E-4CE0-975C-9B2D62CCFB84}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe |
"TCP Query User{AE493C6E-835F-4B33-9A3C-E3C790017511}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe |
"TCP Query User{C8CACC9F-3DC6-49C2-8217-C25523EFA949}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"TCP Query User{CACB0CAC-74D0-4A9B-AF1F-90DA9DAF6442}C:\users\fab\desktop\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe |
"TCP Query User{DEDC8EFA-2309-4AB3-AD62-F4AE9213FD98}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E69B075C-2517-4878-9F27-CB3130FE9630}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"TCP Query User{E6FC5A01-738C-43AD-84AC-AA40793B61AD}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"TCP Query User{E92686C1-2B94-45F5-BF14-72CBC81B8D02}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe |
"TCP Query User{EC969529-1FDB-4411-BC54-950829EBE66C}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe |
"TCP Query User{EE5360FB-5A16-4363-962D-401FCC0B7CF8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F4DE1879-0BBD-47F4-83BC-1053DBF142A3}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe |
"TCP Query User{FA17EBC4-A2DA-418F-9F75-0C1C1AFD6DE8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{FB711252-9C33-454C-AA34-1E60703E5CC3}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe |
"UDP Query User{003BEF24-FF28-431B-BF90-3AF2C4EE2E4B}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe |
"UDP Query User{14058421-C4C2-4043-B4D5-A3051E3A381B}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe |
"UDP Query User{1C607A23-4F2D-471B-A6CD-BFA3063F205F}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe |
"UDP Query User{2A9A22E5-9A37-492E-9504-4A66E3817AFB}C:\program files (x86)\remote mouse\server\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"UDP Query User{304F0CBE-33AA-4FBD-8905-945767F6A003}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe |
"UDP Query User{46FC53D3-94F7-44BC-A6FB-CF2DF93B2687}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe |
"UDP Query User{47EBB217-68F8-4A6E-ADB4-F104569E08EF}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"UDP Query User{4C57B7D2-E759-46FC-A269-8366FA072B54}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe |
"UDP Query User{583D3BC1-DED6-4724-B647-01D4237DA918}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe |
"UDP Query User{5A5D7C04-C593-425F-A1CA-B7B7A8E77900}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe |
"UDP Query User{5AD7CE38-FDB9-491F-94A4-8115B9C1FA54}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe |
"UDP Query User{6D130F13-9607-4588-81A8-EE963CA79A52}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe |
"UDP Query User{73CA9FC0-97BF-4DE2-B87C-CF951C63A6B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{75E6717A-00FC-4E60-A894-E659AB4DD2F5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{7DEFCA12-A216-44B1-964C-688C60D81A0E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe |
"UDP Query User{8F01742C-B5E9-4F1F-ABEA-A9AAF657A749}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe |
"UDP Query User{90BBCE7C-65DB-4D67-8015-504CF4660BAD}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{99B5D779-0EB7-41F3-9622-F0D73971349A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9E97F6CC-26DA-4AD2-886B-E2F87F1516BD}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe |
"UDP Query User{A6F5E34F-B467-4740-985B-43525ADB877E}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe |
"UDP Query User{A973F2B1-824F-4871-BA58-A50267AEBEE6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe |
"UDP Query User{AF1FF237-AA74-4520-BBD7-50B5E097D43E}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe |
"UDP Query User{C63538EF-A25B-4C5B-9401-B2327455306B}C:\users\fab\desktop\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe |
"UDP Query User{C95F16B5-125A-4EE5-BBEF-3E6663590AC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{D60028DB-70B4-43B5-BFC9-929BCEF5003E}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe |
"UDP Query User{D6E22DED-1CE4-4FFB-94ED-CA4FD9810C77}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe |
"UDP Query User{E0C6DE29-8E54-4221-80F2-F1FE4BA7A969}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E90F21D2-7515-45C4-B370-131E72C6A784}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{EA06166C-0A6B-4FED-9BD1-12549902A997}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe |
"UDP Query User{F51E0B3D-303E-46C9-AC75-D002C5A06D98}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{F6E293D4-D798-404D-9331-17F2D59A5037}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe |
"UDP Query User{FCF14D18-C50A-4D07-9970-BDCF60C14EF2}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe |
"UDP Query User{FEBBA1AD-5FE6-4FA2-AE19-7D5BA80EF5AA}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskAid_is1" = DiskAid 5.08
"DivX Setup" = DivX-Setup
"DriverCD" = DriverCD
"Eden Eternal" = Eden Eternal
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117
"G.O.M" = G.O.M
"Guild Wars" = GUILD WARS
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"Silkroad" = Silkroad
"Steam App 10" = Counter-Strike
"Steam App 113400" = APB Reloaded
"Steam App 200210" = Realm of the Mad God
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 99900" = Spiral Knights
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 3.0.9042
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248456 angegeben.
