| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTTP und TCP Request zur IP 174.35.7.4Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.02.2013, 20:42
| #16 |
 |  HTTP und TCP Request zur IP 174.35.7.4Code:
ATTFilter # AdwCleaner v2.112 - Datei am 16/02/2013 um 20:23:49 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\Trojaner Prüfung\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v4.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9wbffpun.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "14e0ed65000000000000001a4d4bfa57");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "14e0ed65000000000000001a4d4bfa57");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15358");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:47:05");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "27");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=");
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5363 octets] - [16/02/2013 20:23:49]
########## EOF - C:\AdwCleaner[S1].txt - [5423 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 16.02.2013 20:30:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Trojaner Prüfung
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,87% Memory free
8,00 Gb Paging File | 5,88 Gb Available in Paging File | 73,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 14,76 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 33,17 Gb Free Space | 9,01% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1445763491-3315700046-3714806259-1000\SOFTWARE\Classes\<extension>]
.txt [@ = txtfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149CA750-6B57-4CB1-9A9B-5F556F611F28}" = rport=137 | protocol=17 | dir=out | app=system |
"{28D5679E-5203-4EB0-967E-85EB0404F5DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F7230E9-DB6B-4EAF-8E1A-F58C0263706C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32C89FAD-B4C7-417D-9F57-9F7ADDE68CDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36528F7B-70D3-4C44-A776-F5E9197BA79A}" = rport=139 | protocol=6 | dir=out | app=system |
"{402CF456-4696-4AAA-8299-7A9B45D66C18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{41452D25-3154-4187-9FDF-20C15B813532}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\microsoft office\office12\outlook.exe |
"{419E1792-CC3B-408D-BA49-F01893053D11}" = lport=138 | protocol=17 | dir=in | app=system |
"{5391E454-220C-4FB8-90A2-9C0105CA1017}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5936F4E1-DFE0-48FE-B19B-27361BE13BF9}" = rport=445 | protocol=6 | dir=out | app=system |
"{A4984FA5-71F1-4E0D-BC07-2AB10E6B5246}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9ADCDD0-CD85-4AF0-8B5E-FFD3C9F0CC75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B03B09CA-FD57-45D3-846F-7BC7835FDBA3}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF44FF58-9CBC-4DF6-8DDB-32E77C6F0B0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBDA900E-5FA4-4935-BBAF-4843FC637E10}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03889468-7B55-4AB9-871E-D3B62AB74FAC}" = protocol=17 | dir=in | app=d:\programme\tunngle\tnglctrl.exe |
"{06E7E0FB-1185-4DA3-A3C3-9285AD4F3CE1}" = protocol=17 | dir=in | app=d:\ihl_server\bin\hlds.exe |
"{0FB18A76-9235-4775-BFB2-622F717411E9}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office12\onenote.exe |
"{16686C24-F353-408F-8D8B-3928F1BA636A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe |
"{18250CD4-9EF1-47B3-A122-3A44446DD294}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office12\groove.exe |
"{1865280F-A02B-4FF4-A406-CC6D9426AD23}" = protocol=6 | dir=in | app=d:\altes backup\desktop\c++\cremote\server\project1.exe |
"{19C33C21-EF3B-488E-A73F-65B88FB61CBD}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{1A0E569E-28A3-4A90-87A1-DA3899C3C06E}" = protocol=6 | dir=in | app=d:\steam\steamapps\stayla_pro\counter-strike\hl.exe |
"{1E4F381F-419A-483B-825F-D4413539E919}" = protocol=17 | dir=in | app=d:\programme\hlsw\hlsw.exe |
"{1F8C00A9-CC81-4FCF-B496-404F5B955187}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{23E0A25C-9F72-4B12-BC22-DCFA9913B1E1}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{254AC203-D768-44EA-AE0C-738F3B792D68}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{2583C3B1-6EB6-4FF5-94FE-BC95C3EDE90B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{2B1E9EBA-276B-4D27-9F1A-BD997F28224E}" = protocol=17 | dir=in | app=d:\games\fifa 13\game\fifa13.exe |
"{2D5ABF8F-5D52-4169-AFAB-19F5407FDDD8}" = protocol=17 | dir=in | app=d:\steam\steamapps\stayla_pro\counter-strike\hl.exe |
