|
Plagegeister aller Art und deren Bekämpfung: Von ICQ übertragener Trojaner - selbstständiges Verschicken von Links - MWB Log dabeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.04.2010, 13:44 | #1 |
| Von ICQ übertragener Trojaner - selbstständiges Verschicken von Links - MWB Log dabei Hallo an alle, wie schon viele andere habe ich dummerweise über ICQ eine infizierte Datei bekommen. Alles war hinter einem Bild mit .JPG Endung versteckt. Problem: Chatfenster werden automatisch geöffnet und dann der besagte Link an alle Leute geschickt. Habe Malwarebytes durchlaufen lassen und mehrere infizierte Dateien entfernt. Hier ist mein Log nach dem Scan: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4003 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18904 18.04.2010 14:32:36 mbam-log-2010-04-18 (14-32-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 114639 Laufzeit: 5 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 9 Infizierte Speicherprozesse: C:\Users\Public\winsvcn.exe (VirTool.DelfInject) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (VirTool.DelfInject) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Public\winsvcn.exe (VirTool.DelfInject) -> Quarantined and deleted successfully. C:\Users\Alt\AppData\Local\Temp\vqo.exe (VirTool.DelfInject) -> Quarantined and deleted successfully. C:\Program Files\Exporter.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\NxCharacter.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\NxCooking.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\PhysXCore.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\PhysXLoader.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files\SI3.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Program Files (x86)\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. Wäre super wenn mir jemand sagen könnte, ob es das soweit war, oder ob ich noch weitere Schritte durchführen muss um diesen Plagegeist los zu werden. Vielen Dank |
18.04.2010, 18:24 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Von ICQ übertragener Trojaner - selbstständiges Verschicken von Links - MWB Log dabei Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
18.04.2010, 21:11 | #3 |
| Von ICQ übertragener Trojaner - selbstständiges Verschicken von Links - MWB Log dabei Ich bedanke mich schon mal ganz herzlich!
__________________Gruß MWB Log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4003 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18904 18.04.2010 22:02:29 mbam-log-2010-04-18 (22-02-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 340819 Laufzeit: 1 Stunde(n), 10 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files (x86)\Gamers.IRC\bin\dll\nHTMLn_2.95.dll (Trojan.Agent) -> Quarantined and deleted successfully. OTL.Txt Log OTL logfile created on: 18.04.2010 22:06:14 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Alt\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117,19 Gb Total Space | 18,84 Gb Free Space | 16,08% Space Free | Partition Type: NTFS Drive D: | 348,57 Gb Total Space | 191,56 Gb Free Space | 54,95% Space Free | Partition Type: NTFS Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALT-PC Current User Name: Alt Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Alt\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Users\Alt\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.) PRC - D:\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm) PRC - C:\Program Files (x86)\Napster\napster.exe (Napster) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files (x86)\Winamp\Winamp.exe (Nullsoft) ========== Modules (SafeList) ========== MOD - C:\Users\Alt\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll () SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys () DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys () DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys () DRV:64bit: - (SI3132) -- C:\Windows\SysNative\DRIVERS\SI3132.sys () DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s115mgmt.sys () DRV:64bit: - (s115obex) -- C:\Windows\SysNative\DRIVERS\s115obex.sys () DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\DRIVERS\s115mdm.sys () DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\DRIVERS\s115mdfl.sys () DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s115bus.sys () DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys () DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.schuelervz.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/" FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.06 13:30:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.06 13:30:59 | 000,000,000 | ---D | M] [2009.06.26 00:23:46 | 000,000,000 | ---D | M] -- C:\Users\Alt\AppData\Roaming\mozilla\Extensions [2010.04.18 16:39:41 | 000,000,000 | ---D | M] -- C:\Users\Alt\AppData\Roaming\mozilla\Firefox\Profiles\ezu3vptq.default\extensions [2009.09.02 19:58:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alt\AppData\Roaming\mozilla\Firefox\Profiles\ezu3vptq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.26 00:23:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.04.06 13:30:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.06 13:30:57 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.06 13:30:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.06 13:30:57 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.06 13:30:57 