| |
| |||||||
Log-Analyse und Auswertung: Virtumonde.dll/sci/sdn und SpybotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.06.2013, 17:02
| #1 |
| |  Virtumonde.dll/sci/sdn und Spybot Hallo liebes Helferteam. Das ist mein erster Beitrag hier, daher hoffe ich mal, dass ich alles richtig gemacht habe. Zu meinem Problem: Mir ist neulich aufgefallen, dass bei meinem Spybot S&D ziemlich lange nach oder in virtumonde.dll/sci/sdn sucht. Das hab ich dann gleich mal in Internet gesucht und rausgefunden, dass es ein Trojaner ist. Jedoch hat bei mir eben weder Spybot noch avast! noch Malwarebytes Anti-Malware etwas gefunden. Nun habe ich hier bereits im Forum gelesen, dass Spybot lediglich anzeigt, wonach es gerade sucht, und nich was es gerade durchsucht und das virtumonde eigentich mittlerweile von vielen Antivirusprogrammen gefunden werden müsste. Bin jedoch die Anleitung durchgegangen und habe die folgenden Logdaten. Code:
ATTFilter OTL logfile created on: 21.06.2013 15:52:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EGAL\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,77% Memory free 4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 213,15 Gb Total Space | 51,05 Gb Free Space | 23,95% Space Free | Partition Type: NTFS Drive D: | 19,63 Gb Total Space | 7,57 Gb Free Space | 38,57% Space Free | Partition Type: NTFS Computer Name: SPIELSERVER | User Name: EGAL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.21 15:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe PRC - [2013.06.06 20:33:44 | 000,040,960 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe PRC - [2011.12.05 18:59:13 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.04.18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.02.01 14:02:26 | 000,713,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.02.01 14:00:40 | 001,043,784 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe PRC - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razertra.exe PRC - [2009.04.14 08:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2007.05.07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Tarantula\razerhid.exe PRC - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe PRC - [2007.02.14 12:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback 3G\razerofa.exe PRC - [2003.05.21 18:37:08 | 000,229,437 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.01.21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010.01.09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.10.12 19:13:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe MOD - [2009.10.12 12:13:06 | 000,131,072 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razertra.exe MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Tarantula\razertra.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcmispupdmgr.dll -- (oracledbconsoleorcl) SRV - [2013.06.12 17:03:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.06 20:33:44 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013.05.19 09:47:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.06 18:04:38 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.21 02:39:20 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.02.08 18:01:47 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.02.08 17:55:13 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.02.08 17:36:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.02.01 14:00:40 | 001,043,784 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.02.01 13:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.01.21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\EGAL\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.11.09 16:21:40 | 000,147,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.10.27 00:21:08 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS) DRV - [2011.08.30 01:54:22 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2011.05.17 17:40:37 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.04.18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.04.18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.04.18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.04.18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.04.18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.21 22:46:13 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.01.27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.08.03 12:10:24 | 001,148,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.06.18 20:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) DRV - [2007.04.11 16:23:48 | 000,045,440 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (TarFltr) DRV - [2005.09.06 12:13:52 | 000,004,505 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tihid.sys -- (Tihid) DRV - [2005.04.24 23:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DB3G.sys -- (Razerlow) DRV - [2004.08.31 20:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 6B 05 BE 19 B0 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0 IE - HKCU\..\SearchScopes\{136D0C38-F6BE-4FF0-B1C1-E82465C425CB}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{1732850D-AFC1-4A1A-AA97-5674574E121C}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{187F50A8-52B2-48C5-B20C-D96449C26E2D}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{26CA4FA5-9B46-4A72-8E9E-EBF0DE82AC21}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&k=0 IE - HKCU\..\SearchScopes\{864C26B3-A135-4318-8D9A-7F881D218950}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{923E93C6-EADA-4EE7-BAEF-97C79C156F3A}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D5153510-4B3E-46AE-A888-5CA9B4B46747}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=754f46bf-ec0f-442a-9524-e6dface7ba68&pid=proxtubede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:20110101 FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.33 FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.1 FF - prefs.js..extensions.enabledAddons: firejump%40firejump.net:1.0.2.