"{306E6E27-43DA-4DF0-8C0B-A4AAA873B150}" = protocol=17 | dir=in | app=d:\hlserver\bin\hlds.exe |
"{33EBCB25-E67B-461E-968C-5D4E34224F4C}" = protocol=17 | dir=in | app=d:\steam\steamapps\stayla_pro\team fortress 2\hl2.exe |
"{37683216-347B-4C49-80C0-75180EC4CF14}" = protocol=6 | dir=in | app=d:\c++\secac\server\project1.exe |
"{3DC6BBBC-7822-427E-B8C6-5F8139E0B824}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{3E64079F-680A-40EC-B433-73092E5ECB0B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"{48A8027B-2631-4DC2-9A34-402249817632}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{49923BF6-9C39-4634-BD5F-F530AB3603E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B8A141C-FFC4-44C6-BC8E-BA85061CBADC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2\arma2.exe |
"{4D4BD2F5-A972-4071-8BEF-BB86CB43A6D6}" = protocol=17 | dir=in | app=d:\programme\tunngle\tunngle.exe |
"{5F779682-217D-4178-A6C1-B4D2467B3F61}" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"{62AEC200-E908-4F7B-8C08-49654463BAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{662156F9-3CEB-4B2F-9BE4-C3DFA0978E16}" = protocol=6 | dir=in | app=d:\programme\six updater\tools\bin\rsync.exe |
"{6E3E61CA-F1EE-4500-BF3B-AE5640AAC361}" = protocol=6 | dir=in | app=d:\games\killingfloor\killingfloor\system\killingfloor.exe |
"{7052D64B-7D9D-4606-B213-327601F5998A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74EE86A0-3AF2-4390-8A42-2C39AF6A4DA6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{763FC18D-8720-4720-88D8-546520FF21D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{79790253-FDA3-4985-96F1-E868AD6A3B51}" = protocol=6 | dir=in | app=d:\c++\sucht engine_dev_new_readysystem\project1.exe |
"{7AD6BC7C-5CB4-4166-A688-50959156B853}" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"{7CB8A992-F51D-4734-9E5D-45942872634E}" = protocol=17 | dir=in | app=d:\games\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{82D18665-1D95-46E2-818D-3E8E16E03E02}" = protocol=17 | dir=in | app=d:\programme\tunngle\tunngle.exe |
"{83F9F77C-DC63-4BDA-A8FB-A3ED560E83E8}" = protocol=17 | dir=in | app=d:\c++\sucht engine_dev_new_readysystem\project1.exe |
"{88905D56-D611-4FF1-BB6F-164F772A7B31}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{8A4E97A3-9B24-4D72-963E-1155ECD71738}" = protocol=17 | dir=in | app=d:\programme\six updater\tools\bin\rsync.exe |
"{8C1B0BE1-71F5-40E8-ADEF-6A5EAC3D0937}" = protocol=6 | dir=in | app=d:\hlserver\bin\hlds.exe |
"{8DB7EBF5-64BF-40F4-A7A8-F18AC83E68BB}" = protocol=17 | dir=in | app=c:\server\hlds.exe |
"{8F31EEE6-0A89-4867-A0B5-DA81F1C60F50}" = protocol=6 | dir=in | app=d:\ihl_server\bin\hlds.exe |
"{91EF2F98-5198-4A10-9DB3-21FDAF09EBD3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{92E88676-257C-429A-8156-2ED97018258A}" = protocol=6 | dir=in | app=d:\games\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{977E0A88-04AF-4760-B900-4F062BE111F9}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{99488472-11C3-40B2-9C79-CBE8D011DF12}" = protocol=6 | dir=in | app=d:\programme\hlsw\hlsw.exe |
"{9A5811E5-8AE9-4E84-8F8B-165AD2FDC1B4}" = protocol=17 | dir=in | app=d:\games\killingfloor\killingfloor\system\killingfloor.exe |
"{9D8499B3-4680-45EE-8F4B-6AA233B92C40}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{A1A27119-8E95-43A4-AEC8-98E2A60E72CC}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{A4C3C879-A2AE-405B-9E67-1142AA2272E8}" = protocol=6 | dir=in | app=d:\programme\borland\cbuilder5\examples\mfc\advanced\chatsrvr\chatsrvr.exe |
"{AB48DFA5-E801-434F-BC45-C0E6C5175334}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{AF39A4C8-138D-49DA-AE28-6D6085CCD676}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{B33AE1F8-675C-4B22-A1DE-14E699D95213}" = protocol=6 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"{B3614A92-3CC1-4BFE-864F-11AE1145186E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4AA7A1B-449C-4B59-90FF-F4D5193E4768}" = protocol=17 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe |
"{B650B5B1-ED96-432F-B125-3DFCAFF005C3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{B83DBFCB-0884-4FC7-A1A7-6ABC823BB632}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{B86C22E8-DB25-430A-B0BF-43E3D9086A66}" = protocol=6 | dir=in | app=d:\games\fifa 13\game\fifa13.exe |
"{B9745856-18E1-4048-89E5-1681C7F82CCE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{BA31B29E-09CE-4BBB-A761-D5D78941D4D3}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office12\onenote.exe |
"{BC04E8EE-91A0-4600-B512-0E548E44DC59}" = protocol=17 | dir=in | app=d:\programme\tunngle\tnglctrl.exe |
