| |
| |||||||
Log-Analyse und Auswertung: ibvuy.exe und eweb.exe Malware?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.03.2013, 14:39
| #1 |
| |  ibvuy.exe und eweb.exe Malware? Seit einiger Zeit reagiert mein PC langsamer und er brauch auch länger beim Starten. Dann hab ich in der Systemkonfiguration gesehehn das diese beiden Dateien gestartet werden. hxxp://s7.directupload.net/file/d/3206/dddvkzse_png.htm Ich habe Malwarebytes installiert und durchlaufen lassen. Nachdem Scan und dem Fund von 5 Dateien habe ich einen Pc-Neustart getätigt und danach startete mein Windows garnicht mehr, erst nachdem ich im abgesichterten Modus Malwarebytes deinstallierte ging es wieder. defogger_disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:45 on 26/03/2013 (Andrej) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26/03/2013 13:51:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrej\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,13% Memory free 15,99 Gb Paging File | 14,48 Gb Available in Paging File | 90,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 41,22 Gb Free Space | 13,83% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 71,50 Mb Free Space | 71,50% Space Free | Partition Type: NTFS Drive F: | 931,41 Gb Total Space | 575,70 Gb Free Space | 61,81% Space Free | Partition Type: NTFS Computer Name: ANDREJ-PC | User Name: Andrej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/26 13:51:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe PRC - [2013/03/06 16:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013/02/22 16:16:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/22 16:16:12 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/22 16:16:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/15 15:08:44 | 003,818,264 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2010/01/06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/04/05 20:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/03/13 19:52:13 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/08 23:09:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/03/06 16:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/02/22 16:16:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/22 16:16:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/15 15:08:44 | 003,818,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009/08/10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009/08/10 15:01:04 | 000,626,208 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/22 16:16:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/02/22 16:16:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/02/22 16:16:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/10/10 04:13:34 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt) DRV:64bit: - [2012/10/10 04:13:32 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard) DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/09/18 07:21:54 | 000,112,640 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/10/25 08:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/10/25 08:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/18 22:42:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/12 16:12:01 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05) DRV:64bit: - [2010/08/12 13:10:24 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010/07/22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2010/07/13 15:12:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010/07/13 15:12:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010/06/27 10:59:19 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/03/23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/12/21 20:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini) DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV:64bit: - [2009/08/23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009/08/10 14:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB) DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/25 13:34:54 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029unic.sys -- (s1029unic) DRV:64bit: - [2009/05/25 13:34:54 | 000,139,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mgmt.sys -- (s1029mgmt) DRV:64bit: - [2009/05/25 13:34:54 | 000,135,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029obex.sys -- (s1029obex) DRV:64bit: - [2009/05/25 13:34:52 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdm.sys -- (s1029mdm) DRV:64bit: - [2009/05/25 13:34:52 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029nd5.sys -- (s1029nd5) DRV:64bit: - [2009/05/25 13:34:50 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdfl.sys -- (s1029mdfl) DRV:64bit: - [2009/05/25 13:34:48 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029bus.sys -- (s1029bus) DRV:64bit: - [2006/11/09 21:46:14 | 000,007,040 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf) DRV:64bit: - [2005/11/07 13:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow) DRV - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=cd79cd0e-fb8e-47d6-9eae-0773b5f10328&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 9E 97 FA 78 05 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=cd79cd0e-fb8e-47d6-9eae-0773b5f10328&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: zigboom%40hotmail.com:2.0.8 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 