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "95.181.33.22" FF - prefs.js..network.proxy.http: "95.181.33.22" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "95.181.33.22" FF - prefs.js..network.proxy.ssl: "95.181.33.22" FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\EGAL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.03 17:58:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.02 18:34:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 09:47:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 09:47:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\EGAL\AppData\Roaming\Mozilla\Firefox\Profiles\viz3tusi.default\extensions\firejump@firejump.net [2013.06.06 20:33:53 | 000,000,000 | ---D | M] [2010.02.08 17:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\Extensions [2013.06.14 16:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions [2013.06.14 16:30:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013.03.14 21:00:24 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013.05.21 05:48:08 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.06.06 20:33:53 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\EGAL\AppData\Roaming\mozilla\Firefox\Profiles\viz3tusi.default\extensions\firejump@firejump.net [2012.12.11 22:51:38 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 02:14:48 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.06 20:34:17 | 000,001,091 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\icqplugin.xml [2013.06.06 20:34:17 | 000,002,077 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{0CFE86B6-23D7-4F01-BBFC-A46BE9EC10A1}.xml [2013.06.06 20:34:17 | 000,002,188 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{74DAFE1B-4B1A-4E66-B6EC-2994A55B1279}.xml [2013.06.06 20:34:17 | 000,001,870 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{C174170F-389A-4524-A2B4-9FD3D4EE1F79}.xml [2013.06.06 20:34:17 | 000,024,039 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{D291A85D-C059-466E-A436-B5E4FE74A1EF}.xml [2013.06.06 20:34:17 | 000,002,522 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{D69ECB5D-1209-4E85-8431-B3F78AD83B88}.xml [2013.06.06 20:34:17 | 000,001,094 | ---- | M] () -- C:\Users\EGAL\AppData\Roaming\mozilla\firefox\profiles\viz3tusi.default\searchplugins\{DD8A5BCC-E71D-425C-81BE-ACDA3B810959}.xml [2013.05.19 09:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.05.19 09:47:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.05.19 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.19 09:47:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.10.02 18:34:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2010.09.03 11:24:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.07.03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll O1 HOSTS File: ([2013.06.20 22:20:46 | 000,447,019 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15377 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Ocs_SM] C:\Users\EGAL\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4182D7EA-72D4-44A0-B9AD-4FC1AF9453F5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.21 15:44:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe [2013.06.21 01:15:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\EGAL\Desktop\HiJackThis204.exe [2013.06.20 22:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.06.20 22:32:10 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.06.20 22:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.06.20 22:13:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.20 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Local\temp [2013.06.20 05:56:10 | 000,393,040 | ---- | C] (Softonic ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe [2013.06.20 05:07:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.20 04:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.20 04:47:19 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093.exe [2013.06.20 04:45:23 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe [2013.06.20 04:14:33 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\Malwarebytes [2013.06.20 04:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.20 04:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.20 04:13:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.20 04:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.20 03:38:20 | 036,271,144 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\EGAL\Desktop\spybot-2.1.exe [2013.06.20 03:37:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\EGAL\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.06 20:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.06 20:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.06.06 20:34:17 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\Opera [2013.06.06 20:33:54 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2013.06.06 20:33:52 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\DesktopIconForAmazon [2013.06.06 20:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal [2013.06.06 20:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\FoxyDeal [2013.06.06 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\EGAL\AppData\Roaming\OCS [2013.06.01 02:32:05 | 000,000,000 | ---D | C] -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de-Dateien [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.21 15:49:45 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.21 15:49:45 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.21 15:48:31 | 000,377,856 | ---- | M] () -- C:\Users\EGAL\Desktop\gmer_2.1.19163.exe [2013.06.21 15:44:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EGAL\Desktop\OTL.exe [2013.06.21 15:42:46 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_EGAL.job [2013.06.21 15:41:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.21 15:41:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.21 15:41:11 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2013.06.21 15:39:50 | 000,000,020 | ---- | M] () -- C:\Users\EGAL\defogger_reenable [2013.06.21 15:38:05 | 000,050,477 | ---- | M] () -- C:\Users\EGAL\Desktop\Defogger.exe [2013.06.21 07:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.21 07:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.21 05:15:39 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_EGAL.job [2013.06.21 04:07:08 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_EGAL.job [2013.06.21 01:15:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\EGAL\Desktop\HiJackThis204.exe [2013.06.21 01:05:31 | 000,000,142 | ---- | M] () -- C:\Windows\wininit.ini [2013.06.20 22:32:15 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.06.20 22:20:46 | 000,447,019 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.20 22:15:29 | 392,870,537 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.20 20:56:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130620-222046.backup [2013.06.20 05:56:17 | 000,393,040 | ---- | M] (Softonic ) -- C:\Users\EGAL\Desktop\SoftonicDownloader_fuer_combofix.exe [2013.06.20 04:57:58 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.20 04:56:08 | 000,002,131 | ---- | M] () -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093 Setup.lnk [2013.06.20 04:47:20 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093.exe [2013.06.20 04:45:26 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Users\EGAL\Desktop\VirtumundoBeGone.exe [2013.06.20 04:13:32 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.20 03:39:15 | 036,271,144 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\EGAL\Desktop\spybot-2.1.exe [2013.06.20 03:38:16 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\EGAL\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.06 20:33:57 | 000,001,450 | ---- | M] () -- C:\Users\EGAL\Desktop\Amazon.lnk [2013.06.01 02:32:31 | 000,244,266 | ---- | M] () -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de.htm [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.21 15:48:29 | 000,377,856 | ---- | C] () -- C:\Users\EGAL\Desktop\gmer_2.1.19163.exe [2013.06.21 15:39:30 | 000,000,020 | ---- | C] () -- C:\Users\EGAL\defogger_reenable [2013.06.21 15:38:01 | 000,050,477 | ---- | C] () -- C:\Users\EGAL\Desktop\Defogger.exe [2013.06.21 04:07:03 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_EGAL.job [2013.06.20 22:32:15 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.06.20 22:32:15 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.06.20 22:24:21 | 000,000,142 | ---- | C] () -- C:\Windows\wininit.ini [2013.06.20 22:15:29 | 392,870,537 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.20 04:57:58 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.20 04:56:05 | 000,002,131 | ---- | C] () -- C:\Users\EGAL\Desktop\CCleaner 4.01.4093 Setup.lnk [2013.06.20 04:13:32 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.20 01:56:27 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_EGAL.job [2013.06.20 01:56:25 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_EGAL.job [2013.06.13 17:44:51 | 000,006,904 | ---- | C] () -- C:\Users\EGAL\Desktop\Classical Gas.gp3 [2013.06.06 20:34:00 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2013.06.06 20:33:57 | 000,001,450 | ---- | C] () -- C:\Users\EGAL\Desktop\Amazon.lnk [2013.06.01 02:32:15 | 000,244,266 | ---- | C] () -- C:\Users\EGAL\Desktop\Dartols Rute der Transformation - Gegenstände - World of Warcraft Datenbank von buffed.de.htm [2013.05.09 16:58:14 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2013.05.09 16:58:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2013.03.23 20:16:28 | 000,004,505 | ---- | C] () -- C:\Windows\System32\drivers\tihid.sys [2013.03.23 20:13:33 | 000,143,360 | ---- | C] () -- C:\Windows\System32\Tipage.dll [2012.06.12 01:45:50 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.03.28 19:40:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\54X64LKy.dat [2011.10.27 00:06:17 | 000,010,443 | ---- | C] () -- C:\Windows\hpdj3600.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.07.10 00:34:29 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll [2011.07.06 20:08:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.11.05 13:41:07 | 000,000,092 | ---- | C] () -- C:\Users\EGAL\AppData\Local\fusioncache.dat [2010.07.10 19:44:43 | 000,000,000 | ---- | C] () -- C:\Users\EGAL\.gtk-bookmarks [2010.05.01 20:54:05 | 000,007,608 | ---- | C] () -- C:\Users\EGAL\AppData\Local\Resmon.ResmonCfg [2010.03.21 19:20:31 | 000,138,056 | ---- | C] () -- C:\Users\EGAL\AppData\Roaming\PnkBstrK.sys [2010.02.16 20:40:55 | 000,001,355 | ---- | C] () -- C:\Users\EGAL\AppData\Roaming\SAS7_000.DAT ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.08 02:28:59 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\.minecraft [2013.02.28 20:43:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\AnvSoft [2010.02.08 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ashampoo [2010.03.26 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ashampoo Cover Studio 2 [2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Azureus [2010.03.02 12:41:26 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Bioshock2 [2013.03.14 19:25:33 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\CDisplayEx [2013.06.20 05:05:51 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DAEMON Tools Lite [2013.06.20 05:05:51 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DAEMON Tools Pro [2011.06.27 23:41:43 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Day 1 Studios [2013.06.06 20:33:58 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DesktopIconForAmazon [2012.11.07 23:14:40 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DVDVideoSoft [2012.11.03 00:37:15 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.26 23:44:08 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\FreeDoko [2010.11.08 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\ICQ [2010.03.19 11:13:22 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\IrfanView [2011.11.26 03:20:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Juniper Networks [2010.10.14 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Line 6 [2011.11.07 17:26:21 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\MotioninJoy [2011.08.23 00:13:36 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Mumble [2010.07.17 14:42:13 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Neoretix [2013.06.06 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\OCS [2010.02.15 21:35:19 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\OpenOffice.org [2013.06.06 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Opera [2011.03.18 22:08:23 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\PunkBuster [2012.01.05 05:46:25 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Recorder [2012.08.12 13:50:04 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\six-updater [2012.08.12 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\six-zsync [2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\TS3Client [2010.02.08 18:00:30 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\TuneUp Software [2011.12.02 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Ubisoft [2010.12.27 13:39:23 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Uniblue [2013.06.20 05:05:50 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\uTorrent [2012.03.28 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\EGAL\AppData\Roaming\Wise Registry Cleaner ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F35A93AD < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.06.2013 15:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EGAL\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,77% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 213,15 Gb Total Space | 51,05 Gb Free Space | 23,95% Space Free | Partition Type: NTFS