"{BC8DA661-90B0-4962-B678-1B6CDF7E0A98}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BCBBD36C-658A-462C-A099-FA7FEE32F207}" = protocol=17 | dir=in | app=d:\programme\gamers.irc\mirc.exe |
"{BCE7226F-B603-4DB5-8B27-171CE4B7EAD6}" = protocol=6 | dir=in | app=d:\steam\steamapps\seven_3377\counter-strike\hl.exe |
"{BD894B02-644B-4AED-ACA4-F028BCC11C48}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{BD9A6D6A-301A-49D5-B32E-5C3C36C171A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF97AAB2-8118-4BB8-88E5-9CC67D927CC6}" = protocol=6 | dir=in | app=d:\ihl_server_ssh\bin\hlds.exe |
"{C00D7262-D642-40BA-81CD-8D63439D399B}" = protocol=6 | dir=in | app=d:\programme\tunngle\tnglctrl.exe |
"{C1553200-70FF-4E8D-8C64-CE440248C184}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C6D5902C-FDDB-43BA-8E50-7C2A9CF6A702}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{C98BE900-2F84-4854-B0D5-8F318EBC3E84}" = protocol=17 | dir=in | app=d:\c++\secac\server\project1.exe |
"{CA3FE7AB-2768-4CB0-9EFD-BD1B686543D9}" = protocol=6 | dir=in | app=d:\steam\steamapps\stayla_pro\team fortress 2\hl2.exe |
"{D10CAC05-F2D1-42F4-8573-504A7AF849BD}" = protocol=6 | dir=in | app=c:\server\hlds.exe |
"{DDB874B2-31A8-4B83-AAC1-03DB97EAACEE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DFB68716-EDE5-4FFA-B0D5-5297D66F61A6}" = protocol=17 | dir=in | app=d:\altes backup\desktop\c++\cremote\server\project1.exe |
"{E08695E9-A3DD-400E-BCEA-C0B0DBC7D8E1}" = protocol=17 | dir=in | app=d:\ihl_server_ssh\bin\hlds.exe |
"{E09278DD-CB82-472E-BC14-A19820443801}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{E57892E0-2774-45AC-B132-E10BE1B9B867}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E611DFD7-1FFF-4C13-ADF7-982D8356757E}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E8F2DA79-F714-408E-A4A3-F064FB3FDFAA}" = protocol=6 | dir=in | app=d:\programme\tunngle\tunngle.exe |
"{E90F9677-4A85-4827-BCF0-D94AECAA82A0}" = protocol=17 | dir=in | app=d:\steam\steamapps\seven_3377\counter-strike\hl.exe |
"{E9BFCFCB-A992-473C-9695-C020EEF0AA4D}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"{EA135462-F2C5-43F0-9F86-EB462AA423A6}" = protocol=17 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"{F02C420A-F264-472A-89E1-9FFB743B7F46}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F086A5CA-414C-4DF0-871E-914AB111C2AF}" = protocol=6 | dir=in | app=d:\programme\gamers.irc\mirc.exe |
"{F0FF2711-35AE-49A5-B1BA-1C91CD356A13}" = protocol=6 | dir=in | app=d:\programme\tunngle\tnglctrl.exe |
"{F1FF16D0-D161-496F-A661-E20631549690}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{F47D8052-7B47-4D7D-9684-4770E65334FB}" = protocol=6 | dir=in | app=d:\programme\tunngle\tunngle.exe |
"{F7226F7D-15CA-427D-AB73-D70A268CBAA9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F7982E5D-8ECE-499A-9661-9AE6F897DB5B}" = protocol=17 | dir=in | app=d:\programme\borland\cbuilder5\examples\mfc\advanced\chatsrvr\chatsrvr.exe |
"{F7E50CB0-E98D-4F81-81A6-E8CF19B6D704}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F8F66986-C338-4054-8DE3-000A902F25B9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{FADA0758-9B81-48BE-9604-C946AE784F52}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{FB588F0F-42BC-4C0F-8C01-47C19EF82251}" = protocol=6 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe |
"{FC09BFED-1515-4013-9044-FF935B678F63}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office12\groove.exe |
"TCP Query User{178C9D4B-225C-40B6-87FD-0296FB52D1D6}C:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{231EC6F8-134A-4E3E-9D8E-BF10388CE6FB}D:\altes backup\desktop\c++\cremote\server\project1.exe" = protocol=6 | dir=in | app=d:\altes backup\desktop\c++\cremote\server\project1.exe |
"TCP Query User{25E9E23B-8569-49E4-A676-3BFE6432009E}D:\programme\borland\cbuilder5\examples\mfc\advanced\chatsrvr\chatsrvr.exe" = protocol=6 | dir=in | app=d:\programme\borland\cbuilder5\examples\mfc\advanced\chatsrvr\chatsrvr.exe |
"TCP Query User{26DC40AA-9F69-41AA-AAF0-A82E6E26C958}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{2A254B37-EF3B-420E-B2A8-63CFDCD4B3BC}C:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{3A6D7491-2157-42F0-8C54-D3BA9705BD15}D:\programme\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\mirc\mirc.exe |
"TCP Query User{40178F8B-7D57-41A1-871B-D6BA6AF98D8E}D:\programme\hlsw\hlsw.exe" = protocol=6 | dir=in | app=d:\programme\hlsw\hlsw.exe |
"TCP Query User{402FFB0E-F553-4D1F-8626-C2A18523BB0D}D:\games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe |
"TCP Query User{4098F6C6-BBB4-413E-8390-E877688A19FD}D:\c++\sucht engine_dev_new_readysystem\project1.exe" = protocol=6 | dir=in | app=d:\c++\sucht engine_dev_new_readysystem\project1.exe |