19:53:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 19:53:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 23:09:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 23:09:17 | 000,000,000 | ---D | M] [2010/05/27 16:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions [2013/03/25 11:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\hr6ei54z.default-1364161199406\extensions [2013/03/25 11:01:56 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\hr6ei54z.default-1364161199406\extensions\zigboom@hotmail.com [2013/03/24 22:41:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\firefox\profiles\hr6ei54z.default-1364161199406\extensions\elemhidehelper@adblockplus.org.xpi [2013/03/24 23:01:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\firefox\profiles\hr6ei54z.default-1364161199406\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/08 23:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/03/08 23:09:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/01/07 00:51:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/09/06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/09/06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/09/06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/09/06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/09/06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/09/04 23:22:54 | 000,417,891 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14417 more lines... O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14B5B853-EC60-41EA-9EA2-727F82695BCA}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF2D8DC-9B12-4FF1-9251-F57E57767C57}: DhcpNameServer = 83.169.184.225 83.169.184.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97B0C724-273D-4CC5-AF8C-15CE480C9E4E}: DhcpNameServer = 83.169.184.225 83.169.184.161 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7a3b2496-6fa4-11e2-ab3a-5404a6b492c4}\Shell - "" = AutoRun O33 - MountPoints2\{7a3b2496-6fa4-11e2-ab3a-5404a6b492c4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{8681c649-69ab-11df-b0f7-00248cc1b80b}\Shell - "" = AutoRun O33 - MountPoints2\{8681c649-69ab-11df-b0f7-00248cc1b80b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{f1baf590-81d2-11df-a38a-00248cc1b80b}\Shell - "" = AutoRun O33 - MountPoints2\{f1baf590-81d2-11df-a38a-00248cc1b80b}\Shell\AutoRun\command - "" = H:\hmh-nfsmw.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/26 13:51:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe [2013/03/25 11:10:25 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Malwarebytes [2013/03/25 11:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/25 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Programs [2013/03/24 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Wougux [2013/03/24 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Avni [2013/03/16 15:05:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/03/16 15:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/16 15:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/03/14 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013/03/14 21:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013/03/14 21:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013/03/13 17:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013/03/13 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013/03/13 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/03/08 23:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/03/06 20:24:36 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Desktop\Bewerbung [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/26 13:52:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/26 13:52:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/26 13:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/26 13:51:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe [2013/03/26 13:47:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013/03/26 13:47:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/26 13:47:16 | 2145,951,743 | -HS- | M] () -- C:\hiberfil.sys [2013/03/26 13:45:56 | 000,000,020 | ---- | M] () -- C:\Users\Andrej\defogger_reenable [2013/03/26 13:45:03 | 000,050,477 | ---- | M] () -- C:\Users\Andrej\Desktop\Defogger.exe [2013/03/25 17:47:48 | 000,168,495 | ---- | M] () -- C:\Users\Andrej\Desktop\bookmarks.html [2013/03/14 15:15:25 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/14 15:15:25 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/14 15:15:24 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/14 15:15:24 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/14 15:15:24 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/26 13:45:56 | 000,000,020 | ---- | C] () -- C:\Users\Andrej\defogger_reenable [2013/03/26 13:45:03 | 000,050,477 | ---- | C] () -- C:\Users\Andrej\Desktop\Defogger.exe [2013/03/25 17:47:48 | 000,168,495 | ---- | C] () -- C:\Users\Andrej\Desktop\bookmarks.html [2012/11/08 21:31:55 | 000,003,987 | ---- | C] () -- C:\Users\Andrej\AppData\Local\recently-used.xbel [2012/08/13 22:22:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012/06/24 14:55:41 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/06 12:57:14 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012/05/03 03:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/01/06 