Drive D: | 19,63 Gb Total Space | 7,57 Gb Free Space | 38,57% Space Free | Partition Type: NTFS
Computer Name: SPIELSERVER | User Name: EGAL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{0740DAD8-64B6-44F7-ABEC-545070AE15FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1446CA5B-2133-4736-BDE1-15517B8DD949}" = rport=138 | protocol=17 | dir=out | app=system |
"{14CAFD08-2FEE-41EC-B237-864C8A027B9E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22239061-8C53-45E8-BECE-22EF3A6BB859}" = rport=139 | protocol=6 | dir=out | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33660F9E-6BC4-4FEF-8EB4-C776B5489A01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{345F005B-F011-48F0-A258-A4DE5DC5C9D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3906EE9A-8D75-45B4-BD32-759488EE6E9C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51B75FE8-15D4-4BC6-8C07-52E708BF63D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52C2794A-E070-40DD-BB7E-8DF260EEF0C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{547DD7D4-576E-4030-958A-D2854EC49549}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A8C7D3D-A84C-403A-B994-1A0C953870EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{63772124-54F6-4208-A196-EEF4E7A3762F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75527BF8-CFE9-4FBD-9431-5957B9EBFC5D}" = lport=56614 | protocol=17 | dir=in | name=pando media booster |
"{7BB94CAE-F4AF-4DA8-8999-C61C97E9A123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{917E65D2-7187-4CB0-9CA4-25B2A5769959}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92CABD09-1316-4FD7-90B8-599E6B05C4A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D556B3B-DFD6-4555-A30B-FDD2E39BAB79}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5BDE3E5-1DB4-420C-9E7D-0B3AC7279840}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |
"{A740BBEC-99FD-43FD-BECF-C5193B067692}" = lport=56614 | protocol=6 | dir=in | name=pando media booster |
"{AAE7A9F1-3E59-4ECF-A89A-49498882DCEA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2A8956E-CE17-4EF6-BD68-140E1735E771}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B98CBFC9-1DCF-414D-9361-52D2FFD93562}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA12B3C7-C995-47C3-8E8C-BC14B5BA4190}" = lport=56614 | protocol=6 | dir=in | name=pando media booster |
"{BB8BC263-A5B2-4EE9-AFB8-35B94F5FB6BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{BCD97DAB-CAEB-4918-85BF-C651D08A6ED4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBEAB78F-8980-4AF4-AC1F-F7446477B365}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6A51490-2C38-4B77-8DEC-23FD0DF04504}" = lport=139 | protocol=6 | dir=in | app=system |
"{E6F3979D-1334-4244-A6C8-415F7670715A}" = lport=56614 | protocol=17 | dir=in | name=pando media booster |
"{E824982D-64C9-4EFB-891D-B06549F43B62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E940027B-AB35-4604-AE03-C934DB291ABD}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2FD89DE-F2A8-4DA9-8EBA-458F96F070A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{F34160D7-E2CF-4E09-ACF3-6F29CC4C89A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00096877-6A0D-4487-BEEE-6C6FF67848BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00120F96-9A77-4337-AE37-9E949F29AACE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{003DC054-A6D1-4BB0-A3B5-019D78FADFE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike source\hl2.exe |
"{01322CA2-4D18-43E4-B26E-A54E955FB397}" = protocol=17 | dir=in | app=c:\program files\blastshark\hellgate\blastshark.exe |
"{029C1E8F-903D-4A77-8F52-479EBFB099EE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{056784B6-EE69-4AEC-914B-9DDD2C3CAB1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0586E16E-52E7-440A-9A48-4F03104944D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AA018BF-5612-4A3B-AB61-08699FA0BCB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AA29FA0-C912-4B27-B511-69F500963955}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B317D27-6C54-472B-94EA-AACA67B5EE71}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B557308-C8E7-42D2-9C0A-13FB27199E23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BFFFDCB-BE3F-4F90-85EA-11FF576A9CDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D38B054-8327-42AA-B959-5603AEE4C105}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0EDF80B2-57C3-4AB6-819C-EEAA8FB49157}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EECE20B-255B-4187-A698-5960EA28F43A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F417795-03DD-4D03-BD06-1EB7EF3FE498}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10DBA15B-8EFC-4E34-9F45-232F9A84CCDD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{142808BB-C2AE-4881-9D2F-E26D2B726785}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14FD272F-D349-4217-8F13-330FC673A204}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1704C018-BC41-4D6D-9CA2-485DC3DD8A2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1779E8CB-20CB-43F5-B9D2-246952D4FEF9}" = protocol=6 | dir=in | app=c:\program files\blastshark\hellgate\blastshark.exe |
"{1866CB93-7BCF-4CB7-91C1-983F89597090}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{198EADA3-1D8D-4905-ABA6-5DDBC7F5A458}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B16C7CD-30FA-4675-8847-AD3F220BBC87}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1BB19AC0-C0AC-40AD-8F2D-702A29BF44B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D04C51C-71C3-4DC7-9208-09F7E34170F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D50D517-6FB2-4A9A-B5E9-C491BF8C39DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E1751F9-D1C3-4914-B3F9-CAB57364A637}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{1ED880B9-BAA6-4D81-BC07-D53CD97F8234}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{200E10A2-8339-4E15-B079-C795011662B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{217FEE28-CF09-4809-9D8B-7DF99D603385}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{224C6577-EE90-4301-AD5A-A64E1A2EA1BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{242