"TCP Query User{42481985-BE4E-4196-B099-E9FA4CB32BAE}D:\programme\cryptload1.1.8\routerclient.exe" = protocol=6 | dir=in | app=d:\programme\cryptload1.1.8\routerclient.exe |
"TCP Query User{4395A660-667B-44C9-B747-26A59886FA18}D:\hlserver\bin\hlds.exe" = protocol=6 | dir=in | app=d:\hlserver\bin\hlds.exe |
"TCP Query User{4695D89D-564D-40ED-8350-5691726C42CC}D:\steam\steamapps\seven_3377\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\seven_3377\counter-strike\hl.exe |
"TCP Query User{595C75AB-367B-4188-804D-9A31F1FC307C}D:\games\killingfloor\killingfloor\system\killingfloor.exe" = protocol=6 | dir=in | app=d:\games\killingfloor\killingfloor\system\killingfloor.exe |
"TCP Query User{6A07514C-3800-4361-98B2-2444B935D4B0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{6E48AEB6-D93E-481A-83CD-6DEA26722314}D:\games\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{7DD92243-D02B-4B0A-A85C-4E0C309DA3C6}D:\programme\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=d:\programme\gamers.irc\mirc.exe |
"TCP Query User{9CC39B1C-7F1B-4939-A109-46106F51ABC2}C:\server\hlds.exe" = protocol=6 | dir=in | app=c:\server\hlds.exe |
"TCP Query User{9E4E1B0E-0DD4-4471-88A9-A12855C9A10A}D:\ihl_server_ssh\bin\hlds.exe" = protocol=6 | dir=in | app=d:\ihl_server_ssh\bin\hlds.exe |
"TCP Query User{A8054CF6-A5E3-4AB7-BD68-1372AF99846F}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B5E5A884-F1A6-4CE8-B60B-9C04A81BBBB7}D:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{D2E2E9B4-9C99-42FF-8CB1-C08C89748FCB}D:\ihl_server\bin\hlds.exe" = protocol=6 | dir=in | app=d:\ihl_server\bin\hlds.exe |
"TCP Query User{D9343A2C-B0B6-4C76-A9FA-DC60B07535B9}D:\games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\games\fifa 12\game\fifa.exe |
"TCP Query User{E16BA9BD-EA22-46C6-86B9-E26877D2DAB1}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{E8ED9D10-143F-4E95-8A22-2B09EBF7879A}D:\c++\suchtengine\suchtengine.exe" = protocol=6 | dir=in | app=d:\c++\suchtengine\suchtengine.exe |
"TCP Query User{F65D47F3-309A-4A7F-B0CE-4AC629F99F4B}D:\programme\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=d:\programme\six updater\tools\bin\rsync.exe |
"TCP Query User{FB34CB81-1993-4147-8F0C-C9C75DE33263}D:\steam\steamapps\stayla_pro\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\stayla_pro\team fortress 2\hl2.exe |
"TCP Query User{FB7EF95F-2160-4CA0-B8BA-2310EDE57FB3}D:\c++\secac\server\project1.exe" = protocol=6 | dir=in | app=d:\c++\secac\server\project1.exe |
"UDP Query User{0ECC780E-5043-4E3B-BDEF-D4F191FE91E2}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0F88AD4B-A7EB-4EA3-B87E-73816BBF9098}C:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{37C6957C-EF0F-4C36-BB95-B120D85A29EC}D:\programme\hlsw\hlsw.exe" = protocol=17 | dir=in | app=d:\programme\hlsw\hlsw.exe |
"UDP Query User{3C3E56D9-3464-4988-9AD2-50021A634F29}D:\programme\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\mirc\mirc.exe |
"UDP Query User{51A40157-BD16-4D01-AC15-35F86A6E62B2}D:\c++\suchtengine\suchtengine.exe" = protocol=17 | dir=in | app=d:\c++\suchtengine\suchtengine.exe |
"UDP Query User{562D8ADC-38AC-4BCB-8043-C8B87964C6EC}D:\hlserver\bin\hlds.exe" = protocol=17 | dir=in | app=d:\hlserver\bin\hlds.exe |
"UDP Query User{5ABA3F61-9293-4B2D-A961-03BBB996E034}D:\programme\cryptload1.1.8\routerclient.exe" = protocol=17 | dir=in | app=d:\programme\cryptload1.1.8\routerclient.exe |
"UDP Query User{5BDF20CB-6731-4CFC-81EC-E34FE9196BFB}D:\ihl_server_ssh\bin\hlds.exe" = protocol=17 | dir=in | app=d:\ihl_server_ssh\bin\hlds.exe |
"UDP Query User{687E574B-5D97-45DD-8078-9C4995BC1AB5}D:\programme\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=d:\programme\six updater\tools\bin\rsync.exe |
"UDP Query User{6FBED598-5618-4463-9DAF-22087D519357}C:\server\hlds.exe" = protocol=17 | dir=in | app=c:\server\hlds.exe |
"UDP Query User{798E80B7-DBFA-4000-B70F-427D1D855061}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{7FA830DF-781A-4E1D-8F81-7A71F3D54664}D:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{803DCF74-B73F-4527-B315-845CCB75C41C}D:\steam\steamapps\stayla_pro\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\stayla_pro\team fortress 2\hl2.exe |
"UDP Query User{8285AE5A-26C3-4A6E-91D1-90E00406DA2D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8FE2579B-2764-4136-98CC-C6D5E7517203}D:\programme\borland\cbuilder5\examples\mfc\advanced\chatsrvr\chatsrvr.exe" = protocol=17 | dir=in | app=d:\programme\borland\cbuilder5\examples\mfc\advanced\chatsrvr\chatsrvr.exe |
