| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Atraps.gen im WindowsordnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.07.2012, 22:22
| #1 |
| |  TR/Atraps.gen im Windowsordner Hallo, gestern meldete mein Avira einen Fund des Trojaners TR/Atraps.gen. Nach Entfernfunktion trat es wieder und wieder auf. Wenn ich mich recht entsinne war auch Java (Chat) zu jener Zeit geöffnet. Da Avira es auch nach Scan eher schlecht als recht beseitigte, probierte ich Avast, der etwas fand, aber nicht explizit diesen Trojaner. Symptom tritt zwar nicht mehr auf, aber ich bin sehr unsicher, ob das was gebracht hat. Vor allem habe ich keinerlei Ahnung und Erfahrung damit. Übrigens mein OS: Windows Prof 7 64bit Es wäre sehr nett wenn jemand meine Logs checken und helfen könnte. Gruß und Dank Marcel OTL Logs: Code:
ATTFilter OTL logfile created on: 10.07.2012 23:05:06 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\OgerMarcel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,52% Memory free 7,99 Gb Paging File | 5,96 Gb Available in Paging File | 74,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 341,70 Gb Total Space | 121,47 Gb Free Space | 35,55% Space Free | Partition Type: NTFS Drive D: | 123,96 Gb Total Space | 32,10 Gb Free Space | 25,90% Space Free | Partition Type: NTFS Drive E: | 7,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MARCEL | User Name: OgerMarcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.10 23:04:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\OgerMarcel\Downloads\OTL.exe PRC - [2012.06.19 00:03:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\OgerMarcel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2006.11.23 17:45:34 | 002,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\mIRC\mirc.exe ========== Modules (No Company Name) ========== MOD - [2012.06.19 00:03:53 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.03.08 18:50:28 | 000,074,616 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Messenger\ShareAnythingControlRes.dll MOD - [2012.03.08 18:40:44 | 000,010,616 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Messenger\de\ShareAnythingControllang.dll.mui MOD - [2012.03.08 17:53:16 | 000,019,304 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Shared\de\wliduxloc.dll.mui MOD - [2012.03.08 17:53:12 | 000,025,960 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Shared\de\uxctlloc.dll.mui MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.24 12:11:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.19 00:03:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.06 11:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.29 09:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.28 14:11:29 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.03.18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.03.18 11:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.03.18 11:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.03.18 10:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2010.03.18 10:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2007.03.27 19:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{95705981-BF02-4BEE-B9A7-70382E16C63A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 78 93 E0 6F A3 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{95705981-BF02-4BEE-B9A7-70382E16C63A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:newtab" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..extensions.enabledItems: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\OgerMarcel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\OgerMarcel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 00:03:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 14:35:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.12 22:11:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.12 14:35:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 00:03:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 14:35:45 | 000,000,000 | ---D | M] [2010.09.27 03:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Extensions [2010.09.27 03:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.04 19:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Firefox\Profiles\q2t8pqji.default\extensions [2012.05.17 18:32:46 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\OgerMarcel\AppData\Roaming\mozilla\Firefox\Profiles\q2t8pqji.default\extensions\ich@maltegoetz.de [2010.09.27 04:08:56 | 000,001,504 | ---- | M] () -- C:\Users\OgerMarcel\AppData\Roaming\Mozilla\Firefox\Profiles\q2t8pqji.default\searchplugins\imdb.xml [2010.09.27 04:08:35 | 000,004,140 | ---- | M] () -- C:\Users\OgerMarcel\AppData\Roaming\Mozilla\Firefox\Profiles\q2t8pqji.default\searchplugins\youtube.xml [2012.05.04 19:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.09 19:37:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2012.07.04 19:25:30 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\OGERMARCEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2T8PQJI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.19 00:03:53 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.05 12:43:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.19 00:03:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.19 00:03:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 00:03:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 00:03:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 00:03:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 00:03:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\OgerMarcel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\OgerMarcel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.230 80.69.100.174 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5949C9FA-A7FA-460B-9DE3-75B833046BBC}: DhcpNameServer = 80.69.100.230 80.69.100.174 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.19 20:05:30 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{0fc4881a-c9ce-11df-bdfd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0fc4881a-c9ce-11df-bdfd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2011.09.03 02:29:01 | 000,217,256 | R--- | M] (2K Sports) O33 - MountPoints2\{8639e5cc-cd80-11e0-bdb8-1c6f654655d4}\Shell - "" = AutoRun O33 - MountPoints2\{8639e5cc-cd80-11e0-bdb8-1c6f654655d4}\Shell\AutoRun\command - "" = G:\start_WIN.exe O33 - MountPoints2\{967b9f47-a702-11e0-9638-1c6f654655d4}\Shell - "" = AutoRun O33 - MountPoints2\{967b9f47-a702-11e0-9638-1c6f654655d4}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 22:30:18 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Roaming\Avira [2012.07.10 22:26:41 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6B6E4DB0-ED73-4463-9367-17DDBEAC5944} [2012.07.10 22:26:28 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6FE0354B-178D-4541-8240-55F0E0C39ECD} [2012.07.10 22:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.10 22:24:14 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.10 22:24:14 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.10 22:24:14 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.10 22:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.10 22:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.10 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.07.10 16:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.07.10 16:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.10 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.07.10 13:55:35 