20:46:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/01/06 20:46:01 | 000,042,494 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/11/27 16:05:55 | 000,043,196 | ---- | C] () -- C:\Users\Andrej\Yu-Gi-Oh! - Worldwide Edition.sgm [2011/11/27 14:22:33 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/05/12 19:07:58 | 000,252,680 | ---- | C] () -- C:\Windows\UTP.exe [2010/12/01 20:41:34 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/07/18 12:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Andrej\AppData\Roaming\chrtmp ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/02/18 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\aicon [2010/07/18 11:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Atari [2011/02/13 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Audacity [2013/03/25 11:00:28 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Avni [2010/06/27 11:04:01 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Lite [2012/09/22 17:12:06 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DVDVideoSoft [2011/07/17 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DVDVideoSoftIEHelpers [2011/01/10 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Foxit Software [2010/08/24 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\GHISLER [2013/02/10 18:43:49 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HLSW [2012/07/15 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HTC [2012/07/15 22:12:00 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012/08/16 21:45:33 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HWM BlackBox [2012/08/16 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\ICQ [2012/02/26 00:25:01 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Ilohot [2010/06/14 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\ImgBurn [2012/02/21 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Leadertech [2010/12/12 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Local [2011/12/18 22:37:41 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Octoshape [2012/05/29 18:45:38 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\OpenCandy [2010/06/08 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\OpenOffice.org [2012/02/19 13:04:09 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Piumle [2010/10/26 18:59:06 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Razer [2011/05/12 19:38:21 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Stardock [2011/05/13 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Stealth Software [2012/01/27 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\TeamViewer [2012/05/06 12:57:58 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Tobit [2013/03/24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\TS3Client [2010/11/15 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Win32 [2013/03/24 18:50:03 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Wougux ========== Purity Check ========== < End of report > ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26/03/2013 13:51:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,13% Memory free
15,99 Gb Paging File | 14,48 Gb Available in Paging File | 90,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 41,22 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,50 Mb Free Space | 71,50% Space Free | Partition Type: NTFS
Drive F: | 931,41 Gb Total Space | 575,70 Gb Free Space | 61,81% Space Free | Partition Type: NTFS
Computer Name: ANDREJ-PC | User Name: Andrej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0146AA3B-4851-4EB6-B545-DFD273108095}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{089040FD-BA2B-4290-9140-3B838562FE7D}" = lport=445 | protocol=6 | dir=in | app=system |
"{1700D58A-FEB2-465E-9FF4-CF4C3CAA54A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{208B09EB-24F0-4B65-8F31-7BCDBCC910A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24771750-E250-4F01-A39F-8A95C96FF5BE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2FDF0D92-F304-47F2-8EDA-99B3B85779A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31A294C3-C868-4599-8768-667152DBC8BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B380710-683C-42B5-98CE-691C82DF112D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3EE749DC-E196-4CCA-AAC1-A768CE77E8E3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{475CC909-411C-495F-B19D-76AF5069C0F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BFC6D6B-3A10-4BE7-97CA-0A85F6A8354E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DBF3182-B424-4681-B57A-A4483B0DBE8F}" = rport=139 | protocol=6 | dir=out | app=system |
"{4DCDD14C-26DB-480D-86C1-A7AEE24A648D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DF258F7-2122-4292-949F-C5E393BF5A54}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AC7641D-20FE-46D1-BDDB-E966EC02FC26}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{77F7B876-A239-42D8-BE7B-E8B7A8757FAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83EAD9C1-3992-4A55-9726-0094C9576CED}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B38A85C-A918-40A8-BE5F-47F3CC06535F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1009525-1C5B-4B6C-9B8B-6E1F6DBEAD00}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD538488-3DFC-4D49-90B4-A5A243C911ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1D02D2B-1D36-4CE9-A6C8-A0B5B6F26BB4}" = rport=445 | protocol=6 | dir=out | app=system |