"UDP Query User{91CDE9E6-F948-49C3-A9E0-4E12CFCB766A}D:\games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\games\crysis 2\bin32\crysis2.exe |
"UDP Query User{9367F9B5-A75B-4655-A461-492D083E7148}D:\games\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\games\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{A0291CC8-3B9C-4311-B667-96877FCDE6EC}D:\games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\games\fifa 12\game\fifa.exe |
"UDP Query User{AA8EA59B-CCD3-45E6-AE4E-6DE0F2DF32FE}D:\ihl_server\bin\hlds.exe" = protocol=17 | dir=in | app=d:\ihl_server\bin\hlds.exe |
"UDP Query User{AD277E29-4AC0-4085-869D-18586099D014}D:\steam\steamapps\seven_3377\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\seven_3377\counter-strike\hl.exe |
"UDP Query User{B69F495D-5DE7-4733-B964-87CEA92A5548}D:\games\killingfloor\killingfloor\system\killingfloor.exe" = protocol=17 | dir=in | app=d:\games\killingfloor\killingfloor\system\killingfloor.exe |
"UDP Query User{BA973A09-E104-4A1B-99DC-1CB4EA0EFA45}D:\c++\secac\server\project1.exe" = protocol=17 | dir=in | app=d:\c++\secac\server\project1.exe |
"UDP Query User{BC147C11-7388-4C4E-B70E-63AF654DFD8C}D:\c++\sucht engine_dev_new_readysystem\project1.exe" = protocol=17 | dir=in | app=d:\c++\sucht engine_dev_new_readysystem\project1.exe |
"UDP Query User{CE0B6186-8754-44D8-AE5E-AE1303674474}D:\programme\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=d:\programme\gamers.irc\mirc.exe |
"UDP Query User{CE56E1F9-845D-4F2A-A948-2943DE531765}D:\altes backup\desktop\c++\cremote\server\project1.exe" = protocol=17 | dir=in | app=d:\altes backup\desktop\c++\cremote\server\project1.exe |
"UDP Query User{E0D788B7-93E1-4307-97DD-804DDB51795F}C:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\3b99j9he.y30\46b953wl.m7w\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{F69B2312-8C64-43F7-A8F3-D491C50B097D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"avast" = avast! Free Antivirus
"BattlEye for OA" = BattlEye for OA Uninstall
"BinMake" = BinMake Uninstall
"BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
"BI's Tools drive" = BI's Tools drive Uninstall
"CBuilder5" = Borland C++Builder 5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.0
"Fraps" = Fraps
"FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Half-Life SDK v2.3 Source Code" = Half-Life SDK v2.3 Source Code
"HLSW_is1" = HLSW v1.4.0.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"ManyCam" = ManyCam 3.1.21
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PokerStars" = PokerStars
"PokerTH 0.9-beta2" = PokerTH
"PunkBusterSvc" = PunkBuster Services
"RouterControl" = RouterControl 2.0
"SAP_Engineering Client Viewer 7.0" = Engineering Client Viewer 7.0
"SAP_JNet" = SAP JNet
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"Steam App 10" = Counter-Strike
"Steam App 211" = Source SDK
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 440" = Team Fortress 2
"Tar-1.13-bin_is1" = Tar-1.13 Binaries (GnuWin32)
"Theme Park World" = Theme Park World
"Tunngle beta_is1" = Tunngle beta
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1445763491-3315700046-3714806259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.08.2012 21:20:16 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 05.08.2012 11:17:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 05.08.2012 20:39:59 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 06.08.2012 18:44:32 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Project1.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ca8 Startzeit:
01cd7424c3e13b92 Endzeit: 0 Anwendungspfad: D:\c++\futurama_random\Project1.exe Berichts-ID:
3b2ff2c8-e018-11e1-9c54-005056c00008
Error - 06.08.2012 20:43:01 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 07.08.2012 21:21:35 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 09.08.2012 21:13:51 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11.08.2012 23:45:20 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 13.08.2012 14:04:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 15.08.2012 19:26:34 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 16.02.2013 13:56:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 13:57:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 13:57:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 15:12:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 15:13:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 15:25:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 15:26:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
VMware Agent Service erreicht.