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\ElevatedDiagnostics [2012.07.10 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F8273BE7-637A-4B71-8E6F-CC639119AF18} [2012.07.10 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{C7AC738E-FD3E-4046-BF4C-75A5496A2E71} [2012.07.09 23:56:24 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F554B235-71E1-4184-9C7A-4225B792F05A} [2012.07.09 23:56:00 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{433B4238-1FDC-42BA-86DD-7336C0480D1C} [2012.07.09 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Roaming\Malwarebytes [2012.07.09 14:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.09 11:55:34 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{49FE6715-4BBC-43A3-B125-CC2C86B06F70} [2012.07.09 11:55:23 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{2E5ABF53-D7D7-49A6-838E-C31B2FCF11A6} [2012.07.08 16:11:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5D0B0AD2-5E8D-4384-832B-DEF657136372} [2012.07.08 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EBAA31B4-B049-4F34-BAC5-CFFA7A4AC4C8} [2012.07.07 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{2902CEAB-9FD5-42B5-88D8-223C780CE5A0} [2012.07.07 12:36:58 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3B058EED-8F03-451F-82DC-F5DF0675758E} [2012.07.06 14:03:38 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{65F2F3DA-8D75-4005-A27A-E5EA0B3B716D} [2012.07.06 14:03:15 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{40398C0C-5267-41DE-96FF-3128B226032C} [2012.07.06 00:32:19 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{75DC34A4-EC74-4EED-B907-81BDC7D1913A} [2012.07.05 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1A44D65D-74F3-43DF-8680-FF7E2C3FAD0A} [2012.07.05 12:31:21 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1E414AC6-B89F-4D6B-AE78-4CB826BDE9F1} [2012.07.05 00:30:55 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4D929232-85A1-4C94-AE59-C96FB24BC7B9} [2012.07.04 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A0AE5826-A6FA-44EF-9E23-4C8BC0A88A2E} [2012.07.04 12:29:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{FE5E08DA-C72D-4154-BFEF-B3D6B50FF776} [2012.07.04 00:29:30 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F259240D-8CB1-4A07-9272-607B0D530E43} [2012.07.03 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{79CB9DAF-E626-482C-98B6-F82AEE4CF64D} [2012.07.03 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{342227B4-9458-4E9B-AF37-FFD06541D72E} [2012.07.03 00:28:05 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B8A483CD-2417-46D8-A12F-C5BD999C3903} [2012.07.02 12:27:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{CCD50395-A45C-4BF6-B3E1-F41DED2C4845} [2012.07.02 12:27:05 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4CA24910-ACFD-4866-9C2F-7084A9838D28} [2012.07.02 00:26:39 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B9366602-1CD7-474D-9FE1-0450223B0DE7} [2012.07.01 12:26:03 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A8441E68-2D33-4515-BF0D-A4FF62571DC3} [2012.07.01 12:25:51 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{38679E7E-8497-490C-8B94-C58AC6240F67} [2012.06.30 13:06:44 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A927CF60-5B6C-4371-A563-A8212AEF587D} [2012.06.30 13:06:33 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1DF32DCF-2E9E-426B-BCC2-2998C2533E66} [2012.06.30 00:33:55 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{0006AB18-2D83-4BF3-A49A-3AACE4DD58E5} [2012.06.29 12:33:17 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4722C220-954C-4160-A380-66BEE1DF6219} [2012.06.29 12:32:39 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6C7CDC35-8FC2-4C70-A543-C7D28414E571} [2012.06.29 00:30:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{4CB32E7B-F21A-48DA-B660-98200ECEAB59} [2012.06.29 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{876D07C8-A027-4671-B1AA-D4EBEC129B32} [2012.06.28 12:29:27 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F1106265-11A6-4E93-B67D-651E51ACB878} [2012.06.28 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6948E03B-36B9-4D13-B43D-AEAD4EBCEE93} [2012.06.28 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{793CC5A8-BCE0-4C8E-A6D2-A3DD3377CB4D} [2012.06.28 00:28:14 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3B5AAE5B-9156-49D8-B358-CF53781DC592} [2012.06.27 12:27:48 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3A9D373A-8A0F-4F49-81E1-C9D333850AD1} [2012.06.27 12:27:25 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B4F3E9DD-66C9-4D8A-93A8-D6B1860675AC} [2012.06.27 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{6EC9CB51-EA3C-4121-828D-9873B309032D} [2012.06.26 12:26:23 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{0290C2F6-2C58-4E01-9E58-C336A075492D} [2012.06.26 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1567F5AB-49CA-487D-A4AB-3C0A2C99A353} [2012.06.26 00:05:44 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{81B2E945-8A6B-4473-ADB0-E700A236DFA3} [2012.06.26 00:05:22 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{58A7E178-2BDE-4CFE-B096-A5F12D2190B3} [2012.06.25 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5F17E988-C551-4B32-A494-819176A05714} [2012.06.25 12:04:34 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{1EC47CD8-29E7-466F-AEAD-41CEFCA96382} [2012.06.25 00:04:08 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{C8A7EE48-338B-44A3-AA0C-0A383D9C534E} [2012.06.24 12:03:32 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9FC2DB11-3944-4C8C-BAE6-950BB8A31DC0} [2012.06.24 12:03:10 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9C697B9C-ED02-46A3-B5F3-A9585D37DCEB} [2012.06.23 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{884B6E17-40D1-4755-AD8E-B2DB09583F26} [2012.06.23 13:13:13 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{05DD38F1-693B-4EC0-816B-34D69DF084D3} [2012.06.23 00:06:09 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{AF4F763A-9528-45FE-8837-8FB6A04B354D} [2012.06.23 00:05:46 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{E1D7AD69-0AAF-420D-9546-B240367C8963} [2012.06.22 11:15:08 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5EBAC6CF-B8F8-4C67-9ADF-119635F1E778} [2012.06.22 11:14:46 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EEE17D6B-24F4-467B-B9FF-03AE5D3FA6E8} [2012.06.21 23:14:20 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{22ED94E9-C876-453F-AC45-48531A4BC0AD} [2012.06.21 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{F4644D70-56A1-4CB5-9233-9891E8DF874A} [2012.06.21 18:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2012.06.21 18:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2012.06.21 16:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2012.06.21 11:13:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{24619B04-7F73-49F0-9C58-ADB92BBB0C68} [2012.06.21 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{43A2E4D8-0D45-4BE4-B95B-6C5A68CE51FD} [2012.06.20 23:12:49 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5673C260-3EEE-4373-BF05-3606014964D3} [2012.06.20 23:12:27 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5E836921-185E-48A5-AE8F-7F7C7C44C657} [2012.06.20 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{B3242C6A-17FC-46F4-BF5B-ADA10DA368ED} [2012.06.20 11:11:51 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9CCBBFBB-BC79-4C6F-8AA1-DAF1AC7B6D73} [2012.06.19 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9CFB8B08-4D4C-41FE-97D8-75E1EEE61512} [2012.06.19 