"{C484147E-4065-4B33-A23E-EC57C712A41C}" = rport=137 | protocol=17 | dir=out | app=system |
"{C4EE987C-2A8E-4123-983B-E86BDEF6F75E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3F18D53-3296-4E48-A546-100DD3230F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7A75608-3E58-4498-BCC3-587E2126DAC6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E121F759-1BA4-4EB0-8A00-7D6FFAD44794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E243EBB4-E378-4B1B-967D-579467098A09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8B44B36-CF0F-4169-9095-F0B802B77179}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED5F6D90-D54F-468D-BA1B-24289B7E6C81}" = lport=139 | protocol=6 | dir=in | app=system |
"{EEBC304C-C515-4F7E-9DF0-F3414A96CEEA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEF6014F-3C49-48B7-A13F-84E2E6A5BF75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F389156F-D806-43C8-914B-8F1CCD2C646E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F68D0637-ABBD-45D3-B95F-2E246310B081}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F4348-12E9-495E-B6BD-8D47D4314EFF}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{03A1A6E2-D2E9-4D84-80F7-6E97E22E095C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe |
"{070D73AD-5478-4B36-A3AE-FBB915F244E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0EA75D09-4B47-47EF-A921-0AC17B418A38}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{10B0C5AB-5F6E-46F1-B01A-5639CE7F8F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{111D0D3D-D273-4328-B7A4-9B6633A38EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{121B45F9-4CA1-492E-AAE4-8616C232D1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{12962FE0-B04C-48E2-9B8C-E638BC938B4E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe |
"{13D6FF26-E9A7-4C0F-B8DB-CF47434C64C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{13F75D61-BD4D-4E3B-BBDC-339E133023AC}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{16FCF791-C3A8-4CD3-A76F-0AAD834DB711}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\source sdk base 2007\hl2.exe |
"{1C5B01A3-88F9-4C64-8B5A-DDC209E06250}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{1C6CD356-7BBF-4B36-A583-A5A708A34AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe |
"{1DC3C972-CF92-4D7B-9BC2-3EBC1D87B258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{21133D76-B4F5-423D-AD57-1D3935F7EEB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{246A065D-6307-4E72-897D-63C20B2AC907}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{2526D6F6-3110-44EA-86D4-122587166DCE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{255E3D61-C577-405A-9143-65D55D55A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe |
"{2BB958C7-6C5F-4904-99D8-C8DC56667555}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30A881DF-467E-44C8-A5EA-06D874E6DF48}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe |
"{34FC279A-9FAB-4A39-A3FF-37340F9CAA47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38728CB5-FF99-4212-9514-B18E9B8A119A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{394B62F7-046C-4A97-8E79-88CCA17D3A96}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\source sdk base 2007\hl2.exe |
"{3BFE33AC-B837-467D-9713-E6AB9C17C30E}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{3E8A75A9-A4A6-4DC2-ACF0-A4B3CD30291B}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{3FE68242-DCD9-4993-8DE4-36152D0EF812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40EDC956-2569-4266-B579-7F7825E22E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe |
"{434AD24F-1EFA-401B-91A2-DE44E1559734}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4681C7BD-573B-4779-9DDA-85D8F1757913}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\mohmpgame.exe |
"{480FB7FF-84EE-4386-ABD2-13004D18D595}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{486AAE20-D36C-4863-82DE-F5E6C1BFB1BD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49D48860-826A-4079-AF7F-D024749BF00E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{4D046F82-76E5-46B4-B26A-7C96F6F55AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe |
"{4D548E84-D97F-407F-9940-43B1F6C0DDD7}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{50799525-4E08-40D6-BAF1-ACE9466C22CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{53C871DD-B900-4254-9B89-E46D27CFBF71}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{54E6A3D3-7A38-4457-9068-7318483FF900}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55803014-18DF-4F61-8E3E-B79CA2FC61C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{579CFFF9-CF5E-4BD3-83E0-D5A505127CE3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{58E39BA5-4A05-4543-B42D-438F89D58909}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{5CBC8DF7-66FC-4FB4-944A-7DB78D97EEC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5E36D6D4-F1CE-4ECE-9D9B-5CD967FB1290}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6236E00A-3154-4AC4-A5CB-1921A1CC0407}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe |
"{647BE906-0AD6-4AB9-A896-4A0EC6EFE7C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{656D500B-8797-43FB-8AB5-C43FEB34367E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{66263884-18FA-4AC3-85EB-33F2775BE4EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{67706A32-62FD-4F19-B09B-C6197F5CA824}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6C16D304-B4BB-4703-A55D-2B43A41B5D18}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6C7DB246-5AE4-4F20-98A6-3920B8768465}" = protocol=1 | dir=in | name=hlsw icmp |
"{6CFC16B0-7149-46E8-B3A5-E064BF675FF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71127F82-E90C-4A1D-96C0-C7CC3AA674A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{715A2D24-D9F7-4515-A21E-847E699D7113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72201D0A-9F9B-49EF-80E0-A81B77036672}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{725615DB-E253-4017-9EA8-5F41AE94F31F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{72601D2F-6BA5-4C03-9AC8-53D31579A56B}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{76E7DCF5-906A-4F2F-BABA-8BBD06E42545}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{77C5EEAD-00D6-43F8-BFD5-D80C1CD6072F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{79BE81E5-5BA3-4FA4-94B9-D09CCCC22723}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\mohmpgame.exe |
"{7B13F615-D41A-4B60-958A-48D35EE749AE}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{7DF380B3-D969-4B87-B611-7CBBEA3C18FA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{809C5965-7A84-4FBD-A090-0156C68B2882}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81D3D7B8-67BC-4485-9CC3-A6D2575C993A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe |
"{835178FD-8AB2-4431-AFB0-4DF2E5C4D9AC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{854F2533-B95A-4ACE-B501-B026B5C1874C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{860071F2-1BA0-4831-ABBB-8FC189995D9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86025FBD-5641-424A-8B38-886A7EEFA13B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{869204D2-6994-4633-97F8-04375DF6A1B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88071445-ADFD-4808-86B6-DA5F815992EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8A858C15-D6AE-4189-933E-E2A3772C41DF}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{8C1F838C-9C6E-49E6-B994-025A6229DC34}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{8E482589-D6F9-474B-B6B8-024ABE128C34}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe |
"{96C42CB9-3149-4899-84B1-38E76E22421C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AAE819F-BF83-468D-BEF6-6346CCE69AD8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9B457217-16EA-49DA-A66E-2F22E8C4D8FB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{9D8ADE70-8157-4273-BB66-CE5B476A8CF3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A1E56241-0317-4C23-BE62-BBC254D42208}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{A2F4B9A1-9D6D-45D2-9026-7DDF6AB3990F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A3050FE8-7FF5-4930-84C9-DAD2BA921C22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{ABF45638-F61C-446D-98D3-8AFFED1D62CD}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe |
"{AC30B197-6DD1-4594-A7F9-877C4E4638ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADA43E1C-C34C-4ACE-BF65-27E9DDF90509}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm |
"{B5CE7F8B-A91F-426E-8BE5-D06BF3F49AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B717AE30-3EC7-47D6-B948-74D376819CF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF71DF4A-E676-4564-9099-074B7F99A730}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{C19EBEA3-122F-4A4E-97B3-C65599AA8096}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe |
"{C4F38411-B9A1-4557-81D0-37BCB210CB9D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{CC642A53-13F1-4319-82BA-BE5ACD302D22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{CD687EA2-EB6C-4947-88F1-8F59643A385A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm |
"{CEE0DBAA-C0E5-4A88-AF2E-3B69155B2435}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D52B62A6-2870-4327-8AA7-814CD803C5B7}" = protocol=6 | dir=out | app=system |
"{D6DCBB25-02B8-49F3-BE37-027E3F1E0E59}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{DA641CA2-A0E6-4C6D-B7D7-298184587F5F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DB645E56-D333-43CB-85E9-B21FD22D1C9A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DBE177A7-0E29-49CB-84D9-634814A1C262}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DDC5BE4A-56C6-4F22-8C6A-3C7FFA964186}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E1718C76-028F-4CE2-B75B-5E10A4281217}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe |
"{E2789AF5-A79E-472D-9749-3D1CD821C87B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E284B53E-85C2-4B99-95E9-AC7D29EE3247}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E533375A-88E5-4406-8BC6-A748318695A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8A81073-A4DB-4FA4-BB43-16D45F6DBA43}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe |
"{E91D5E3A-9D1A-4415-89D0-B628D4B0D14E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0AF31D1-7700-47C3-A533-A8D001818BDC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{F48DDDD7-11DD-4763-A11C-11986309FA44}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{F6261194-1499-4355-9CA4-B44E5A989049}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{F671DEE4-A170-429D-BCF9-FD1D72D9F61D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F7F8D929-0408-4129-B92F-7610681B147A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{FA780519-8BB4-448F-9BD1-732B1B2DF72B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{FB4FD126-9F58-4264-8CE4-E76A8B220CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"TCP Query User{42E7B0EF-FC21-42F6-A48B-8D8C3E5DA601}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4C4F4472-FD27-43FD-8A28-66BED1820D96}F:\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=f:\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{54F29303-4280-4E57-972B-E943694F92B2}F:\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\need for speed most wanted\nfs13.exe |
"TCP Query User{5AE45675-9964-4D71-98BD-B961C0F2F844}C:\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"TCP Query User{60808808-A747-45FE-B839-CA1BE43757B1}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{610E21FF-E784-4872-9FA2-F403C15EC252}C:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{6D5FF3D3-9108-4664-A1C2-F10721C7909E}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{6D8CD361-F685-4B0C-B937-427DD593680D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{72D7CF61-139E-46FB-A754-6822D1965EC6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{7B173009-F956-47BC-AA69-BFC9563D8607}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8B67A1A3-7AA0-4F11-8F8B-63596D0A654E}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{BC498C4E-865D-4D52-B662-8226101AA9AE}C:\users\andrej\appdata\roaming\exka\ibvuy.exe" = protocol=6 | dir=in | app=c:\users\andrej\appdata\roaming\exka\ibvuy.exe |
"TCP Query User{CCDA4921-649E-4E4C-8AE2-F6B205779D6A}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{CF84C10A-AF82-4C4E-9792-D70916882265}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin |
"TCP Query User{D130BFB0-4BB7-400C-B2A7-88C321941E95}C:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{DD7E8AE6-A885-4019-B460-A74A0627BC3F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{E368B8F3-39B3-4475-9709-DE0B075029B4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{EE6F9846-BB6F-4942-A89A-8B6D7208A594}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F02D396F-5CF5-4F44-8B1F-B71B5B6540A2}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{1F58D303-6C5E-4131-9E57-ED4C975C784B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{29139236-53EE-40C8-991A-83ABB1AD75F5}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"UDP Query User{2CD4AAF1-3D21-45B3-B831-FB2E5D9D4E25}F:\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=f:\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{2DCBA9DE-4592-4B25-9466-3CB2F2935048}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{528065DB-7B6D-45DC-A850-72AFE1B67D20}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{52F0FA4C-EBC1-4261-B37D-265199E942A6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{56087845-8CC4-4514-A62C-55FF85CAEE1C}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin |
"UDP Query User{619E3064-0BB0-4301-987F-E70A5935F4F7}C:\users\andrej\appdata\roaming\exka\ibvuy.exe" = protocol=17 | dir=in | app=c:\users\andrej\appdata\roaming\exka\ibvuy.exe |
"UDP Query User{61EC3480-6AF1-4CA6-9A64-C326859898A1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{77246D0C-3E19-4B1E-B8AD-2EEC5AAE8244}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{7A7B80B3-6BBE-4D00-A876-6E5739AB1A30}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8723E879-8EE1-46FF-9AA7-294C5958F193}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{9A571029-C236-493B-BCA3-1E142AAD053F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E56E4853-6B06-45F7-9D8D-B6023B366851}C:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{E64C0F07-38A9-4C93-8CE8-4030F8330457}C:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{EE6AC2C0-7874-4CF1-9A9F-BEEFCB3931EF}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"UDP Query User{F8FE8046-F076-4B28-877D-80B591BF8ADF}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{FBAACC04-8C98-4BBB-805D-F0060BFA57D9}F:\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\need for speed most wanted\nfs13.exe |
"UDP Query User{FC4671C8-8A80-4DB9-8E28-CF93170F1897}C:\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"My Lockbox_is1" = My Lockbox 2.9.7
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"Dishonored_is1" = Dishonored
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HLSW_is1" = HLSW v1.4.0.2
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Basic)
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 10" = Counter-Strike
"Steam App 80" = Counter-Strike: Condition Zero
"TeamViewer 7" = TeamViewer 7
"TeamViewer 8" = TeamViewer 8
"Theme Manager (Free)" = Theme Manager (Free)
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24/03/2013 17:16:06 | Computer Name = Andrej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d14 Startzeit:
01ce28d4a962d192 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
0717e80d-94c8-11e2-8ce5-5404a6b492c4
Error - 24/03/2013 17:39:09 | Computer Name = Andrej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 52c Startzeit:
01ce28d7ea25512d Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
406623a2-94cb-11e2-8ce5-5404a6b492c4
Error - 24/03/2013 17:55:14 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x75c Startzeit der fehlerhaften Anwendung: 0x01ce28ced0579f75