Der Rückgabecode von ReadEventLog ist 8.
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248472 angegeben.
Der Rückgabecode von ReadEventLog ist 8.
Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005
Description = Fehler beim Setzen der Position an das Ende der Protokolldatei --
Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248344 angegeben.
Der Rückgabecode von ReadEventLog ist 8.
Error - 15.06.2012 13:31:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel:
0x4fd8b9f9 Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel:
0x4fd8b9f9 Ausnahmecode: 0x40000015 Fehleroffset: 0x005dff0a ID des fehlerhaften Prozesses:
0x11f4 Startzeit der fehlerhaften Anwendung: 0x01cd4b1b62acf8e7 Pfad der fehlerhaften
Anwendung: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app Pfad des fehlerhaften
Moduls: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app Berichtskennung: 01b8d1a8-b710-11e1-9120-00241d2232b9
Error - 17.06.2012 21:45:59 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4fd10b64 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4fd10cda Ausnahmecode: 0xc0000005 Fehleroffset: 0x00425cd2 ID des fehlerhaften Prozesses:
0x13bc Startzeit der fehlerhaften Anwendung: 0x01cd4cee65b87207 Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
2\tf\bin\client.dll Berichtskennung: 5a1a16ed-b8e7-11e1-a634-00241d2232b9
Error - 18.06.2012 14:47:42 | Computer Name = FAB | Source = Application Hang | ID = 1002
Description = Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd8 Startzeit:
01cd4d7fb4c985b9 Endzeit: 920 Anwendungspfad: UNKNOWN Berichts-ID: 0fa1d30a-b976-11e1-a634-00241d2232b9
Error - 18.06.2012 15:11:53 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4fd10b64 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4fd10baa Ausnahmecode: 0xc0000005 Fehleroffset: 0x6a2de3c9
ID
des fehlerhaften Prozesses: 0x1710 Startzeit der fehlerhaften Anwendung: 0x01cd4d82000e2711
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
fortress 2\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
76078f3c-b979-11e1-a634-00241d2232b9
Error - 18.06.2012 16:05:58 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4fd10b64 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4fd10cda Ausnahmecode: 0xc0000005 Fehleroffset: 0x00425cd2 ID des fehlerhaften Prozesses:
0x11cc Startzeit der fehlerhaften Anwendung: 0x01cd4d868cd2cff2 Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress
2\tf\bin\client.dll Berichtskennung: 044e84d4-b981-11e1-a634-00241d2232b9
Error - 18.06.2012 16:58:50 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4fd10b64 Name des fehlerhaften Moduls: QuickTime.qts, Version: 7.71.80.42, Zeitstempel:
0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001ae14 ID des fehlerhaften Prozesses:
0xe7c Startzeit der fehlerhaften Anwendung: 0x01cd4d9523bd6df7 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\steamapps\fabiggen\team fortress 2\hl2.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
Berichtskennung:
676c3506-b988-11e1-8e46-00241d2232b9
Error - 18.06.2012 18:29:23 | Computer Name = FAB | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4fd10b64 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4fd10baa Ausnahmecode: 0xc0000005 Fehleroffset: 0x67e3e3c9
ID
des fehlerhaften Prozesses: 0x130c Startzeit der fehlerhaften Anwendung: 0x01cd4da0da41c80e
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team
fortress 2\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
0d38cf2c-b995-11e1-8e46-00241d2232b9
[ System Events ]
Error - 19.06.2012 08:35:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = SNMP | ID = 16713180
Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration
ist ein Fehler aufgetreten.