23:11:03 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EA7FC37B-D87A-4EAD-ABDF-68FEE9CF899B} [2012.06.19 11:10:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{DEED303B-44CE-4F31-9675-A7EF0E3E3D36} [2012.06.19 11:10:11 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{DC976B8B-BBC2-43C0-9BF5-AC94C3A85529} [2012.06.18 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{102ED38C-8EEF-4FFA-8FCF-754602EF8241} [2012.06.17 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{49FD7215-497D-40A0-8B4A-160E478F23DD} [2012.06.16 14:08:08 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{EBF83EFA-6CB1-42BA-8C11-D0C378749937} [2012.06.15 23:48:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A2826A5E-C8F7-4183-B653-8BB455155305} [2012.06.15 11:19:52 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{7C65FC9F-C7BB-4046-B7DA-A1BE73B1AB9D} [2012.06.14 23:19:26 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{226E2117-5B8D-4C57-AD6E-74D5C2E89270} [2012.06.14 23:19:03 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{A006566A-5A76-4E54-9D90-CCE41AA53086} [2012.06.14 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{C359FB31-F14D-4EA7-AD24-E95F96D5E630} [2012.06.14 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{7CC1F987-040F-4FC9-A833-D51FE80F32CC} [2012.06.14 10:39:21 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\Macromedia [2012.06.13 23:17:49 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{CAD59F5F-23D4-4D4D-9570-1F13330C6516} [2012.06.13 23:17:26 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{8F8627CC-2A1A-4B63-9B28-4B6D0591EAFC} [2012.06.13 09:10:09 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{9058E0C3-4118-48B4-BB34-000FA3669C36} [2012.06.13 09:09:57 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{8A440979-1489-4048-999B-1713F31BF935} [2012.06.12 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{712347C7-FD32-4691-AD3C-3079303D6090} [2012.06.12 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{3D8E91E7-14D2-4EA3-B912-27C2A910103B} [2012.06.11 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{61393C92-1F35-43CD-8B69-88F151CFDF3F} [2012.06.11 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{46AC2C61-7B2E-473E-9D6D-6150DF0DF451} [2012.06.11 11:02:29 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{5BE7F0BE-6CAD-450B-B298-0B12505F1103} [2012.06.11 11:02:07 | 000,000,000 | ---D | C] -- C:\Users\OgerMarcel\AppData\Local\{2FBAC24B-4D83-411E-88B4-D8CA256EE1CF} [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.10 23:11:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.10 23:10:15 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 23:10:15 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 23:03:14 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.10 23:02:36 | 000,297,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.10 23:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 23:01:57 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2012.07.10 23:00:08 | 000,000,188 | ---- | M] () -- C:\Users\OgerMarcel\defogger_reenable [2012.07.10 22:53:07 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.10 19:21:48 | 000,003,744 | ---- | M] () -- C:\bootsqm.dat [2012.07.10 15:08:34 | 000,000,206 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150829.reg [2012.07.10 15:08:18 | 000,000,398 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150815.reg [2012.07.10 15:08:03 | 000,010,690 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150754.reg [2012.07.10 15:04:37 | 000,207,080 | ---- | M] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150429.reg [2012.07.09 11:12:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001UA.job [2012.07.08 23:12:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001Core.job [2012.06.30 18:20:33 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 18:20:33 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 18:20:33 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 18:20:33 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 18:20:33 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.21 17:05:53 | 000,047,104 | ---- | M] () -- C:\Windows\SysWow64\KMVIDC32.DLL [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 23:00:07 | 000,000,188 | ---- | C] () -- C:\Users\OgerMarcel\defogger_reenable [2012.07.10 22:28:58 | 003,444,736 | ---- | C] () -- C:\Users\OgerMarcel\Documents\dd-wrt.v24-14896_NEWD-2_K2.6_mini.bin [2012.07.10 22:28:58 | 001,021,732 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2045.JPG [2012.07.10 22:28:58 | 001,012,497 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2043.JPG [2012.07.10 22:28:58 | 001,000,084 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2044.JPG [2012.07.10 22:28:58 | 000,979,266 | ---- | C] () -- C:\Users\OgerMarcel\Documents\DSCN2042.JPG [2012.07.10 22:28:58 | 000,207,080 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150429.reg [2012.07.10 22:28:58 | 000,175,663 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Yello Strom Classic Auftrag.pdf [2012.07.10 22:28:58 | 000,072,936 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Unbenannt.jpg [2012.07.10 22:28:58 | 000,056,314 | ---- | C] () -- C:\Users\OgerMarcel\Documents\haus.ots [2012.07.10 22:28:58 | 000,021,356 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Wohnungsbewerbung-Harnackstr..odt [2012.07.10 22:28:58 | 000,020,960 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Lebenslauf1.odt [2012.07.10 22:28:58 | 000,020,813 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Documents.rar [2012.07.10 22:28:58 | 000,016,008 | ---- | C] () -- C:\Users\OgerMarcel\Documents\lebenslauf-scheisse.odt [2012.07.10 22:28:58 | 000,015,740 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-pflege elshoff.odt [2012.07.10 22:28:58 | 000,015,585 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-office.odt [2012.07.10 22:28:58 | 000,015,550 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-wagner.odt [2012.07.10 22:28:58 | 000,015,398 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-TLS-Unna.odt [2012.07.10 22:28:58 | 000,015,343 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-stockey.odt [2012.07.10 22:28:58 | 000,015,213 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-scheisse.odt [2012.07.10 22:28:58 | 000,013,330 | ---- | C] () -- C:\Users\OgerMarcel\Documents\eigenbemühungen.ods [2012.07.10 22:28:58 | 000,010,690 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150754.reg [2012.07.10 22:28:58 | 000,002,300 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Neue Datenbank.odb [2012.07.10 22:28:58 | 000,001,190 | ---- | C] () -- C:\Users\OgerMarcel\Documents\tr2a6zqgc0ciq.png [2012.07.10 22:28:58 | 000,000,910 | ---- | C] () -- C:\Users\OgerMarcel\Documents\trcqlxw3udyi.png [2012.07.10 22:28:58 | 000,000,398 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150815.reg [2012.07.10 22:28:58 | 000,000,206 | ---- | C] () -- C:\Users\OgerMarcel\Documents\cc_20120710_150829.reg [2012.07.10 22:28:57 | 000,306,326 | ---- | C] () -- C:\Users\OgerMarcel\Documents\2650gross.jpg [2012.07.10 22:28:57 | 000,018,488 | ---- | C] () -- C:\Users\OgerMarcel\Documents\AMT-Jobvorschläge.odt [2012.07.10 22:28:57 | 000,015,591 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-essenaufrädern-DRK.odt [2012.07.10 22:28:57 | 000,015,546 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-getränke.odt [2012.07.10 22:28:57 | 000,015,520 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-meyermenü.odt [2012.07.10 22:28:57 | 000,015,409 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-essenaufrädern.odt [2012.07.10 22:28:57 | 000,015,398 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-DP-Druck.odt [2012.07.10 22:28:57 | 000,015,277 | ---- | C] () -- C:\Users\OgerMarcel\Documents\bewerbung-nowda.odt [2012.07.10 22:28:57 | 000,015,037 | ---- | C] () -- C:\Users\OgerMarcel\Documents\Amt-Hopster.odt [2012.07.10 22:28:57 | 000,014,971 | ---- | C] () -- C:\Users\OgerMarcel\Documents\AMT-STUDIUM.odt [2012.07.10 19:21:48 | 000,003,744 | ---- | C] () -- C:\bootsqm.dat [2012.06.21 18:43:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Reloaded [2012.06.21 16:56:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\KMVIDC32.DLL [2012.04.07 18:43:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.11 15:51:01 | 000,002,048 | -HS- | C] () -- C:\Users\OgerMarcel\AppData\Local\{bd27be65-8027-20d2-b52a-e15451516d4b}\@ [2011.11.10 05:32:32 | 000,007,606 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\Resmon.ResmonCfg [2011.11.02 20:19:19 | 000,000,000 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\{5A553A5A-69DF-4325-AE53-E2084A033548} [2011.11.02 20:17:28 | 000,000,000 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\{5866E8F8-27C5-41DB-B6FC-42F1EDBF9A94} [2011.10.28 16:32:56 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.12.30 22:59:27 | 000,000,604 | ---- | C] () -- C:\Windows\Sof2.INI [2010.12.13 22:50:09 | 000,032,647 | ---- | C] () -- C:\Users\OgerMarcel\bookmarks-2010-12-13.json [2010.11.25 18:10:56 | 000,000,098 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Local\fusioncache.dat [2010.11.25 18:10:01 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.08 02:09:08 | 000,077,527 | ---- | C] () -- C:\Users\OgerMarcel\18.jpg [2010.11.08 02:09:08 | 000,070,313 | ---- | C] () -- C:\Users\OgerMarcel\19.jpg [2010.11.08 02:09:08 | 000,065,592 | ---- | C] () -- C:\Users\OgerMarcel\15.jpg [2010.11.08 02:09:08 | 000,058,719 | ---- | C] () -- C:\Users\OgerMarcel\16.jpg [2010.11.08 02:09:08 | 000,058,290 | ---- | C] () -- C:\Users\OgerMarcel\17.jpg [2010.10.18 14:47:45 | 000,000,369 | ---- | C] () -- C:\Users\OgerMarcel\AppData\Roaming\burnaware.ini [2010.10.07 16:27:58 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2010.09.27 03:29:46 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.09.27 03:11:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.09.27 03:06:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.09.27 03:00:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.27 02:42:18 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2010.09.27 02:42:17 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\AudioExCtl.dll ========== LOP Check ========== [2012.02.13 13:03:05 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\2K Sports [2012.07.10 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\DAEMON Tools Lite [2011.01.17 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\HEM Data [2011.07.15 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\HoldemManager [2011.06.06 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\ImgBurn [2010.09.27 02:44:12 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Leadertech [2012.01.08 20:42:26 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\ManyCam [2010.11.04 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Microgaming [2011.08.19 00:31:30 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Miranda [2010.10.01 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Octoshape [2010.10.14 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\OpenOffice.org [2011.07.10 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\PC Suite [2012.04.07 18:41:41 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\QuickStoresToolbar [2010.10.25 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\RayV [2012.06.04 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\RIFT [2011.07.10 16:04:25 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Samsung [2011.12.11 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\StreamTorrent [2010.12.30 05:58:25 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\TeamViewer [2010.09.27 03:11:04 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\Thunderbird [2012.07.10 23:12:15 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\TS3Client [2010.10.25 22:55:03 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\UB [2012.07.10 23:12:15 | 000,000,000 | ---D | M] -- C:\Users\OgerMarcel\AppData\Roaming\uTorrent [2012.07.08 23:12:00 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001Core.job [2012.07.09 11:12:01 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3929255831-232957818-2200396846-1001UA.job [2012.06.06 10:49:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.07.2012 23:05:06 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\OgerMarcel\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,52% Memory free
7,99 Gb Paging File | 5,96 Gb Available in Paging File | 74,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,70 Gb Total Space | 121,47 Gb Free Space | 35,55% Space Free | Partition Type: NTFS
Drive D: | 123,96 Gb Total Space | 32,10 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
Drive E: | 7,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MARCEL | User Name: OgerMarcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E2BF37-B388-4612-A7B6-5532C83A9F39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{108A0D76-DF6D-4A59-87F2-A50A6534ADDD}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{17BC90A2-E446-4A95-89BD-750061F6C9F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{183413D5-A4C1-4C08-AD4C-522AA3F3A315}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FED0522-114B-45E5-A0DD-61BAE221AD88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22666833-8BF8-4C29-85B0-FF3E145DC97E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{292E5767-CF98-4BAB-8377-FB180E7A523A}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{2940043B-575D-4D7A-B276-D4AC00EB23FF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AFCE3D6-618C-4BBD-A829-A9F6DD08538B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D3885A2-3B8A-408E-83AA-8D29F5187CAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F3B098B-A0CF-47E5-B007-F820EF27C9DA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{515BE663-A36B-45B4-B75A-5EF8CBA56D94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52A048F0-48F9-4B7C-A3F3-B78B050D2520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BD5FF95-FF43-4C16-9BC4-D7CAF2341C71}" = lport=445 | protocol=6 | dir=in | app=system |
"{61AC0BAB-84BD-4835-8B70-A47CA88621E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{69B10AAC-A535-48E2-92E3-867E1FA04C36}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6A1E9DEE-BE93-436F-BB14-EC62AA85F582}" = lport=137 | protocol=17 | dir=in | app=system |
"{73C526B2-EBD9-40AD-AAAB-87F15191DF1D}" = lport=57753 | protocol=6 | dir=in | name=pando media booster |
"{79834185-F5FB-494F-9216-2A829B472F09}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E7BD9B5-36DE-4392-9DBB-63C80DDAFF22}" = rport=445 | protocol=6 | dir=out | app=system |
"{9205FD86-C1CD-412E-8724-072DD228D939}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C95D5D7-F2FA-4DDA-8DAA-971FD80144DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A4D2FE54-A22C-4B9B-A21B-5DE3DBA7B698}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABC5FA68-A8ED-4123-9AE5-A908444183EC}" = lport=57753 | protocol=17 | dir=in | name=pando media booster |