Error - 16.02.2013 15:26:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VMware Agent Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 16.02.2013 15:26:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.02.2013 15:26:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
|
|
16.02.2013, 20:43
| #17 |
| | HTTP und TCP Request zur IP 174.35.7.4Code:
ATTFilter OTL logfile created on: 16.02.2013 20:30:22 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Trojaner Prüfung
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,87% Memory free
8,00 Gb Paging File | 5,88 Gb Available in Paging File | 73,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,65 Gb Total Space | 14,76 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 33,17 Gb Free Space | 9,01% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\Trojaner Prüfung\OTL (2).exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Programme\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - D:\Programme\VMWare\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - D:\Programme\ManyCam\Bin\opencv_core220.dll ()
MOD - D:\Programme\ManyCam\Bin\opencv_imgproc220.dll ()
MOD - D:\Programme\ManyCam\Bin\opencv_highgui220.dll ()
MOD - D:\Programme\ManyCam\Bin\opencv_objdetect220.dll ()
MOD - D:\Programme\ManyCam\Bin\opencv_video220.dll ()
MOD - D:\Programme\FileZilla FTP Client\fzshellext.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (OODefragAgent) -- D:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\Programme\VMWare\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (ufad-ws60) -- D:\Programme\VMWare\vmware-ufad.exe (VMware, Inc.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avmaura) -- C:\Windows\SysNative\drivers\avmaura.sys (AVM Berlin)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC)
DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (vstor2-ws60) -- D:\Programme\VMWare\vstor2-ws60.sys (VMware, Inc.)
DRV - (VSPerfDrv100) -- D:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\Windows\SysWOW64\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A D0 55 5B 68 2F CC 01 [binary data]
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\..\SearchScopes\{5902D6C0-07D8-45DF-8B29-ACA8BF94BCEA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1445763491-3315700046-3714806259-1011\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Programme\AdobeReader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.05 18:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.01 20:35:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.11.09 16:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.02.07 17:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.01.10 00:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.11.09 16:16:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2013.02.07 17:21:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.01.10 00:12:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
[2011.06.20 17:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.16 20:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9wbffpun.default\extensions
[2011.09.07 01:56:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9wbffpun.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.19 21:31:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.09.07 21:03:35 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2011.08.25 12:16:26 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\searchplugins\icqplugin-4.xml
[2011.09.02 00:56:34 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\searchplugins\icqplugin-5.xml
[2011.09.07 03:03:08 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\searchplugins\icqplugin-6.xml
[2011.10.02 13:30:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\searchplugins\icqplugin-7.xml
[2011.10.16 18:51:14 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\searchplugins\icqplugin-8.xml
[2011.11.09 16:18:06 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9wbffpun.default\searchplugins\icqplugin-9.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Programme\AdobeReader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = D:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: MFireLauncher (Enabled) = D:\Programme\Mozilla Firefox\plugins\NPMFireLauncher.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = D:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: NPOP7Plugin (Enabled) = D:\Programme\Mozilla Firefox\plugins\NPOP7PlugIn.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = D:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Cr!Box = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp\2.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.02.16 18:45:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [OODefragTray] D:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000..\Run: [AVMUSBFernanschluss] C:\Users\***\AppData\Local\Apps\2.0\3B99J9HE.Y30\46B953WL.M7W\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000..\Run: [ManyCam] D:\Programme\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1445763491-3315700046-3714806259-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{439D770A-3C7E-4707-A4C6-CC05D22E3C3F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A245BF-4C43-4F70-B3A3-73E3A12FD383}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - d:\UNI\SAP\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - d:\UNI\SAP\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.31 18:56:31 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.16 20:11:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.02.16 18:45:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.02.16 18:35:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.16 18:35:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.16 18:35:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.16 18:35:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.16 18:35:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.14 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner Prüfung
[2013.02.13 09:43:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 09:43:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 09:43:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 09:43:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 09:43:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 09:43:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 09:43:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 09:43:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 09:43:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 09:43:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 09:43:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 09:43:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 09:43:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 09:43:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 09:43:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 09:42:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 09:42:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 09:42:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 09:42:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 09:42:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 09:42:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 09:42:30 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 09:42:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 09:42:23 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 09:42:22 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.08 23:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.02.08 23:37:44 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.02.08 02:00:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\3DMark 11