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll File not found O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Demos\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe (Napster) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Alt\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1223651805 (Image Uploader Control) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A20B1BB0-AC3D-4530-85F3-791B81303190} hxxp://xtraz.icq.com/xtraz/products/photo/english/ICQDevilImg.cab (ICQDevilImg Control) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080115-1 (Image Uploader Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://www.fiaa.eu/OPLauncher.cab (Perparer Class) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Alt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Alt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - E:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0f51fb27-19c9-11dc-8e0c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0f51fb27-19c9-11dc-8e0c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.18 22:04:38 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Alt\Desktop\OTL.exe [2010.04.18 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\Alt\AppData\Roaming\Malwarebytes [2010.04.18 14:18:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.18 14:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.04.18 14:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.18 14:18:02 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Alt\Desktop\mbam-setup-1.45.exe [2010.04.18 14:00:02 | 000,000,000 | ---D | C] -- C:\Users\Alt\AppData\Local\AOL [2010.04.18 13:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1 [2010.04.18 13:58:38 | 012,186,536 | ---- | C] (ICQ) -- C:\Program Files (x86)\install_icq7.exe [2010.04.17 18:21:12 | 000,000,000 | ---D | C] -- C:\Users\Alt\AppData\Roaming\Spyware Terminator [2010.04.17 18:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2010.04.17 18:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2010.04.17 17:56:38 | 000,000,000 | ---D | C] -- C:\Users\Alt\AppData\Roaming\Avira [2010.04.17 17:53:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.04.17 17:53:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.04.17 17:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.04.17 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.04.14 22:11:47 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.04.14 22:11:43 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm [2010.04.14 15:45:06 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.04.14 15:45:04 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.04.05 18:31:15 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.04.05 18:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.04.05 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.03.31 13:49:41 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.03.31 13:49:40 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.03.31 13:49:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.03.31 13:49:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.03.31 13:49:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.03.31 13:49:40 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.03.31 13:49:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.03.31 13:49:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.03.31 13:49:39 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.03.31 13:49:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.03.31 13:49:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.03.31 13:49:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.03.31 13:49:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.03.31 13:49:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.03.31 13:49:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010.03.31 13:49:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2008.10.25 17:02:08 | 132,831,016 | ---- | C] (NVIDIA Corporation ) -- C:\Users\Alt\178.24_geforce_winvista_64bit_international_whql.exe [2008.07.30 04:40:29 | 039,968,152 | ---- | C] (Activision ) -- C:\Users\Alt\CoD4MW-1.6-1.7-PatchSetup.exe [2008.07.30 04:33:38 | 296,330,688 | ---- | C] (Activision ) -- C:\Users\Alt\CoD4MW-1.6-PatchSetup.exe [2008.07.30 01:15:29 | 000,305,672 | ---- | C] (Microsoft Corporation) -- C:\Users\Alt\dxwebsetup.exe [2008.07.15 00:04:43 | 001,156,096 | ---- | C] (Irfan Skiljan) -- C:\Users\Alt\iview410_setup.exe [2008.05.25 20:49:02 | 026,841,805 | ---- | C] (eRightSoft ) -- C:\Users\Alt\SUPERsetup.exe [2008.05.07 20:12:07 | 016,500,592 | ---- | C] (DivX, Inc.) -- C:\Users\Alt\DivXInstaller.exe [2007.12.16 18:36:32 | 000,364,136 | ---- | C] (Digital River) -- C:\Users\Alt\CoD4MW-1-3-PatchSetup-exe.exe [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Alt\AppData\Local\CDRip.dll [2007.06.19 17:39:54 | 027,288,880 | ---- | C] (Apple Inc.) -- C:\Users\Alt\QuickTimeInstaller.exe [2007.06.18 19:34:19 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Program Files (x86)\everesthome220.exe [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Alt\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Alt\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Alt\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2010.04.18 22:08:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F23B811E-3D5E-4070-B3E9-6013F476CE45}.job [2010.04.18 22:05:01 | 013,893,632 | -HS- | M] () -- C:\Users\Alt\ntuser.dat [2010.04.18 22:04:42 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Alt\Desktop\OTL.exe [2010.04.18 22:00:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.18 21:58:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.04.18 20:48:14 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.18 20:48:14 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.18 18:14:32 | 018,446,004 | ---- | M] () -- C:\Users\Alt\Desktop\18042010005.mp4 [2010.04.18 17:00:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.18 14:54:31 | 001,445,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.04.18 14:54:31 | 000,628,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.04.18 14:54:31 | 000,594,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.04.18 14:54:31 | 000,126,850 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.04.18 14:54:31 | 000,104,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.04.18 14:48:41 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.04.18 14:48:15 | 000,034,705 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.04.18 14:48:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.18 14:48:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.18 14:48:10 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys [2010.04.18 14:46:51 | 000,524,288 | -HS- | M] () -- C:\Users\Alt\ntuser.dat{060a5077-d963-11dc-8da2-001a92dada5e}.TMContainer00000000000000000001.regtrans-ms [2010.04.18 14:46:51 | 000,065,536 | -HS- | M] () -- C:\Users\Alt\ntuser.dat{060a5077-d963-11dc-8da2-001a92dada5e}.TM.blf [2010.04.18 14:46:45 | 003,966,633 | -H-- | M] () -- C:\Users\Alt\AppData\Local\IconCache.db [2010.04.18 14:18:34 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.18 14:18:07 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Alt\Desktop\mbam-setup-1.45.exe [2010.04.18 14:00:26 | 000,001,663 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.1.lnk [2010.04.18 13:58:50 | 012,186,536 | ---- | M] (ICQ) -- C:\Program Files (x86)\install_icq7.exe [2010.04.17 18:21:18 | 000,142,592 | ---- | M] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys [2010.04.17 17:53:40 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.04.16 18:43:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.04.16 18:43:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.04.16 17:16:14 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.04.16 16:35:44 | 000,193,988 | ---- | M] () -- C:\Users\Alt\Desktop\Hammer score.JPG [2010.04.16 15:06:25 | 000,250,655 | ---- | M] () -- C:\Users\Alt\Desktop\IMG_0480.JPG [2010.04.16 10:08:10 | 001,877,894 | ---- | M] () -- C:\Users\Alt\Desktop\DSCF6015.JPG [2010.04.14 18:54:31 | 001,109,177 | ---- | M] () -- C:\Users\Alt\Desktop\IMG_0479.JPG [2010.04.14 01:42:22 | 002,889,536 | ---- | M] () -- C:\Users\Alt\Desktop\Whitechapel - The Darkest Day of Man.mp3 [2010.04.09 19:31:05 | 010,445,350 | ---- | M] () -- C:\Users\Alt\Desktop\03-justice-phantom_pt_ii_boys_noize_remix.mp3 [2010.04.09 15:00:51 | 004,726,980 | ---- | M] () -- C:\Users\Alt\Desktop\Heaven Shall Burn - The Omen.mp3 [2010.04.06 16:33:34 | 000,130,560 | ---- | M] () -- C:\Users\Alt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.05 18:31:09 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.25 18:42:08 | 546,397,057 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2010.04.18 21:05:26 | 018,446,004 | ---- | C] () -- C:\Users\Alt\Desktop\18042010005.mp4 [2010.04.18 14:18:34 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.18 14:18:29 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.18 14:00:26 | 000,001,663 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.1.lnk [2010.04.17 18:21:18 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys [2010.04.17 17:53:40 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.04.17 17:53:31 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys [2010.04.17 17:53:31 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.04.17 17:52:11 | 000,414,502 | ---- | C] () -- C:\Users\Alt\AppData\Local\dd_vcredistMSI45F9.txt [2010.04.17 17:52:11 | 000,011,590 | ---- | C] () -- C:\Users\Alt\AppData\Local\dd_vcredistUI45F9.txt [2010.04.17 16:09:59 | 001,877,894 | ---- | C] () -- C:\Users\Alt\Desktop\DSCF6015.JPG [2010.04.16 16:35:44 | 000,193,988 | ---- | C] () -- C:\Users\Alt\Desktop\Hammer score.JPG [2010.04.16 14:31:08 | 000,250,655 | ---- | C] () -- C:\Users\Alt\Desktop\IMG_0480.JPG [2010.04.16 14:31:07 | 001,109,177 | ---- | C] () -- C:\Users\Alt\Desktop\IMG_0479.JPG [2010.04.14 22:11:56 | 001,420,688 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2010.04.14 22:11:55 | 000,224,256 | ---- | C] () -- C:\Windows\SysNative\iphlpsvc.dll [2010.04.14 22:11:55 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\tunnel.sys [2010.04.14 22:11:52 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2010.04.14 22:11:52 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2010.04.14 22:11:52 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2010.04.14 22:11:50 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2010.04.14 22:11:47 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2010.04.14 22:11:43 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm [2010.04.14 17:13:32 | 004,726,980 | ---- | C] () -- C:\Users\Alt\Desktop\Heaven Shall Burn - The Omen.mp3 [2010.04.14 15:45:06 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll [2010.04.14 15:45:04 