"{B5148835-B612-43F7-91B0-AB21620E837C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B7655FB5-6543-4184-8421-71F655169DB4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B93760D2-92E6-4786-8CD5-699047B13473}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD20FDB7-FBB5-4735-B3AC-83C5F65AFDE0}" = lport=57753 | protocol=17 | dir=in | name=pando media booster |
"{C23498A4-4B72-4724-BD3E-C7DC534F16EF}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{C55F2BDF-00E3-4EBE-AAEE-AAB511A580E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9482DC9-202E-4749-98DB-1CD80F92772C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA364454-F2DE-4F0F-B0C0-37168F3D5EC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE577911-8C84-491D-B279-CE7EE98C45FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2B9E9FD-ECA7-463F-AD8B-690792837622}" = rport=138 | protocol=17 | dir=out | app=system |
"{D72C7F2C-4604-475C-AB2C-0ED9E2D3D9FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBD301CA-6FAC-465D-8BFF-C0CB0897326D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E5BB9E14-7CF0-4CD4-920C-990E16D8B9C6}" = lport=57753 | protocol=6 | dir=in | name=pando media booster |
"{E7450B79-2E56-4ED5-A540-2AE898762902}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{F607DA7C-B4CD-4E76-AB1A-75559B81B5E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8D8A0B6-0E2E-4BEA-9C0E-CE045584BCB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC6B1642-DDBA-457B-9D3D-937440239880}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD52125B-2A51-4993-BEB4-93B1613814B9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FF75B019-9812-4AB1-9517-C3D01E6545EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D23DB4-5592-47C1-9E81-89AE9D2B3972}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{03390B2E-BC21-4EF5-A88F-D6E89CB337FA}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
"{059D5845-AB25-441D-BD69-1FFF08FEE08A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{09F892A8-4531-48E9-B116-2CD3805E5BEB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{0CDE9B08-8E0E-49DC-A215-0E9F56929591}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F124315-4AAA-4612-A1CA-B62CD4DA5566}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{22A3FBBA-FFCE-4C3B-99FC-1175E47407AC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{241B0DCD-FBA6-4DFB-AE50-E09F26CA4541}" = protocol=6 | dir=in | app=c:\program files (x86)\tower gaming poker\pokerclient.exe |
"{2DC9FAC9-F847-4AA2-9DD0-B7FA25D182DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{30D98E2A-C54A-4B86-A350-29A884A3481F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3137E59B-630E-4B2F-9AC5-5D427A949E8B}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{34A8A8DC-5457-4037-B74C-E1C8E66C6410}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B84BE1B-B579-4217-9003-4FDEA45D8B36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{417419D0-860A-4314-8E6A-1E28732A00CB}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{4509C6D5-11E6-44C1-97C3-585012E7AA06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4745772C-B1B7-4FCC-84C4-1EFE123D8910}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4751BD41-58BE-4ADD-B081-36EA216D7BDF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{47818265-D91E-414E-B9BF-FFD0D8BB11C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{495659D5-CB78-4BB9-A5BB-D7AC40A59D74}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{4C80649A-677F-4C16-B3B8-3CD8A3818FCD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4FF20123-4654-4FB9-B9A7-BE51CEBF7B53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50443549-7F62-43BF-AE21-D8AE5AFDAAE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{552C7A79-D373-4D85-9EE1-D2A506E10105}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58E4AA64-9471-443E-844E-AA572CA0CC62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C841C4E-8AEC-4A10-88FB-75EE83B5DEF2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{5CEE17E5-6BC4-4566-98B0-017E35235408}" = protocol=17 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\counter-strike source\hl2.exe |
"{5CF14F07-1CB6-42C8-A414-A1C9581CB3DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe |
"{5D5DBA66-F822-43D5-AE8B-AE9F03922231}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{5EE35C10-6B68-44F3-9144-59E176CBE30C}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
"{604B7582-0C77-406B-8CE5-1AF5A4A7321E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60885A34-B970-4BE6-9B72-37CA7979CAF4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{6B1D1D28-DEDC-42DF-8B8D-E97EF225B08E}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"{6BB54038-8BFA-4001-A70B-704605B8E6A9}" = protocol=6 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\counter-strike source\hl2.exe |
"{6F5788CF-7B1F-42DD-92B9-9E627964B4CC}" = protocol=17 | dir=in | app=c:\games\diablo iii beta\diablo iii.exe |
"{72882FB0-5774-4CA7-BCFB-34B25F24D8E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{72D69313-2DB8-4912-AB02-61764197C8F0}" = dir=out | app=%systemdrive%\games\maxpayne3\maxpayne3.exe |
"{784B4171-16F9-4A0B-B151-B2470F956EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AA05738-B851-45CE-91A0-80E8B74478F9}" = protocol=58 | dir=in | app=system |
"{7C9798A4-B150-423B-8F1E-051E0673D342}" = protocol=6 | dir=out | app=system |
"{7F0ED362-80B0-4320-9C1F-574FFDB4EF36}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{81D77AE9-FF59-4724-BC1F-6274A6620AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{897184E8-A220-411F-B1B6-4FA1AD7C8284}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe |
"{8AC8B6DD-4033-4097-916C-88DEC4DB4844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{916B9E29-7F2A-4501-8B45-71C85AEF6BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92D3E77A-ED8B-45A0-BD85-671E4D3C41AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{96E90E0B-62F8-4E72-BBC5-0E44A4A729EC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{96F14DA8-D5F1-4459-AD78-858CC84410D0}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{A21484D3-EF7E-4F2A-9AE9-D4D78E65CDFD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2852D56-A787-4967-9A3A-0D752549AB7A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A97A8E48-9009-47DD-BB9B-4FBA3702B09F}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{A9B79863-43E8-4FF9-B455-D30736DAD232}" = protocol=6 | dir=in | app=c:\games\diablo iii beta\diablo iii.exe |
"{AA5686B5-E505-40C7-9088-1BF0957DEEF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AB3FC1D8-4B7B-4651-AB06-5A63052C476E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{ACBC5910-7DF8-4CF8-B40C-D7C1F857446F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B420919D-C6A2-465D-85AD-81C8104A693A}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B44B1085-7166-40C9-A563-A18C1817AEA0}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B6ECAE48-D2F5-4CF8-A4F2-150C927E3479}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.440\agent.exe |
"{BAC9256A-6820-47A4-AAF6-3765AC181244}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD19BE8A-2EBD-4615-B558-B270B35D1183}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF398395-D005-471A-AC58-7A13862117DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C014BB43-636F-4494-A4A3-20CA6B1D1CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{C12F100C-4CB3-4541-A229-72960DDAB87F}" = protocol=17 | dir=in | app=c:\program files (x86)\tower gaming poker\pokerclient.exe |