[2013.02.08 02:00:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage
[2013.02.08 02:00:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Futuremark_Corporation
[2013.02.08 01:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2013.02.08 01:59:09 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.02.08 01:59:09 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.02.08 01:59:09 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.02.08 01:59:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.02.08 01:59:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013.02.08 01:59:08 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013.02.08 01:59:06 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.02.08 01:59:06 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.02.08 01:59:05 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013.02.08 01:59:05 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013.02.08 01:59:04 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.02.08 01:59:04 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.02.08 01:59:02 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013.02.08 01:59:02 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013.02.08 01:58:58 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013.02.08 01:58:58 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013.02.08 01:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2013.02.08 01:58:35 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2013.02.07 17:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.07 17:14:29 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.02.07 17:14:29 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.02.07 17:14:29 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.02.07 17:14:29 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.02.07 17:14:29 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.02.07 17:13:55 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.02.07 17:13:55 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.02.07 17:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.02.07 17:12:51 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013.02.07 17:12:51 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.02.07 17:12:50 | 026,931,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.02.07 17:12:50 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.02.07 17:12:50 | 018,054,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.02.07 17:12:50 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.02.07 17:12:50 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.02.07 17:12:50 | 012,641,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.02.07 17:12:50 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.02.07 17:12:50 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.02.07 17:12:50 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.02.07 17:12:50 | 001,813,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013.02.07 17:12:50 | 001,504,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013.02.07 17:12:50 | 001,107,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.02.07 17:12:50 | 000,958,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.02.07 17:12:50 | 000,246,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.02.07 17:12:50 | 000,201,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.02.07 17:12:50 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.02.07 17:12:49 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.02.07 17:12:49 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.02.07 17:12:49 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.02.07 17:12:49 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.02.07 17:12:49 | 002,824,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.02.07 17:12:49 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.02.07 17:12:49 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.02.07 17:12:48 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.02.07 17:12:48 | 002,504,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.01.31 23:46:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\odbg110 (1)
[2013.01.31 23:14:29 | 000,000,000 | ---D | C] -- C:\CRYSIS2
[2013.01.31 23:06:38 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013.01.31 23:06:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013.01.31 23:06:36 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013.01.31 23:06:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013.01.31 23:06:35 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013.01.31 23:06:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013.01.31 23:06:34 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.01.31 23:06:31 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013.01.23 17:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2013.01.23 17:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
========== Files - Modified Within 30 Days ==========
[2013.02.16 20:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.16 20:25:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.16 20:25:32 | 000,812,175 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.02.16 20:20:33 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.16 20:20:33 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.16 19:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1445763491-3315700046-3714806259-1000UA.job
[2013.02.16 18:45:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.16 01:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1445763491-3315700046-3714806259-1000Core.job
[2013.02.14 19:01:53 | 001,219,309 | ---- | M] () -- C:\Users\***\Desktop\282481_549431065085756_1038167404_n.psd
[2013.02.14 18:57:33 | 000,080,288 | ---- | M] () -- C:\Users\***\Desktop\abc.jpg
[2013.02.14 18:51:06 | 000,207,061 | ---- | M] () -- C:\Users\***\Desktop\abc.png
[2013.02.14 18:51:06 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.02.14 18:45:30 | 001,808,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 18:45:30 | 000,765,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 18:45:30 | 000,721,006 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 18:45:30 | 000,174,600 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 18:45:30 | 000,147,554 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 18:43:36 | 000,162,069 | ---- | M] () -- C:\Users\***\Desktop\282481_549431065085756_1038167404_n.jpg