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 08:36:22 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 08:36:39 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 09:12:02 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 19.06.2012 09:12:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
Hijackthis LOG: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:43:39, on 19.06.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Opera\opera.exe C:\Users\Fab\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Internet Explorer.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9380 bytes Super Anti Spyware Logs: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/21/2012 at 12:56 PM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Complete Scan Total Scan Time : 00:10:25 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 839 Memory threats detected : 0 Registry items scanned : 66166 Registry threats detected : 0 File items scanned : 9540 File threats detected : 13 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\X0KWUPYL.txt [ /adtech.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R5B0WU9L.txt [ /ads.creative-serving.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\J0Q9W314.txt [ /doubleclick.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IAFDSU0E.txt [ /nextag.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DGTR8UQJ.txt [ /overture.com ] C:\USERS\FAB\Cookies\X0KWUPYL.txt [ Cookie:fab@adtech.de/ ] C:\USERS\FAB\Cookies\J0Q9W314.txt [ Cookie:fab@doubleclick.net/ ] C:\USERS\FAB\Cookies\IAFDSU0E.txt [ Cookie:fab@nextag.de/ ] C:\USERS\FAB\Cookies\DGTR8UQJ.txt [ Cookie:fab@overture.com/ ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BPZ7AME3.txt [ /find.safeseeking.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HAA0QI0W.txt [ /click.get-answers-fast.com ] C:\USERS\FAB\Cookies\BPZ7AME3.txt [ Cookie:fab@find.safeseeking.com/ ] C:\USERS\FAB\Cookies\HAA0QI0W.txt [ Cookie:fab@click.get-answers-fast.com/ads-clicktrack/click/ ] NR 2 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/21/2012 at 03:42 AM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Complete Scan Total Scan Time : 01:11:16 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 887 Memory threats detected : 0 Registry items scanned : 66312 Registry threats detected : 0 File items scanned : 97496 File threats detected : 17 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BENLAHXH.txt [ /unitymedia.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OSUXMJNC.txt [ /tracking.quisma.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\KPKOF9KE.txt [ /ad.yieldmanager.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\2X2JB7N1.txt [ /adtech.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9VOJXJAA.txt [ /adfarm1.adition.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1PD7DNRT.txt [ /doubleclick.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\XPMCY3CS.txt [ /xml.trafficno.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6FMFEULI.txt [ /overture.com ] C:\USERS\FAB\Cookies\BENLAHXH.txt [ Cookie:fab@unitymedia.de/ ] C:\USERS\FAB\Cookies\OSUXMJNC.txt [ Cookie:fab@tracking.quisma.com/ ] C:\USERS\FAB\Cookies\2X2JB7N1.txt [ Cookie:fab@adtech.de/ ] C:\USERS\FAB\Cookies\1PD7DNRT.txt [ Cookie:fab@doubleclick.net/ ] C:\USERS\FAB\Cookies\6FMFEULI.txt [ Cookie:fab@overture.com/ ] PUP.MyWebSearch C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[2].htm [ cache:mywebsearch.com ] C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[3].htm [ cache:mywebsearch.com ] C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E27O6YM\api[2].htm [ cache:mywebsearch.com ] C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6UK21F7\api[1].htm [ cache:mywebsearch.com ] Nr 3 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/20/2012 at 04:40 PM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Custom Scan Total Scan Time : 00:13:20 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 895 Memory threats detected : 0 Registry items scanned : 66282 Registry threats detected : 0 File items scanned : 7427 File threats detected : 42 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6PC2B5SS.txt [ /traffictrack.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TYMTHD69.txt [ /ads.bleepingcomputer.