"{C538C8AE-356D-4EDF-BD74-5C69F77024E4}" = dir=in | app=%systemdrive%\games\maxpayne3\maxpayne3.exe |
"{CDC8D446-76EC-4645-8A6C-E964D8224BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D3CE11D6-801D-4E8E-9C5E-21AD23E8A6DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D5BB9B96-36A1-467C-BC3D-4B477FDB990B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D807927A-D8D9-452E-88DA-B5C5CE2D68EA}" = dir=in | app=c:\users\ogermarcel\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D9D85CD4-8C5B-4B4E-9862-DA1C65B21FB1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe |
"{DB58CBAE-3B53-4B5B-B134-FE8704692175}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0895A01-88B6-4A0E-8C62-DFD05B228696}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E0C4A5B9-E1AC-415D-AC76-136025639A0D}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{E22B72B7-CCB2-4121-A2D8-4FD4BC738A5C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe |
"{E3186AB9-3A44-4895-A3E7-51E6C0D9BB37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E847200E-0870-4F6F-AABA-7B9F46A100BD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{ED0664AA-E72E-40D6-8A83-679B97287074}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED10AD4D-EC0E-4355-9A49-9CF9A8BE0B29}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{F038574D-76E7-42DE-8FE9-534F41A9DDCD}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"{F1A42A79-25D5-4F39-B080-2169CC6AB506}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{F636E079-CCFB-4807-B086-D7452A694D3A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F6C9395A-9CBA-499F-AC35-466BEBBD15D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{F7844FD8-9DF4-4634-AD30-749D6A335227}" = dir=out | app=%systemdrive%\games\maxpayne3\playmaxpayne3.exe |
"{F9C83DC6-5A3A-455A-8CBB-9BA6D6783B2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB17EB96-934C-45D8-A465-4FC82F09B6B6}" = dir=in | app=%systemdrive%\games\maxpayne3\playmaxpayne3.exe |
"{FE558BE3-3631-44D5-967B-614F9AFE56B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.439\agent.exe |
"TCP Query User{05195E44-C8BE-4C01-857B-111724FD7CC6}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe |
"TCP Query User{06AD323F-F441-41E6-87F5-57659509A009}C:\games\soldier of fortune ii - double helix\sof2mp.exe" = protocol=6 | dir=in | app=c:\games\soldier of fortune ii - double helix\sof2mp.exe |
"TCP Query User{1628E82F-F6AC-4668-A705-17B080341619}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{1EF523D4-F6E6-4E06-A19F-785CF7352C72}C:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe |
"TCP Query User{1FF1B1EE-16C9-472F-8B4F-CB9A18E9AED9}C:\games\worms2\frontend.exe" = protocol=6 | dir=in | app=c:\games\worms2\frontend.exe |
"TCP Query User{28F04A16-8FD5-4B05-A203-48776177CB07}C:\games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\games\max payne 3\maxpayne3.exe |
"TCP Query User{46812557-43D3-4DCD-81A3-63822CFC1B26}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{4C840089-2E96-45FE-8077-334A224CB67C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{4F9597F4-D955-4DBF-8F5C-3F25A1C23CBB}C:\games\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe |
"TCP Query User{52229B57-BBC8-4D25-BA7C-2626E5ABEF8E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{55DAD86D-1E60-4AAB-AF5E-455D5B00574A}C:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{5A91186F-6854-4463-A4F3-EFECD606889E}C:\games\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\games\unreal tournament 3 (lg)\binaries\ut3.exe |
"TCP Query User{5B9309AE-85EB-4C64-9978-691D3F796A85}C:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{5F2A5C82-AD1A-4C69-8FDC-BB22D677BBE7}C:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{6887B193-2B2A-48F5-8B38-2EB81D5A570E}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"TCP Query User{689B1717-3576-4DEF-BA3B-BB0498894250}C:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{6C615415-9F05-4653-A863-97273C5FAF5D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{72CD889E-BEE1-49E8-8E1C-89564DD2F10F}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{731A6F14-E752-4FDA-A3EF-57A79A7F14D3}C:\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{7C90968C-89D1-49C5-90E9-14D334FEFB7C}C:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe |
"TCP Query User{7D66F20B-B35E-4140-BFFE-7544F2CC988F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{82939050-8CFD-453B-BB11-A438475CFD85}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{88AAA5B6-73EA-49EF-8274-CD7BE65CF132}C:\games\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=c:\games\nba 2k12\nba2k12.exe |
"TCP Query User{89901D65-05E8-4BB1-842D-9FBEC9C08FFA}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{8F1C4BFE-1CA1-43F9-9EFE-77C0E64A8730}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{911E9664-FF13-40DA-84A3-7B8FA13EDF39}C:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{A735055B-BA27-46F1-9FC8-4B2C044EE08D}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"TCP Query User{AC2E3591-5C79-4D49-A42A-CEDB9A834095}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{AE025263-B1EE-4D2B-8918-F6EF183D241B}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{AEEB4F39-9F44-4A23-9A60-6668B5CDD11F}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{B92C600E-C71A-4E42-BFC8-F3DE147C2652}C:\games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\games\age of empires ii\empires2.icd |
"TCP Query User{C0CD1C3A-D620-4A67-A689-67D7FD2AA80F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{C1047094-6B5C-4866-AA70-409FDD86541E}C:\games\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\games\call of duty - black ops\blackops.exe |
"TCP Query User{C4C7DC30-FC67-4AFC-A437-420DF506AF1D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{CAB25505-60C7-405C-9831-EDEDDDB8748A}C:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{CAE8457B-BC33-4E3F-9134-9C87861B5727}C:\games\unreal tournament 2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\games\unreal tournament 2004\system\ut2004.exe |
"TCP Query User{CF0963B7-CB13-4186-92AE-6C3AA121D9EE}C:\games\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\games\fifa 11\game\fifa.exe |
"TCP Query User{DCBF05A5-F09F-4695-B9D3-F1E832FE95D6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DF661361-FA9B-423E-91E3-B13B911B9DFC}C:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{E79CB464-77A3-4AF1-8C77-A2B94A053FB8}C:\games\soldier of fortune ii - double helix\nx3mp.exe" = protocol=6 | dir=in | app=c:\games\soldier of fortune ii - double helix\nx3mp.exe |
"TCP Query User{F3A60B8D-DEC1-4A27-8FC2-861F8F7F70E2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{F3CEAE30-8DE2-4207-8BC3-01F587191C6F}C:\games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\games\fifa 12\game\fifa.exe |
"TCP Query User{F46A4780-2A75-40E3-8A75-8E843C6379DF}C:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{FF0253A3-87D4-4092-8FE6-A3C85392CC29}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe |
"UDP Query User{0E993B85-1FF2-4F2D-8FD3-D2970128428A}C:\games\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=c:\games\nba 2k12\nba2k12.exe |