F9A7D-05B8-4C78-9CE7-2D921CAF45A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{252200F4-1A00-42BA-B34E-F1017EBE9B72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{257D37D9-8EC3-449A-A6BE-ED5EF6B826CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25D393DE-8BF4-4876-AC5F-7A3CCD1D23F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27F164B7-AAA8-4BA2-807A-4C2918887BE0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2858E023-1C9B-4F19-859A-BC4FC20E6137}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{294A9FA2-E345-4E05-9753-78B4C520514B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2984469D-B89A-42EB-BD9F-28EB5998AFA9}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{2A1E9601-AF2C-47CD-BB53-77C24842C5DF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2AC8171F-2811-43C9-A20D-CF66008F56B9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2F44CE71-D6A1-4DDA-939D-53D1D6927D26}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2F4637E7-CE9C-419B-8FB3-93BC28766AFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3028F204-AF71-4002-883D-03398E2417D0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{313AACC6-2DB3-4701-81AF-56B57A41C5BF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31E47D90-58B2-4F58-97CC-22F13036631C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{333D7872-69EA-4B11-9BDF-0A20105177AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33DCE12F-E9BE-4589-BC88-C54803FBA233}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3998152E-A3C2-4FE1-AA33-E81534905223}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C1B0B88-7B78-4C3D-BFFA-7EBBBDCD24B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C7912B6-53BC-4042-A935-30009254DDE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E72B5E5-1CE3-4841-95A6-DBA3ED3355F0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{408C4F33-9398-498D-AE95-B39907A5E08A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{41D4B73A-DED9-4FCD-828F-622583BCF2E2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42FFA410-21D8-4EF3-AAAD-4EBC4504CB6D}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{437F9FC8-F661-45C2-91E0-63125460A7D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4507016F-0D3A-4E21-BA21-792085A29B4D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{478711A4-E80E-44B7-8374-0D790349E557}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BD8C133-E060-4221-AE20-1AF3E68F2431}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BF0DEF4-3AF1-4AD1-99F2-0E8648B7F628}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DD2F6C7-37EF-4131-8B7E-D2A77FCA7F0C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4EBB7B2E-30C2-4199-B2EF-CAE9E59C404E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4F1B1B11-9FB9-4965-88F1-C9B17AF4D3DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{50094F62-3614-46F3-B834-357B26368FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5153BB3E-3DD8-4EE0-8926-C6A88B198B89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51578448-660D-46B6-901B-9586477F1B7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52A3DB51-8969-454F-B489-4E2541E3482B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{539556B1-4D40-4272-B5EE-76294388703B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54AEFB97-4916-4D9E-8929-921A6031D849}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54C2F2EC-A1B8-4DE2-907F-E8E64EDF8ECE}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{557F7308-768C-4A73-8F6F-8F877CFA21AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{57A1E577-1C9E-487F-9215-6D18A29E8BFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57DCA230-938F-4F68-9D37-F27C39F1E5F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58D4D03A-6CE8-48B1-946B-0782B18FBC28}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{58DCBFCC-B979-48E1-929A-235D74D97469}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58E8645B-EEF4-41A2-A66A-48693A25A0DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59862BE0-54B7-41DB-A674-72D9FDDCA39C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A6C6EEB-2DA4-459A-8CD6-81DB2190F8B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AB4FE92-9EFC-4D0F-85FC-7414BF4E6264}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BCBDCB9-A8D9-49D1-9A47-78EE609F731F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C30BCEE-E3C4-41D4-9008-BB7080959712}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D559C7B-47F0-4751-BF84-3CB07E28C0C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EE87469-5FFC-41C0-AC0A-DD800B7B28D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5FDE96AE-CB5B-402E-B024-D0EDBC1CABDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FFD7F29-AC6E-4050-9E1A-2824653A2374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62C2AEA0-A369-41C0-A3B3-CC6900757708}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6449C2EA-AF12-4B0C-8F4B-2A1119FE84BC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{654D0639-7EE8-42BB-9BBF-BC586F135890}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{662D92B8-65F9-4538-B02C-3742706F2F8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B1174A1-B68B-4B4C-AEB7-DD5669C7075A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C274576-C1EC-43EF-8A3C-0FABD406D1BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D00F551-FC03-4E99-84B9-CBA946373A5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DA08782-E68A-4707-A0D0-6357C83F47D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ECDEAC0-C7C2-4BEC-951E-D547941C227E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{708539CC-F12E-4E91-97BC-ACE7468F6A8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73A7A4BA-B1A3-4E6F-87AB-9C5A0A2F3F27}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{767FB016-7D73-492C-AA5C-C1439B28C2F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7962B62D-2672-453A-ACF7-91573C4F62AB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A3F65B5-EC93-4C74-A03E-366279674216}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBC8CA1-2988-466C-B5B7-7C8DD712B846}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7F49548F-BDF6-4F7A-B603-3A559BD12AAB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{81044E59-72B8-4A87-B9FA-DD60F44ABDA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82C8C9BF-E309-4DAA-A6CF-12918FA95FC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8402F61E-43D4-4254-B978-9D8772058BFE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{85BF30D7-D564-4708-926E-0E9175EDC0E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{865D10FA-CCDB-4DA2-959F-01C530E5131F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{872E48D8-442A-40E2-8F4B-272A5DB2BCEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8856EEAB-3923-4914-9B0D-A15D50646113}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E2CB9B5-17A2-4FEC-BC12-B6D14C702A86}" = protocol=6 | dir=in | app=c:\t3fun\hellgate\hgllauncher.exe |