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DD560O3Z.txt [ /mm.chitika.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\H5GC1A3D.txt [ /mediaplex.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4ICSKNBG.txt [ /at.atwola.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4JDY54JE.txt [ /ru4.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EBPQXRYF.txt [ /kaspersky.122.2o7.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HMT1VKCJ.txt [ /kontera.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\V75N6P28.txt [ /atdmt.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LRRS5APJ.txt [ /ad.yieldmanager.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5ML59VHB.txt [ /lucidmedia.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RVZWAWZB.txt [ /c.atdmt.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IUEHJVQ4.txt [ /www.traffictrack.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\WQUJ46J7.txt [ /247realmedia.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3WXSENB5.txt [ /doubleclick.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1OH8RXFV.txt [ /apmebf.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R1PHNFTF.txt [ /advertising.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\Y5PAYXJH.txt [ /tracking.3gnet.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LVRKYT79.txt [ /serving-sys.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EPB71HKS.txt [ /adbrite.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SUXFQZIS.txt [ /www.googleadservices.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\A77HX2ZV.txt [ /invitemedia.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5EG5BUIH.txt [ /ad.360yield.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5R6XKKH3.txt [ /media6degrees.com ] C:\USERS\FAB\Cookies\6PC2B5SS.txt [ Cookie:fab@traffictrack.de/ ] C:\USERS\FAB\Cookies\H5GC1A3D.txt [ Cookie:fab@mediaplex.com/ ] C:\USERS\FAB\Cookies\4ICSKNBG.txt [ Cookie:fab@at.atwola.com/ ] C:\USERS\FAB\Cookies\4JDY54JE.txt [ Cookie:fab@ru4.com/ ] C:\USERS\FAB\Cookies\EBPQXRYF.txt [ Cookie:fab@kaspersky.122.2o7.net/ ] C:\USERS\FAB\Cookies\HMT1VKCJ.txt [ Cookie:fab@kontera.com/ ] C:\USERS\FAB\Cookies\V75N6P28.txt [ Cookie:fab@atdmt.com/ ] C:\USERS\FAB\Cookies\5ML59VHB.txt [ Cookie:fab@lucidmedia.com/ ] C:\USERS\FAB\Cookies\RVZWAWZB.txt [ Cookie:fab@c.atdmt.com/ ] C:\USERS\FAB\Cookies\IUEHJVQ4.txt [ Cookie:fab@www.traffictrack.de/ ] C:\USERS\FAB\Cookies\WQUJ46J7.txt [ Cookie:fab@247realmedia.com/ ] C:\USERS\FAB\Cookies\3WXSENB5.txt [ Cookie:fab@doubleclick.net/ ] C:\USERS\FAB\Cookies\1OH8RXFV.txt [ Cookie:fab@apmebf.com/ ] C:\USERS\FAB\Cookies\R1PHNFTF.txt [ Cookie:fab@advertising.com/ ] C:\USERS\FAB\Cookies\Y5PAYXJH.txt [ Cookie:fab@tracking.3gnet.de/ ] C:\USERS\FAB\Cookies\LVRKYT79.txt [ Cookie:fab@serving-sys.com/ ] C:\USERS\FAB\Cookies\EPB71HKS.txt [ Cookie:fab@adbrite.com/ ] C:\USERS\FAB\Cookies\A77HX2ZV.txt [ Cookie:fab@invitemedia.com/ ] NR 4 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/20/2012 at 02:48 AM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Complete Scan Total Scan Time : 01:22:02 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 842 Memory threats detected : 0 Registry items scanned : 66217 Registry threats detected : 0 File items scanned : 95542 File threats detected : 3 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\QGWPO1R8.txt [ /adtech.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3UTKQ21H.txt [ /adfarm1.adition.com ] C:\USERS\FAB\Cookies\QGWPO1R8.txt [ Cookie:fab@adtech.de/ ] Es tut mir wirklich leid euch mit soviel zu belästigen. Ich glaube ich habe alles falsch gemacht was man überhaupt falschmachen kann... Ich habe nämlich TDSS Killer benutzt und die roten sachen gelöscht war das sehr schlimm? XD ^^ Es wäre nett wenn mir jemand helfen könnte .  Geändert von cosinus (24.06.2012 um 18:32 Uhr) Grund: Bild zu Link |
| Themen zu Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt |
| 7-zip, acrobat update, adblock, adware, akamai, battle.net, bho, bonjour, browser, downloader, error, exe, fb photo zoom, firefox, flash player, format, helper, iexplore.exe, install.exe, langs, launch, object, plug-in, prozesse, realtek, registry, rundll, schlimm?, schreibfehler, searchscopes, security, server, software, start von windows, starten, svchost.exe, teamspeak, windows, wrapper |
Baum-Darstellung