"UDP Query User{15E76E8B-C783-4F3C-85C1-1771523EFD18}C:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\ogermarcel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{19101114-4562-45C4-9BCC-A6442A12B690}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"UDP Query User{3477C1F0-EDC3-4CB0-9AAC-EFEFAD956810}C:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{38BF705E-E0C1-4C2C-85B4-67FFBAEB0A0E}C:\games\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{3DAFC4E1-3642-4FF8-958D-FB95BD52FE85}C:\games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\games\fifa 12\game\fifa.exe |
"UDP Query User{4A6DAE6E-5050-4292-BE47-42C8E59C9953}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{4DCB21A0-7422-457F-A85B-7CC1124CD004}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{4E299BE6-0335-4794-A206-464AF9EDAFF5}C:\games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\games\age of empires ii\empires2.icd |
"UDP Query User{5944E1E1-5799-4BF6-9232-02EF565C3473}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{5A78CE26-C4FD-4130-8DF2-7628A7351D74}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5CF6A826-99AF-4817-9258-B49FE22BED97}C:\games\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\games\fifa 11\game\fifa.exe |
"UDP Query User{5E8C91D4-D03E-4E24-94E9-02300C1D1312}C:\games\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\games\der herr der ringe online\lotroclient.exe |
"UDP Query User{6877BC4E-F792-4930-8F5D-0861821AF539}C:\games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\games\max payne 3\maxpayne3.exe |
"UDP Query User{77413C77-B3D3-4042-A8D3-64998944696B}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{77F4CFCB-F964-4090-8810-6A5A92286F61}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{78AFD076-954F-47BE-9A49-D4A82E8E8A0B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7B991801-B541-49EC-B67F-6444EFB9EB01}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{7CE7BA22-402D-4E16-97CE-841893B25EDC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7FB0EAE5-011D-4E5F-A179-FCD82B706B01}C:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{84ECE3B3-168C-4B4E-AE78-C684CDD7AA48}C:\games\soldier of fortune ii - double helix\sof2mp.exe" = protocol=17 | dir=in | app=c:\games\soldier of fortune ii - double helix\sof2mp.exe |
"UDP Query User{884D7EF1-A72D-4303-9BD2-334429C2E563}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe |
"UDP Query User{930047A6-8CC5-489A-ACC2-E77C24C4EB2D}C:\games\unreal tournament 2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\games\unreal tournament 2004\system\ut2004.exe |
"UDP Query User{94D20F02-B41E-4994-B153-3A8B213E3EA3}C:\games\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\games\unreal tournament 3 (lg)\binaries\ut3.exe |
"UDP Query User{99B9CEFA-DD25-484D-80E5-2BFB6FDCE6D3}C:\games\soldier of fortune ii - double helix\nx3mp.exe" = protocol=17 | dir=in | app=c:\games\soldier of fortune ii - double helix\nx3mp.exe |
"UDP Query User{9A50D844-F668-4820-B161-6C1F29BFCF22}C:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{9C8A0663-0111-494F-B9E2-076F54F0DA3B}C:\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{9E76899F-94AD-4BC7-8D0A-F9BD4DEBB624}C:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{A57E783E-D3BF-427F-8CEA-E04301357E62}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{B6944841-11DE-48C9-9311-D519F2522252}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"UDP Query User{B696F696-F980-448B-815B-072F4562C3F5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{BAB31386-C5B8-4B48-A866-F1D688ED9279}C:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\d0minik.j@web.de\half-life 2 deathmatch\hl2.exe |
"UDP Query User{C1B9687C-2122-402E-8065-8FC06E28ABA5}C:\games\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{C861A458-399F-4921-AD73-7984A22DED02}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{CB176EEE-AC8B-47CA-894D-EF4559E28D95}C:\games\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\games\call of duty - black ops\blackops.exe |
"UDP Query User{CEE4987E-B84F-484A-B86A-6338928782EB}C:\games\worms2\frontend.exe" = protocol=17 | dir=in | app=c:\games\worms2\frontend.exe |
"UDP Query User{D2902547-1F8A-4210-B81F-470B60BF7FC4}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{D7AD1882-E62C-478E-B041-9FFFE4B2F515}C:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\ogermarcel\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E3ED2886-CA02-432A-A041-939D03C817AE}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe |
"UDP Query User{E422E569-D6C0-467F-9C23-7AF97BC62FB8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{F03D2A7D-DEF9-4EF9-A029-7F8027F28E93}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{F448AAC1-1D53-4529-88CB-8B2B410AEFAB}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{F4AC2CF6-95FB-4AEE-9BD3-1B3A6C33B96E}C:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\games\batman arkham city digital deluxe edition\binaries\win32\batmanac.exe |
"UDP Query User{FB2615FD-08A9-45F2-80B5-0E731D33DAE6}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HoldemManager" = Holdem Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.10 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1E0A19B6-6AA5-4805-8FDD-E7917C308CD4}_is1" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3618069-84A2-4767-9855-463C971C1959}" = ASUS RT-N10 Wireless Router Utilities
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BurnAware Free_is1" = BurnAware Free 3.3
"DivX Setup" = DivX-Setup
"EA Installer.-212306957" = EA Installer
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"hon" = Heroes of Newerth
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Miranda IM" = Miranda IM 0.9.39
"MJuiceWinamp" = Mjuice Components
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RedKings Poker_is1" = RedKings Poker
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Whitebet Poker_is1" = Whitebet Poker
"Winamp" = Winamp (Remove Only)
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UB" = UB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.07.2012 14:41:41 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 20:41:41 CESTFATAL: the database system is starting up
Error - 10.07.2012 15:35:28 | Computer Name = Marcel | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12ac Startzeit:
01cd5ed2d7a282e5 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
3\program\soffice.bin Berichts-ID: 4e0ca26f-cac6-11e1-b994-1c6f654655d4
Error - 10.07.2012 16:13:39 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:13:39 CESTFATAL: the database system is starting up
Error - 10.07.2012 16:13:40 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:13:40 CESTFATAL: the database system is starting up
Error - 10.07.2012 16:15:40 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:15:40 CESTFATAL: the database system is starting up
Error - 10.07.2012 16:23:16 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 22:23:16 CESTFATAL: the database system is starting up
Error - 10.07.2012 17:02:55 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:55 CESTFATAL: the database system is starting up
Error - 10.07.2012 17:02:56 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:56 CESTFATAL: the database system is starting up
Error - 10.07.2012 17:02:57 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:57 CESTFATAL: the database system is starting up
Error - 10.07.2012 17:02:59 | Computer Name = Marcel | Source = PostgreSQL | ID = 0
Description = 2012-07-10 23:02:59 CESTFATAL: the database system is starting up
[ System Events ]
Error - 10.07.2012 14:51:00 | Computer Name = Marcel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 10.07.2012 16:13:26 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Planer erreicht.