"{91AFCDEB-97A2-4CE6-92DB-31E6A41C3004}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92B5A539-6F6C-4CEF-A527-3332F2175CA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92D09FFB-3B0F-4AA6-9340-3AB7E4E8BA0D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{93EF06AF-AD22-47C0-96FD-451E0FF47FAA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9455CBAE-0E88-4026-AE6F-6A1735864EF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9472BCDB-E515-4E4D-8E00-5CF9966BF1AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96AE3DA3-0BD7-4160-8A87-AF761EE4E355}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97F6206C-D634-4CC6-9684-BE85FD60C723}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FA8F20-26F1-467B-8C61-DD0C49B6AE37}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DA7A531-F015-4A60-8713-89D306AD416C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E912DA2-73CD-48AF-BF44-A3EEC567778D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FF063E3-EBB4-4D42-B11E-3DED1A2E079B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A15701B7-663D-422D-A05F-EEAA09E0967D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A19F3430-79E3-41A2-BC86-807EE0FF1DF1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A2E51B2F-8758-473F-84EB-B8566EEE0D47}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike\hl.exe |
"{A47CD175-A964-474B-96D9-22251EF074EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5D144BA-9E3B-427F-AB9C-7C3649547051}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A5DE696F-8BD3-4BDB-93D6-89294DC0CF28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6B7E4F5-0FB8-45FC-9F62-F1F8BB4EE695}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{A6F6C1BA-6137-40F9-8322-C5CB1228056F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A91F9871-4564-4B5A-876C-2482C89AE6F8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9737DE3-C845-404B-A69E-116333D13F70}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA3860DB-1568-4817-B01E-2C423219407E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC6FA85D-4E05-4DC7-BBD6-4BD948160230}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACE6452F-12B9-448A-AA81-168C05CAB8BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD6B04FC-8E3C-4AAF-8217-0010497F2AE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE25F7B8-EC56-460D-9579-FA4C5F37C345}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED31E5C-BB2D-4C2F-984B-A626A4ED9FAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B005C459-BAB5-4B59-B9B6-81FD7D1E61A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0454CF7-8F63-4BAE-877C-1691C13B688C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0A46380-6BE9-451E-B9D9-2036342B975C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B2668007-0DCC-4EFC-B70B-0431FA18C763}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B498A567-BA59-423A-B499-09D3363790A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B56FD1CE-6ED7-47E9-9AAF-A12430EF205E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9064BCE-7B56-43C4-BE29-FA4778BA6EC8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{B95A6556-8345-4C4A-9F7B-AA722F246C28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC4F0A67-C0C2-4038-91D0-AAF7CB59AF1F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BDF7184C-21A3-4BA0-89B0-E937147256E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE02D1C8-7D94-4A20-84C2-AC6D4EE2EEB9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C094E025-8E4F-42C2-84F3-807955324CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C222F8F2-7005-4F4B-93F5-528A13622764}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C2B8DE4D-14DB-46F6-80F9-9BE892F82F7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C2D780E1-F376-45B6-9B42-B35BDD44C005}" = protocol=17 | dir=in | app=f:\games\gta san andreas\gta_sa.exe |
"{C46807FA-2A4D-4FE0-8820-C2F6EAD66700}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C5053161-80F5-4F5B-B37E-27F0F58B4AA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C50FA813-3DEA-436C-A7EB-1F5EFD253E52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7228A52-29BB-48CC-B63A-031DAA17D126}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC020E0B-7D98-4E51-9377-4D879061ED56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDDC8B23-12A3-46B5-9D21-F64B2A5FCA0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDF5601D-433E-4ADF-B45D-37BE89D32CF6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike source\hl2.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D068B334-5BA2-4027-9F39-23E24AF500B0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D0FE7FE6-18EE-46F9-B236-76A65F42C81F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D2977B69-8F87-4D26-B8BF-85830F86C5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2A961D1-D4E2-4B36-8978-56B1E4FF1DCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3C65D60-0204-4844-BF7E-5140CFD2ECF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D47DEB30-273D-4BA7-A420-EDF907BE601A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8F57ECF-0D2A-446B-A72D-32CB8D11A4D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D952FCB9-1680-4DB8-AF67-7409BAF91C1E}" = protocol=17 | dir=in | app=c:\t3fun\hellgate\hgllauncher.exe |
"{D9650797-E1F2-4074-8DCE-DD3F84091E8B}" = protocol=6 | dir=in | app=f:\games\gta san andreas\gta_sa.exe |