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll [2010.04.14 01:42:12 | 002,889,536 | ---- | C] () -- C:\Users\Alt\Desktop\Whitechapel - The Darkest Day of Man.mp3 [2010.04.13 16:18:50 | 000,294,912 | ---- | C] () -- C:\Windows\SysNative\browserchoice.exe [2010.04.09 19:30:15 | 010,445,350 | ---- | C] () -- C:\Users\Alt\Desktop\03-justice-phantom_pt_ii_boys_noize_remix.mp3 [2010.04.05 18:31:09 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.03.31 13:49:43 | 009,243,136 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2010.03.31 13:49:42 | 012,464,128 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2010.03.31 13:49:41 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2010.03.31 13:49:41 | 001,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2010.03.31 13:49:40 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2010.03.31 13:49:40 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2010.03.31 13:49:40 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2010.03.31 13:49:40 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2010.03.31 13:49:40 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2010.03.31 13:49:40 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2010.03.31 13:49:39 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2010.03.31 13:49:39 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2010.03.31 13:49:39 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2010.03.31 13:49:39 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2010.03.31 13:49:39 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2010.03.31 13:49:39 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2010.03.31 13:49:39 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2010.03.31 13:49:39 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2010.03.31 13:49:39 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2010.03.31 13:49:39 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2010.03.31 13:49:39 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2010.02.02 18:40:33 | 000,418,448 | ---- | C] () -- C:\Users\Alt\AppData\Local\dd_vcredistMSI5526.txt [2010.02.02 18:40:33 | 000,014,054 | ---- | C] () -- C:\Users\Alt\AppData\Local\dd_vcredistUI5526.txt [2009.12.15 17:29:13 | 000,422,734 | ---- | C] () -- C:\Users\Alt\AppData\Local\dd_vcredistMSI2A0A.txt [2009.12.15 17:29:13 | 000,011,452 | ---- | C] () -- C:\Users\Alt\AppData\Local\dd_vcredistUI2A0A.txt [2009.11.22 03:23:23 | 000,034,705 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.22 03:23:23 | 000,034,705 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.10.13 01:07:58 | 000,001,464 | ---- | C] () -- C:\Users\Alt\AppData\Local\RecConfig.xml [2009.01.26 16:10:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.01.26 16:08:59 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.06.11 02:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest [2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.05.30 16:50:44 | 000,945,160 | ---- | C] () -- C:\Users\Alt\MoveMediaPlayer_07100121.exe [2008.05.25 20:49:42 | 000,408,576 | ---- | C] () -- C:\Windows\SysWow64\Smab.dll [2008.05.25 20:49:42 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2008.05.25 20:49:29 | 000,027,648 | -HS- | C] () -- C:\Windows\SysWow64\Smab0.dll [2008.03.23 15:02:21 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.03.08 16:23:30 | 001,283,968 | ---- | C] () -- C:\Users\Alt\octosetup_v_l_odd.exe [2008.02.12 18:00:48 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{060a5077-d963-11dc-8da2-001a92dada5e}.TMContainer00000000000000000002.regtrans-ms [2008.02.12 18:00:48 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{060a5077-d963-11dc-8da2-001a92dada5e}.TMContainer00000000000000000001.regtrans-ms [2008.02.12 18:00:48 | 000,065,536 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{060a5077-d963-11dc-8da2-001a92dada5e}.TM.blf [2008.02.01 19:47:51 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{afc2e927-d0af-11dc-8d55-001a92dada5e}.TMContainer00000000000000000002.regtrans-ms [2008.02.01 19:47:51 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{afc2e927-d0af-11dc-8d55-001a92dada5e}.TMContainer00000000000000000001.regtrans-ms [2008.02.01 19:47:51 | 000,065,536 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{afc2e927-d0af-11dc-8d55-001a92dada5e}.TM.blf [2008.01.28 00:55:09 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2007.11.10 19:10:24 | 000,358,279 | ---- | C] () -- C:\Users\Alt\pb.htm [2007.11.10 19:10:21 | 000,000,000 | ---- | C] () -- C:\Users\Alt\pbsecsv.htm [2007.11.10 19:10:21 | 000,000,000 | ---- | C] () -- C:\Users\Alt\pbsec.htm [2007.11.10 19:10:05 | 000,000,082 | ---- | C] () -- C:\Users\Alt\pbuser.htm [2007.11.10 19:09:46 | 000,005,527 | ---- | C] () -- C:\Users\Alt\eula.txt [2007.11.10 19:09:45 | 000,009,297 | ---- | C] () -- C:\Users\Alt\pbgame.htm [2007.10.12 23:06:23 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2007.10.04 15:47:33 | 000,000,091 | ---- | C] () -- C:\Users\Alt\AppData\Local\fusioncache.dat [2007.10.03 19:53:52 | 001,491,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2007.08.15 23:09:09 | 009,679,828 | ---- | C] () -- C:\Users\Alt\vlc-0.8.6c-win32.exe [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Alt\AppData\Local\lame_enc.dll [2007.08.05 03:34:27 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{d0a6c26c-42db-11dc-9940-001a92dada5e}.TMContainer00000000000000000002.regtrans-ms [2007.08.05 03:34:27 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{d0a6c26c-42db-11dc-9940-001a92dada5e}.TMContainer00000000000000000001.regtrans-ms [2007.08.05 03:34:27 | 000,065,536 | -HS- | C] () -- C:\Users\Alt\ntuser.dat{d0a6c26c-42db-11dc-9940-001a92dada5e}.TM.blf [2007.08.05 00:45:43 | 000,024,226 | ---- | C] () -- C:\Users\Alt\AppData\Roaming\UserTile.png [2007.08.01 18:08:24 | 006,051,840 | ---- | C] () -- C:\Users\Alt\icq5_1_german_setup.exe [2007.06.17 22:22:39 | 007,582,994 | ---- | C] () -- C:\Users\Alt\Vent.rar [2007.06.17 22:17:22 | 001,449,865 | ---- | C] () -- C:\Users\Alt\wrar370d.exe [2007.06.17 18:02:17 | 000,172,032 | ---- | C] () -- C:\Users\Alt\hvdi.dll [2007.06.17 18:02:17 | 000,151,552 | ---- | C] () -- C:\Users\Alt\libspeex.dll [2007.06.17 02:14:09 | 000,000,023 | ---- | C] () -- C:\Windows\MegaManager.INI [2007.06.16 18:14:53 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2007.06.16 15:23:47 | 000,130,560 | ---- | C] () -- C:\Users\Alt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.16 13:23:18 | 000,021,822 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2007.06.16 13:23:12 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.06.16 13:19:12 | 000,001,460 | ---- | C] () -- C:\Users\Alt\AppData\Local\d3d9caps64.dat [2007.06.16 13:19:11 | 013,893,632 | -HS- | C] () -- C:\Users\Alt\ntuser.dat [2007.06.16 13:19:11 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2007.06.16 13:19:11 | 000,524,288 | -HS- | C] () -- C:\Users\Alt\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2007.06.16 13:19:11 | 000,262,144 | -H-- | C] () -- C:\Users\Alt\ntuser.dat.LOG2 [2007.06.16 13:19:11 | 000,262,144 | -H-- | C] () -- C:\Users\Alt\ntuser.dat.LOG1 [2007.06.16 13:19:11 | 000,065,536 | -HS- | C] () -- C:\Users\Alt\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2007.06.16 13:19:11 | 000,000,020 | -HS- | C] () -- C:\Users\Alt\ntuser.ini [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Alt\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Alt\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Alt\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Alt\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Alt\AppData\Local\no23xwrapper.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 451 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
18.04.2010, 21:12 | #4 |
| Von ICQ übertragener Trojaner - selbstständiges Verschicken von Links - MWB Log dabei Ich bedanke mich schon mal ganz herzlich! Gruß Extras.Txt Log OTL Extras logfile created on: 18.04.2010 22:06:14 - Run 1 OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Alt\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117,19 Gb Total Space | 18,84 Gb Free Space | 16,08% Space Free | Partition Type: NTFS Drive D: | 348,57 Gb Total Space | 191,56 Gb Free Space | 54,95% Space Free | Partition Type: NTFS Drive E: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALT-PC Current User Name: Alt Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l () scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- D:\Demos\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- D:\Demos\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- D:\Demos\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- D:\Demos\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = EB 69 88 6E C5 7F C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{558ADA68-63EF-47A1-812C-774D2FC1B3A8}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C0134-D718-4504-8AFF-CFF7820B6609}" = protocol=6 | dir=in | app=d:\d\games\bf2.exe | "{00C3357A-1F13-4C77-8B95-00226A0B3C6E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{01D8DE56-D9E4-4195-896C-BF310C983ED7}" = protocol=17 | dir=in | app=d:\demos\utorrent.exe | "{08E148FD-EE2D-4600-AA3D-942A3C268B15}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{10E6E9D6-A289-48F7-B77C-8F297C557DF4}" = protocol=17 | dir=in | app=d:\d\games\bf2.exe | "{1657DE85-F789-41DB-AF88-CB3BDDEF9105}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | "{191917A4-387D-4A8C-B8CC-D866C5A92094}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{1C8330A4-9D9F-46C8-906B-CDFDD2B6F5FD}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe | "{1CBB2672-2C3D-4D21-B12C-5CC8F620A3D4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | "{1D2EA81D-7762-4401-8289-92E28D86D7BD}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{1E2593D1-8199-44DD-9B57-F99809661080}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{23E94CF2-C65D-483A-A9E8-FE01FB6EB7C0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe | "{2B22697D-F592-4376-BE24-E323EAADEFE2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | "{2D4A8CFF-B149-429C-B7FC-14C5999B1BA3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{2E2680F7-15B4-4E90-B60D-7BE4DDC4AC1F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe | "{314A2863-5665-4910-ADBC-CF9EC826CAEE}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe | "{3A84FACF-1E53-4229-A5A1-40653AA23DA4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{400364C6-3624-4690-99F6-4B262B4314BE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{420BBFFE-B252-4030-8CB1-21A9ACC4AF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{46DDC878-73DD-4263-B85C-A1A77A08F0DF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | "{484743D7-F002-476D-A5FA-197D65940ADF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | "{4A1AD0E5-C504-47F5-93A2-A2AEC2CFCD3A}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{51222113-7E30-49EB-9195-8B2441C9371B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5431546A-7894-432C-9E66-4504C2F7CF24}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | "{5554AC47-4F27-45A7-B07C-DF863E378B50}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5C0D00B2-1CB6-40C7-8048-C2F17B653DB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{5EE7ED46-9113-49D1-9162-E24677B7B924}" = protocol=6 | dir=in | app=d:\itunes.exe | "{5F3BA9F9-EF2A-4C6F-B1C9-A666F9C24AB2}" = protocol=17 | dir=in | app=d:\kaneandlynch.exe | "{611C65B4-76B2-4593-BF89-27F4CF6BB86F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{6140BB47-C4B3-421D-B540-12C84A11CB90}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | "{625FDE68-BD64-472B-A165-64C145BC4C59}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe | "{6EA2F6EB-D762-4A58-844B-6F5FD45BFA88}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{6EC3B56F-C3FA-45B0-9450-060723BF0607}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6ED0E2F9-9D87-4B8F-B593-105C084B8F9D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6FA21880-33E6-45C4-9A2F-6E46F8DEFD8E}" = protocol=17 | dir=in | app=d:\grand theft auto iv\launchgtaiv.exe | "{6FF6F509-7D91-4C78-9B42-533ACEB3E9A3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | "{72E0FF85-30E4-4848-9E39-DC0524038C5D}" = protocol=17 | dir=in | app=d:\beta\bfbc2betaupdater.exe | "{797A6A56-ACD7-42A9-AF21-E8A1CEA56D90}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe | "{7A1E68E4-431E-4C3E-AFF9-09210982D8AD}" = protocol=6 | dir=in | app=d:\grand theft auto iv\launchgtaiv.exe | "{804E6364-7DC7-4B46-A49A-62C9993B1248}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{81361FD5-BA02-498A-9D51-9199DA44F059}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe | "{8370602E-34C6-4700-B633-2AE2981BCAC2}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe | "{89698B96-BF20-4E48-AB9D-FBDC18EACCBC}" = protocol=6 | dir=in | app=d:\kaneandlynch.exe | "{8BD748DB-18D8-4524-89CB-4AB7C9E1499F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{9012E75C-59AC-4127-80FA-0FEFF80AEC4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{9424EE90-0C65-4909-B843-FBB9133C4BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{979D81F7-516E-4EE5-85D1-7759F1421945}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | "{A08CF2DF-A085-47A8-B369-D287E92D819D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{A08F378D-A2A4-4D45-94E7-837869799B52}" = protocol=6 | dir=in | app=d:\demos\utorrent.exe | "{A1ECD2B6-5E8C-4C67-8EA8-61AEA3FCD998}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-engb-downloader.exe | "{A2D32DC7-A8C4-4FA9-87E8-8C265248695D}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{A35476ED-B5B4-44CE-B594-D0C0CEDF71BE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-engb-downloader.exe | "{A6F26232-8FA9-4837-B8E8-773FEE264E9D}" = protocol=6 | dir=in | app=d:\demos\bfbc2updater.exe | "{AD982B07-BBFA-4C75-A7D9-BC705D754C74}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis mp beta\bin32\crysis.exe | "{ADF085BA-651D-4029-8CF9-A692AB53BF62}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe | "{B4DC9930-F7A2-41F2-A1DD-F337E350FC0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B6A40176-D776-4FED-A657-52646D77E312}" = protocol=6 | dir=in | app=d:\rockstar games social club\rgsclauncher.exe | "{B90D9A54-67C8-4A81-ACA8-424DBD884143}" = protocol=6 | dir=in | app=d:\beta\bfbc2betaupdater.exe | "{BBB785DC-9DC0-4B1D-A0A7-D165A22F6E01}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | "{BE268549-BE91-47E7-B3A1-D537BEC5409C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-engb-downloader.exe | "{BE7723D0-BEA5-417B-B4B6-E5387E0B54CA}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe | "{C2093446-B88E-428D-9CD3-33D3CA260692}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{C2AC269F-3C4F-4BF6-87C5-DAE18DBFB55F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe | "{C66A65DD-D937-4ED3-9AAD-1642A4C91F21}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe | "{D221B1F1-F725-443B-909F-EB66477B7763}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{DAB2099C-B524-46F0-9591-1A7405A33399}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe | "{DDF0DA78-9691-448C-BE1B-CF567F5461DD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{E11D4A56-AEBE-4909-B6FE-6F6EAFB804C7}" = protocol=17 | dir=in | app=d:\rockstar games social club\rgsclauncher.exe | "{E12849CA-1037-436F-A6B4-F6770D9C4696}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis mp beta\bin32\crysis.exe | "{EC7211D6-63E2-406F-9F84-F54181D84B58}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{ED6E87CE-3E98-4696-8C1E-264DD21736ED}" = protocol=17 | dir=in | app=d:\demos\bfbc2updater.exe | "{EDB33608-0745-427E-8A4C-EA96A04CAC98}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe | "{F10C79E7-C3CE-44A0-B37C-3D34EF14D231}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{F4BC33AF-4CE4-4D6E-995E-647739716349}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F960D4F7-2260-4DB7-8CBA-D602C8B74B24}" = protocol=17 | dir=in | app=d:\itunes.exe | "{FBBBA5F0-80EB-4ADD-ADAB-816D3BCB62B6}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe | "TCP Query User{00401DEE-CACE-46F6-831C-B4DDBFFE8DB0}C:\program files (x86)\steam\steamapps\31072015\opposing