[2013.02.14 01:39:59 | 017,755,181 | ---- | M] () -- C:\Users\***\Desktop\abc.pcap
[2013.02.13 17:17:10 | 000,449,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.08 23:59:29 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.08 23:59:29 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.08 23:57:49 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.02.08 23:37:45 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.02.08 01:58:42 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2013.01.31 23:46:50 | 001,333,471 | ---- | M] () -- C:\Users\***\Desktop\odbg110 (1).zip
[2013.01.28 23:37:40 | 000,001,047 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.22 00:48:13 | 000,020,624 | ---- | M] () -- C:\Users\***\Desktop\lul.jpg
========== Files Created - No Company Name ==========
[2013.02.16 18:35:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.16 18:35:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.16 18:35:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.16 18:35:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.16 18:35:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.14 19:01:52 | 001,219,309 | ---- | C] () -- C:\Users\***\Desktop\282481_549431065085756_1038167404_n.psd
[2013.02.14 18:57:32 | 000,080,288 | ---- | C] () -- C:\Users\***\Desktop\abc.jpg
[2013.02.14 18:51:05 | 000,207,061 | ---- | C] () -- C:\Users\***\Desktop\abc.png
[2013.02.14 18:16:58 | 000,162,069 | ---- | C] () -- C:\Users\***\Desktop\282481_549431065085756_1038167404_n.jpg
[2013.02.14 01:39:59 | 017,755,181 | ---- | C] () -- C:\Users\***\Desktop\abc.pcap
[2013.02.08 23:37:45 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.02.08 01:58:42 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2013.02.07 17:14:29 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.02.07 17:12:50 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.01.31 23:46:51 | 001,333,471 | ---- | C] () -- C:\Users\***\Desktop\odbg110 (1).zip
[2013.01.22 00:48:11 | 000,020,624 | ---- | C] () -- C:\Users\***\Desktop\lul.jpg
[2012.11.23 22:01:37 | 000,013,030 | ---- | C] () -- C:\Users\***\AppData\Roaming\PDOXUSRS.NET
[2012.10.04 13:02:53 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2012.10.04 13:02:53 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2012.10.04 13:02:53 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2012.10.04 13:02:52 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2012.10.04 13:02:52 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2012.08.23 11:25:09 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.08.23 11:24:10 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012.06.09 17:13:31 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.04 19:10:34 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.04.10 10:37:09 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.12 18:33:50 | 000,000,144 | ---- | C] () -- C:\Users\***\mercurial.ini
[2012.03.11 14:42:05 | 001,063,895 | ---- | C] () -- C:\Users\***\bachelor-ss12.jpg
[2012.03.10 01:12:05 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.07 19:57:46 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012.01.20 00:52:19 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.01.20 00:48:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.06 22:23:50 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.07.19 21:59:52 | 000,024,582 | ---- | C] () -- C:\Users\***\167654_130058137059177_100001649756883_202071_6955004_n.jpg
[2011.07.19 21:58:13 | 000,267,881 | ---- | C] () -- C:\Users\***\SP_A0135.jpg
[2011.07.11 14:03:23 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.11 14:03:04 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.11 14:03:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.02 23:17:52 | 000,265,216 | ---- | C] () -- C:\Windows\SysWow64\midas.dll
[2011.07.02 23:17:52 | 000,211,056 | ---- | C] () -- C:\Windows\SysWow64\dbclient.dll
[2011.07.02 23:14:10 | 000,375,296 | ---- | C] () -- C:\Windows\SysWow64\wsihk32.dll
[2011.07.02 23:14:10 | 000,132,096 | ---- | C] () -- C:\Windows\SysWow64\wsiwin32.dll
[2011.07.02 23:11:23 | 000,177,152 | ---- | C] () -- C:\Windows\SysWow64\c5uninst.dll
[2011.07.02 23:11:23 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IDUNINST.DLL
[2011.06.21 00:31:03 | 001,785,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.04.03 23:54:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.10.04 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.06.20 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\driveridentifier
[2013.02.16 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.09.07 01:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.09.07 01:56:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.23 11:29:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.03.18 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2011.09.02 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.01.10 02:39:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam
[2012.04.10 10:25:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindPlan_DOLS
[2012.02.22 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble
[2012.04.14 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.09.18 23:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.11.29 22:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2011.12.20 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pokerth
[2011.12.29 15:11:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2013.01.10 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SAP
[2012.11.13 16:08:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-updater
[2012.07.11 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\six-zsync
[2011.12.07 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2013.01.07 13:23:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.03.12 18:26:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.12.29 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.01.28 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.30 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.09.06 12:57:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.04.06 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2012.10.26 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.06 11:55:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Westfälische Hochschule
[2011.10.10 02:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.02.04 14:12:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wsIRC
[2012.04.15 16:00:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom
========== Purity Check ==========
< End of report >
|
|
18.02.2013, 00:18
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HTTP und TCP Request zur IP 174.35.7.4 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
|
| Themen zu HTTP und TCP Request zur IP 174.35.7.4 |
| abend, avast, code, eigenartige, google, guten, hoffe, infos, installier, installierte, interessante, längerer, nichts, störungen, system, tcp, tiere, vorgehen, weiteren, wireshark |
Linear-Darstellung