"{DA98F40E-1382-406F-929F-94A61507C55A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DA9D0854-4C15-4C8F-B193-FB2A11849BB5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAA85E28-3F32-4AF1-9B0E-45AE6B4ECE01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC56AA43-7FA2-4236-9E3E-4F1FF9BDBF22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCAC0B98-A933-42AC-ADC4-BABD4C63D5A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD7981D9-7A8D-4F8F-8511-5D43FEE1CD55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF229671-117A-41D5-A025-40D9289F1B7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E13AAF2E-5E13-4825-91EF-C880D01C42FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1895170-7A89-4FA6-9B82-51C990FE2371}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E2FB78D7-6BA7-4B5E-A3CD-6B209BD9F297}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E640F205-2145-4FD1-9A3B-0C673DF6889A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E77A1041-A1DF-4196-81F3-F47B1153CA33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E92A6088-45B8-4486-B3EC-F45179618AD1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E94B9422-8922-41B1-9916-3668B19E149E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E96A1A82-C751-4F3A-928E-858AA2D7DFEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA7EEC74-A774-4656-B233-535F6428C7C1}" = protocol=17 | dir=in | app=f:\games\gta san andreas\samp.exe |
"{ECE67149-25AF-421D-B37C-FAB9976710D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED2AB94F-9FA3-418D-BD78-5755E0069B80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED2C3B36-6CDF-49A3-BE5B-8B1BD71D5282}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFC5FF15-CCA5-4CC3-B587-7FFF2A036CBE}" = protocol=6 | dir=out | app=system |
"{F00C5618-5F23-4F78-AE56-1E8823E5D27C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F09FF140-63B3-4550-9C0B-5ED5450938D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0EC4E7B-DCD1-43D0-A1B5-B9EADCB6F0A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F16366C8-9E16-4539-9FCB-E9D2E2FAB4D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2C2483E-5BFA-42C4-BC18-325D4FD9E40F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F3259D21-4C95-437C-BF03-48F29AC13331}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F52761BE-4A64-4A64-9F33-B271C8F676AD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F56887B8-1BFE-4064-8DAC-279738CF30C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5A7BDB8-C8AB-4B45-A9C2-66309F8AC662}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F69FC020-7A22-4570-A7D5-C97289216D0C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8BB526C-61D7-44FB-A6FD-7418AB478CBA}" = protocol=6 | dir=in | app=f:\games\gta san andreas\samp.exe |
"{F8BC3494-18F9-4B58-BB7C-DD8FF43830A4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{F8BDC19B-C5B8-488B-B26B-7962E40A0357}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\counter-strike\hl.exe |
"{F9A7A4BD-53A6-40E5-AAFE-654BBAD4ACD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FACFF2E9-08FA-4316-82E3-04A696750F1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC8FB7A7-C800-4934-AD1A-9993257BD55A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{01C41422-AD52-436F-9B35-D3424CB3A679}C:\users\egal\downloads\tinyumbrella-4.30.05.exe" = protocol=6 | dir=in | app=c:\users\egal\downloads\tinyumbrella-4.30.05.exe |
"TCP Query User{1BC07C08-818D-4109-AF58-0DF05F2DBBE9}C:\program files\age of empire 2\empires2.exe" = protocol=6 | dir=in | app=c:\program files\age of empire 2\empires2.exe |
"TCP Query User{31492AEE-8015-4863-AE26-FCDEE3277D59}F:\games\trackmania nations forever\tmforever.exe" = protocol=6 | dir=in | app=f:\games\trackmania nations forever\tmforever.exe |
"TCP Query User{4542A32A-95ED-48A8-9428-310309AD4296}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{4D72CF10-E890-43D4-B75E-A0B307CCB62F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{55450C15-D8FB-4C9E-AD46-6BCF3D8461C4}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{5D8086F9-5379-4EE2-B5C9-F636EC73EC80}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F863460-E4D8-4024-B930-B51461C200A1}C:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe |
"TCP Query User{859C2388-3C41-4326-A846-03048C58937D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AD033D0F-A052-45EF-8A0E-E96424F2BB71}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{B952DB70-84E8-4326-BC83-200C329A11F7}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{C0661F5A-200D-4A90-8306-D23964CDFFA9}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{C0CAF677-4A28-4DA2-8F82-40622F6FDA54}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{D14EE8B6-E2B9-440E-ABA4-4A3F8175F1AF}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E1DD28BD-0AE5-43D6-AAC8-1600F1C31978}F:\games\portal 2\portal2.exe" = protocol=6 | dir=in | app=f:\games\portal 2\portal2.exe |
"TCP Query User{ECFA7697-DFFC-4AD6-9844-6F22E75CB763}C:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe |
"TCP Query User{F1F7CBB0-B17A-427F-BA13-CD6FB4C375D0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F403AE55-DA39-46AE-8AF6-25C549ED5D10}C:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe |
"UDP Query User{11EFD968-5EDC-4215-BE23-61AB2B659094}F:\games\trackmania nations forever\tmforever.exe" = protocol=17 | dir=in | app=f:\games\trackmania nations forever\tmforever.exe |
"UDP Query User{1A30FA10-33D9-4210-AA41-FB1D14A76EAF}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{40242A23-AA8F-43BA-993D-08F3D58CFFA5}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{4F2B956D-B957-4AD1-A651-EDFC5D95EC05}C:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\half-life 2 deathmatch\hl2.exe |
"UDP Query User{581E1C67-6BCC-4D76-9C88-F829900F680D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{58348552-7B6B-4ABE-AB9D-CD86759BACA5}C:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\almost_the_mutt\team fortress 2\hl2.exe |
"UDP Query User{62F33D5A-C7E9-42B0-9934-7A6D03B897C2}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{6A428D45-8DF5-4559-80E0-045E8B8A256C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{804C63DF-8CFC-4984-80D0-387BA791E2FD}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{8737B4DB-1224-4D93-A943-1F38EA4AA304}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{AF17773E-C3E9-4366-8BCA-D058D140C350}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B205A933-1B13-4D1B-B12B-DBB8B0DF84DA}C:\users\egal\downloads\tinyumbrella-4.30.05.exe" = protocol=17 | dir=in | app=c:\users\egal\downloads\tinyumbrella-4.30.05.exe |
"UDP Query User{BCEEB310-0F21-44D8-A8F6-4E01340775C7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C1ECF60A-3856-4027-A5A7-7B78A980F9DB}F:\games\portal 2\portal2.exe" = protocol=17 | dir=in | app=f:\games\portal 2\portal2.exe |
"UDP Query User{C7D7CE6A-624C-43DE-97D1-55434FD6F7D2}C:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\the_denyo\team fortress 2\hl2.exe |
"UDP Query User{D6ED58F3-CCE6-4A4A-B526-BC09FC2ECD30}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe |
"UDP Query User{DE6176F6-1D71-49E7-8D22-ACF6DE21FDE5}C:\program files\age of empire 2\empires2.exe" = protocol=17 | dir=in | app=c:\program files\age of empire 2\empires2.exe |
"UDP Query User{FE0D545D-8223-4950-9191-2F744AE2FCC7}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E26E09B-6687-4A99-BD08-A9E705373029}_is1" = Vyzex Pocket POD 1.17
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0004
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{821018E8-68D9-42F0-84FF-C571876B5D33}" = DayZ Commander
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 290.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"8461-7759-5462-8226" = Vuze
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CDisplayEx_is1" = CDisplayEx 1.8
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneCD" = CloneCD
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup" = DivX-Setup
"FL Studio 9" = FL Studio 9
"FoxyDeal_is1" = FoxyDeal version 1.0.0
"Free Video Dub_is1" = Free Video Dub version 2.0.14.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FreeDoko" = FreeDoko 0.7.8
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hardcore" = Hardcore
"hp print screen utility" = hp print screen utility
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Line 6 Uninstaller" = Line 6 Uninstaller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mouse Joypad V1.0" = Mouse Joypad V1.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PoiZone" = PoiZone
"PQ DVD to iPod Converter" = PQ DVD to iPod Converter (remove only)
"PunkBusterSvc" = PunkBuster Services
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD (c) Microsoft Studios version 1
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Sawer" = Sawer
"SearchAnonymizer" = SearchAnonymizer
"Steam App 218" = Source SDK Base 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1" = The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1
"Titan Poker" = Titan Poker
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"TuxGuitar_0" = TuxGuitar 1.2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2013 21:55:56 | Computer Name = Spielserver | Source = Application Hang | ID = 1002
Description = Programm SDFiles.exe, Version 2.1.18.135 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b34 Startzeit:
01ce6d592b99c5a2 Endzeit: 0 Anwendungspfad: C:\Program Files\Spybot - Search & Destroy
2\SDFiles.exe Berichts-ID: 8a41e98c-d94c-11e2-9f1a-001bfc3778b9
Error - 19.06.2013 23:29:29 | Computer Name = Spielserver | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004b2a ID des fehlerhaften Prozesses:
0x89c Startzeit der fehlerhaften Anwendung: 0x01ce6d6428a83234 Pfad der fehlerhaften
Anwendung: C:\ComboFix\swxcacls.3XE Pfad des fehlerhaften Moduls: C:\ComboFix\swxcacls.3XE
Berichtskennung:
9cf05eea-d959-11e2-9cba-001bfc3778b9
Error - 19.06.2013 23:47:28 | Computer Name = Spielserver | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: swxcacls.3XE, Version: 1.0.1.1, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004b2a ID des fehlerhaften Prozesses:
0x1440 Startzeit der fehlerhaften Anwendung: 0x01ce6d66b4a30f40 Pfad der fehlerhaften
Anwendung: C:\ComboFix\swxcacls.3XE Pfad des fehlerhaften Moduls: C:\ComboFix\swxcacls.3XE
Berichtskennung:
201ff77f-d95c-11e2-9cba-001bfc3778b9
Error - 20.06.2013 13:24:57 | Computer Name = Spielserver | Source = VSS | ID = 18
Description =
Error - 20.06.2013 13:24:57 | Computer Name = Spielserver | Source = VSS | ID = 8193
Description =
Error - 20.06.2013 13:24:57 | Computer Name = Spielserver | Source = System Restore | ID = 8193
Description =
Error - 20.06.2013 15:09:42 | Computer Name = Spielserver | Source = VSS | ID = 18
Description =
Error - 20.06.2013 15:09:42 | Computer Name = Spielserver | Source = VSS | ID = 8193
Description =
Error - 20.06.2013 15:09:42 | Computer Name = Spielserver | Source = System Restore | ID = 8193
Description =
Error - 21.06.2013 09:40:05 | Computer Name = Spielserver | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x177c Startzeit der fehlerhaften Anwendung: 0x01ce6e40df4b3c34 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 142b6534-da78-11e2-ae1f-001bfc3778b9
[ Media Center Events ]
Error - 06.05.2010 10:28:30 | Computer Name = Spielserver | Source = MCUpdate | ID = 0
Description = 16:28:27 - MCEClientUX konnte nicht abgerufen werden (Fehler: Fehler
bei der Anforderung mit HTTP-Status 503: Service Unavailable.)
[ System Events ]
Error - 20.06.2013 23:16:23 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 20.06.2013 23:18:31 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 20.06.2013 23:18:31 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.06.2013 09:41:35 | Computer Name = Spielserver | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 21.06.2013 09:41:35 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 21.06.2013 09:41:50 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SGHIDI" wurde mit folgendem Fehler beendet: %%126
Error - 21.06.2013 09:42:08 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Spybot-S&D 2 Scanner Service erreicht.
Error - 21.06.2013 09:42:08 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 21.06.2013 09:44:42 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.06.2013 09:44:42 | Computer Name = Spielserver | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
[ TuneUp Events ]
Error - 17.06.2013 17:30:42 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:30:52 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:30:52 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:30:57 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:30:57 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:31:12 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:31:12 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:31:12 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:31:18 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 17.06.2013 17:31:52 | Computer Name = Spielserver | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Vielen Dank schonmal Ich hoffe ihr könnt mit diesen Daten etwas anfangen (ist das erste mal, dass ich sowas mache) |
| Themen zu Virtumonde.dll/sci/sdn und Spybot |
| bho, bonjour, converter, error, excel, firefox, flash player, google, grand theft auto, hijack, hijackthis, install.exe, logfile, mp3, nexus, nodrives, object, plug-in, popup, problem, realtek, recuva, registry, safer networking, scan, security, shark, software, spybot, super, svchost.exe, teamspeak, trojaner, virtumonde, windows |
Baum-Darstellung