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
812ded31-94cd-11e2-8ce5-5404a6b492c4
Error - 24/03/2013 18:24:08 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x754 Startzeit der fehlerhaften Anwendung: 0x01ce28da7444479d
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
8aad77e4-94d1-11e2-a7d2-5404a6b492c4
Error - 25/03/2013 06:35:15 | Computer Name = Andrej-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 25/03/2013 08:24:48 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x754 Startzeit der fehlerhaften Anwendung: 0x01ce293d5bb1e68e
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
fb3f7089-9546-11e2-9896-5404a6b492c4
Error - 25/03/2013 12:45:46 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften
Prozesses: 0x1228 Startzeit der fehlerhaften Anwendung: 0x01ce2977c5b45648 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
70404638-956b-11e2-9c51-5404a6b492c4
Error - 25/03/2013 14:24:06 | Computer Name = Andrej-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 25/03/2013 16:05:45 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x4f7e4d8c Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0x01ce297767419582
Pfad
der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
605c1ce9-9587-11e2-9c51-5404a6b492c4
Error - 25/03/2013 17:22:25 | Computer Name = Andrej-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:19:48 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:19:48 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:19:48 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25/03/2013 16:21:35 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv05
Error - 26/03/2013 08:12:08 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv05
Error - 26/03/2013 08:47:54 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv05
< End of report >
Gmer GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-26 14:24:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAD 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Andrej\AppData\Local\Temp\ugdiqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[1996] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000765c87b1 5 bytes JMP 000000010065e3e0
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2552] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076991465 2 bytes [99, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2552] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769914bb 2 bytes [99, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x03 0x7C 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x90 0x98 0x5C 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x92 0x3E 0x42 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x03 0x7C 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x90 0x98 0x5C 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x92 0x3E 0x42 0x37 ...
---- EOF - GMER 2.1 ----
Geändert von g1ve (26.03.2013 um 14:55 Uhr) Grund: Änderung |
|
26.03.2013, 16:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ibvuy.exe und eweb.exe Malware? Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.03.2013, 19:04
| #3 |
| | ibvuy.exe und eweb.exe Malware? Eigentlich hab ich mir nichts dabei gedacht mit der Windows-Version, mir wurde das damals so empfohlen und fertig.
__________________Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.25.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Andrej :: ANDREJ-PC [Administrator] Schutz: Aktiviert 25/03/2013 21:12:48 mbam-log-2013-03-25 (21-12-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212361 Laufzeit: 2 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Avira Log Code:
ATTFilter Die Datei 'C:\Users\Andrej\AppData\Local\Temp\tmp3b681154\234.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.73728.247' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59983d01.qua' verschoben!
In der Datei 'C:\Users\Andrej\AppData\Local\Temp\tmp3b681154\234.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.73728.247' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
26.03.2013, 22:49
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ibvuy.exe und eweb.exe Malware?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2013, 12:43
| #5 |
| | ibvuy.exe und eweb.exe Malware? Doch ich hab privater Anwender aber als mir mein PC Zusammengestellt wurde hatte man mir gesagt mit 8Gb Arbeitsspeicher bräuchte man das. Abgesehen davon tut das irgendwas zur Sache meines Problems? |
|
27.03.2013, 16:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ibvuy.exe und eweb.exe Malware? Nun beantworte bitte die Fragen. Nach der Größe des Arbeitsspeichers hab ich nicht gefragt, ich wollte wissen warum du eine ultimate edition hast und warum du diese brauchst - es sei denn du nutzt diese Kiste nicht nur rein privat. Wer hat dir diese Edition aufgeschwatzt? Nur um 8 GB RAM nutzen zu können braucht man kein ultimate. Entscheidend ist 32 oder 64 bit
__________________ --> ibvuy.exe und eweb.exe Malware? |
|
| Themen zu ibvuy.exe und eweb.exe Malware? |
| acedrv05.sys, antivir, application/pdf:, avg, avira, bho, black, converter, error, firefox, flash player, format, install.exe, jdownloader, logfile, malware, metin2, mozilla, mp3, plug-in, realtek, registry, required, richtlinie, rundll, safer networking, scan, security, server, software, svchost.exe, teamspeak, udp, usb, windows |
Linear-Darstellung