Error - 10.07.2012 16:13:26 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 10.07.2012 16:13:27 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Echtzeit Scanner erreicht.
Error - 10.07.2012 16:13:27 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Planer erreicht.
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Avira Echtzeit Scanner erreicht.
Error - 10.07.2012 16:15:31 | Computer Name = Marcel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.07.2012 16:15:33 | Computer Name = Marcel | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
< End of report >
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 10. Juli 2012 22:26
Es wird nach 3859198 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : OgerMarcel
Computername : MARCEL
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 10.07.2012 20:25:43
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 20:25:41
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 20:25:41
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 20:25:41
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 20:25:41
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 20:25:41
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 20:25:41
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 20:25:41
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 20:25:41
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 20:25:41
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 20:25:41
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 20:25:41
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 20:25:41
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 20:25:41
VBASE018.VDF : 7.11.35.144 2048 Bytes 09.07.2012 20:25:41
VBASE019.VDF : 7.11.35.145 2048 Bytes 09.07.2012 20:25:41
VBASE020.VDF : 7.11.35.146 2048 Bytes 09.07.2012 20:25:41
VBASE021.VDF : 7.11.35.147 2048 Bytes 09.07.2012 20:25:41
VBASE022.VDF : 7.11.35.148 2048 Bytes 09.07.2012 20:25:41
VBASE023.VDF : 7.11.35.149 2048 Bytes 09.07.2012 20:25:41
VBASE024.VDF : 7.11.35.150 2048 Bytes 09.07.2012 20:25:41
VBASE025.VDF : 7.11.35.151 2048 Bytes 09.07.2012 20:25:41
VBASE026.VDF : 7.11.35.152 2048 Bytes 09.07.2012 20:25:41
VBASE027.VDF : 7.11.35.153 2048 Bytes 09.07.2012 20:25:41
VBASE028.VDF : 7.11.35.154 2048 Bytes 09.07.2012 20:25:41
VBASE029.VDF : 7.11.35.155 2048 Bytes 09.07.2012 20:25:41
VBASE030.VDF : 7.11.35.156 2048 Bytes 09.07.2012 20:25:41
VBASE031.VDF : 7.11.35.194 92160 Bytes 10.07.2012 20:25:42
Engineversion : 8.2.10.108
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 20:25:43
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 10.07.2012 20:25:43
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 10.07.2012 20:25:43
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.3.0.12 807286 Bytes 10.07.2012 20:25:43
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 10.07.2012 20:25:43
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 10.07.2012 20:25:43
AEHELP.DLL : 8.1.23.2 258422 Bytes 10.07.2012 20:25:42
AEGEN.DLL : 8.1.5.32 434548 Bytes 10.07.2012 20:25:42
AEEXP.DLL : 8.1.0.60 86388 Bytes 10.07.2012 20:25:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 20:25:42
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 20:25:42
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Kurze Systemprüfung nach Installation
Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\setupprf.dat
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Dienstag, 10. Juli 2012 22:26
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'agcp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlcomm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avconfig.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mirc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_262.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_262.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'presetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avira_free_antivirus_de.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Users\OgerMarcel\Downloads\avira_free_antivirus_de.exe>
[WARNUNG] Die Datei ist kennwortgeschützt
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OctoshapeClient.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pg_ctl.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\SpeedFan\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '1873' Dateien ).
Ende des Suchlaufs: Dienstag, 10. Juli 2012 22:29
Benötigte Zeit: 02:55 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
2571 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
2570 Dateien ohne Befall
25 Archive wurden durchsucht
3 Warnungen
0 Hinweise
Geändert von Jerichoholic (10.07.2012 um 22:26 Uhr) Grund: Hinzufügen avira log |
|
11.07.2012, 22:57
| #2 |
| /// Malware-holic   | TR/Atraps.gen im Windowsordner hi
__________________und wo sind die berichte mit den funden?
__________________ |
|
12.07.2012, 00:14
| #3 |
| | TR/Atraps.gen im Windowsordner Hm, ich habe leider nur die, da ich sehr planlos an die Sache ranging, und erst gestern das Forum hier fand. Die Sache ist aber schon einen Tag länger her. Die Logs sind aber von den !aktuellen! Scans, ohne Funde. Daher frage ich mich, wie und ob ich sicher gehen kann, ob mein System clean ist, also alles beseitigt. Kann ich an ältere Logs noch rankommen? Denn dummerweise habe ich auch panisch mehrere Scanner probiert, aufgrund von Unerfahrenheit und Unsicherheit mit sowas. Daher auch zB Avira zwischendurch deinstalliert, Avast getestet, und zurück zu Avira. Und zu allem Überfluss noch einen alten Windows Systemwiederherstellungspunkt, von vor dem Befall geladen. (Das alles aber vor den OTL Logs und dem Post hier)
__________________Kann ich da noch was tun, ausser formatieren, um sicherzugehen? |
|
14.07.2012, 11:46
| #4 |
| /// Malware-holic | TR/Atraps.gen im Windowsordner hi fals du onlinebanking machst, bank anrufen, banking wegen zero access rootkits sperren lassen. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/Atraps.gen im Windowsordner |
| antivir, autorun, avira, battle.net, bho, black, call of duty, desktop, error, firefox, flash player, format, google earth, helper, iexplore.exe, install.exe, jdownloader, juli 2012, langs, limited.com/facebook, locker, logfile, mozilla, newtab, nt.dll, object, pando media booster, plug-in, realtek, registry, rundll, scan, searchscopes, security, software, svchost.exe, teamspeak, tower, udp, usb, usb 3.0, verweise, windows |
Linear-Darstellung