force\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\opposing force\hl.exe | "TCP Query User{05D088B4-59B7-4950-889D-0B74A5470DCD}C:\users\alt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\alt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe | "TCP Query User{0C9F5F89-7F30-41F0-B689-39703991B600}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{0FD9136B-C5E0-4937-935A-830DCBB8A88A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{1485BD0D-156A-4B90-AFA1-FB8131296408}D:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-dede-downloader.exe | "TCP Query User{1A41FEC0-F88E-403C-B3A1-F3BB1AB6882F}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{1B2FA7AE-3C13-4EA5-9FBD-65C903EF4D05}C:\program files (x86)\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\napster\napster.exe | "TCP Query User{1BC5EC32-8476-46B2-BCA0-AA6C1EA09C50}C:\users\alt\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\alt\program files (x86)\dna\btdna.exe | "TCP Query User{244C9606-0955-48E4-A09A-0E4ED336A958}C:\program files (x86)\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe | "TCP Query User{267C0D4A-F8C4-4D53-A134-17E3AC93B4F4}C:\program files (x86)\steam\steamapps\slotcher1\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\slotcher1\counter-strike\hl.exe | "TCP Query User{2E4A9E49-22F6-4975-AB0D-8E2776457CE4}D:\activision\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\activision\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{2F910FA9-5BD2-40B4-BBF8-4E4BC3FA98BF}D:\games & spam\steamapps\counterpart42\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\games & spam\steamapps\counterpart42\counter-strike\hl.exe | "TCP Query User{322DF8DE-1F67-46A9-BD35-DB9650DC7AC3}D:\kane & lynch\kaneandlynch.exe" = protocol=6 | dir=in | app=d:\kane & lynch\kaneandlynch.exe | "TCP Query User{4501B383-8261-44C2-8573-4A4029E46AD6}C:\program files (x86)\steam\steamapps\slotcher1\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\slotcher1\day of defeat\hl.exe | "TCP Query User{559C2BF6-EAF1-40EB-B7E6-1935FB7BB605}D:\left 4 dead\left4dead\left4dead.exe" = protocol=6 | dir=in | app=d:\left 4 dead\left4dead\left4dead.exe | "TCP Query User{59E2F42F-8E85-4335-9CDC-3F05CDC65235}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{5B965F18-C8C0-4198-91ED-A73A6472926D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{609BABBB-F346-4CBA-A550-AE57F3D9B6DA}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | "TCP Query User{60AC4C5A-93FD-4F73-837E-D1665FE1BCA5}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{63DF3E6B-C2D4-4B59-A4E5-031116C9557F}D:\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\grand theft auto iv\gtaiv.exe | "TCP Query User{66082121-1F80-4992-958C-DA8AEACFF326}C:\users\alt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\alt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{68B6E069-E88E-438E-8F6F-BE0D05C79DDB}D:\beta\bfbc2game.exe" = protocol=6 | dir=in | app=d:\beta\bfbc2game.exe | "TCP Query User{6C88430E-DD7F-4F1A-9389-2C769F7AE64D}D:\demos\metin\metin2.bin" = protocol=6 | dir=in | app=d:\demos\metin\metin2.bin | "TCP Query User{6FF6ABE4-E920-449B-84D2-E0E1A1C548A5}C:\program files (x86)\sierra\fear\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fpupdate.exe | "TCP Query User{710BEF8C-607D-4B8A-BBA8-6542C711BD49}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{72626FE5-82BB-4DD8-BC16-11AD694B7F9A}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | "TCP Query User{73DF8E52-5F78-4D94-8D44-DEE0705905EA}D:\demos\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=d:\demos\world of warcraft public test\launcher.exe | "TCP Query User{7B978F68-0CC4-49C3-B818-ED19D0DC959A}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{7C71FC0D-9460-433E-8EFE-09D2C203D62B}C:\users\alt\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\alt\program files (x86)\dna\btdna.exe | "TCP Query User{81972319-C33D-477D-ADF9-482D419EE79C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{864D5D2E-ED71-455C-8CE1-7E4CFDA58EB8}C:\program files (x86)\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | "TCP Query User{901F4CEF-8044-429C-B82E-E38082007999}C:\program files (x86)\steam\steamapps\31072015\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\counter-strike\hl.exe | "TCP Query User{92692E94-6F41-4C44-9977-E9D4EDB6CA94}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{935B2C0E-6FB6-4EE5-98A8-DDEC86A5F4DB}C:\program files (x86)\steam\steamapps\31072015\team fortress classic\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\team fortress classic\hl.exe | "TCP Query User{9580E5FC-080C-410A-89C5-D5DD08C935CA}C:\program files (x86)\steam\steamapps\stephan_prang@web.de\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stephan_prang@web.de\counter-strike\hl.exe | "TCP Query User{9FF90464-9D3F-4F6A-83B4-4BB57D1C2AB9}C:\program files (x86)\steam\steamapps\counterpart42\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\counterpart42\counter-strike\hl.exe | "TCP Query User{ADC6FAD8-7AFE-4009-838F-8C5EE0F2B7B8}D:\demos\metin2.bin" = protocol=6 | dir=in | app=d:\demos\metin2.bin | "TCP Query User{ADF0570E-8710-4C3E-86B0-26EE7062BEE8}C:\users\alt\appdata\local\temp\blizzard launcher temporary - 103133e0\launcher.exe" = protocol=6 | dir=in | app=c:\users\alt\appdata\local\temp\blizzard launcher temporary - 103133e0\launcher.exe | "TCP Query User{B1207CA1-5BEC-4EBF-95A1-2C86A8F02D0D}D:\demos\bfbc2game.exe" = protocol=6 | dir=in | app=d:\demos\bfbc2game.exe | "TCP Query User{B536BD96-2B1E-4E40-B8BD-90BBF0EC6044}D:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe | "TCP Query User{B56881A8-A6C3-4F7E-9850-9586DF791202}D:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-engb-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-engb-downloader.exe | "TCP Query User{B64C1953-88EF-4220-9C83-9A25DB3E2EE5}D:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-engb-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-engb-downloader.exe | "TCP Query User{C1C11A9C-63B0-4D68-B7C3-9BD12B4AD5EE}C:\users\alt\appdata\local\temp\blizzard launcher temporary - 81df1f08\launcher.exe" = protocol=6 | dir=in | app=c:\users\alt\appdata\local\temp\blizzard launcher temporary - 81df1f08\launcher.exe | "TCP Query User{CBAAD9B9-BDA9-4639-8C44-E85FCD97A21A}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{CBF99E61-A2D4-4254-B5EE-619025B9192F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{D3E45E83-6699-46C3-B44A-A71F651BC846}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{D7C74CE5-4037-4A30-A398-FE71667D3B5A}D:\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=d:\activision\call of duty - world at war\codwaw.exe | "TCP Query User{DD4C85CC-F662-498A-9388-F47E15F80928}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | "TCP Query User{E54342DC-B994-4EB8-918C-6220A7F0FB25}D:\demos\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=d:\demos\binaries\parabellumthegame.exe | "TCP Query User{E5CEEFE1-35E4-45CC-AADF-F3EE05797D30}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | "TCP Query User{E7A2478A-38E0-4785-A917-AAA3DE603858}D:\d\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe" = protocol=6 | dir=in | app=d:\d\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe | "TCP Query User{E92B1688-0D6F-478A-ACFE-2B17167051FD}C:\program files (x86)\steam\steamapps\31072015\half-life blue shift\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\half-life blue shift\hl.exe | "TCP Query User{F00168A2-039F-4A1C-8647-3D9299C290BA}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe | "TCP Query User{F35EA7B2-A7B8-4F68-B2B3-E7248714FA66}C:\program files (x86)\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe | "UDP Query User{0671E798-A315-401A-9556-FB28363C9497}C:\program files (x86)\steam\steamapps\slotcher1\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\slotcher1\counter-strike\hl.exe | "UDP Query User{08C1A8DE-1B2A-435E-9F64-88915D21677B}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{12A87A13-C28E-4DB4-87E8-53DF2A69D33D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{13E98D6D-B559-42BA-9BBE-6CE537433D72}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe | "UDP Query User{18C6ED90-2C21-4CB7-AD15-F57633C2EE71}D:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-engb-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-engb-downloader.exe | "UDP Query User{194195DA-091A-41FC-8EC4-108DC5626984}D:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe | "UDP Query User{196EC21D-09AD-4301-9706-86C0D9F926A5}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | "UDP Query User{1C4214E6-8EBA-4F88-95E1-F0F3ACE2715A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "UDP Query User{211980D5-AD99-46EE-BBA4-DBCCE7E3131B}D:\demos\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=d:\demos\binaries\parabellumthegame.exe | "UDP Query User{2289BA47-4320-43BC-9F49-8FB867423F17}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | "UDP Query User{23EF9636-E3BE-4558-8513-23E5FB1747E8}D:\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\grand theft auto iv\gtaiv.exe | "UDP Query User{24AF84BB-F479-46EF-AF5E-F8E96C1CDAAA}C:\program files (x86)\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe | "UDP Query User{2C51EEC8-3381-4529-AA53-A6AAA257DC0B}C:\program files (x86)\sierra\fear\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fpupdate.exe | "UDP Query User{32660CFA-DD37-4D94-AE63-52BF552CFD98}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{34109888-79E8-4C2C-B497-D15B567B1AD7}C:\program files (x86)\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\napster\napster.exe | "UDP Query User{34900913-3C19-4A25-83D0-C9BE1C1D4E68}C:\program files (x86)\steam\steamapps\31072015\half-life blue shift\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\half-life blue shift\hl.exe | "UDP Query User{389F3FA1-CDE5-443A-B2AF-62872663A699}C:\program files (x86)\steam\steamapps\31072015\team fortress classic\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\team fortress classic\hl.exe | "UDP Query User{3ACD20EB-EADA-4A82-A3E5-51A31F56B2CC}D:\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=d:\activision\call of duty - world at war\codwaw.exe | "UDP Query User{4271CC0A-507A-47C9-8CC0-D71432F84D05}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{446A413F-F10C-4204-9584-500F91B85670}C:\program files (x86)\steam\steamapps\slotcher1\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\slotcher1\day of defeat\hl.exe | "UDP Query User{4593C82E-192A-47A0-B6B0-CEBAFFE3E43B}C:\program files (x86)\steam\steamapps\counterpart42\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\counterpart42\counter-strike\hl.exe | "UDP Query User{4B8C626F-5A04-4F55-AC8E-EDA9A8CEB1AD}C:\users\alt\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\alt\program files (x86)\dna\btdna.exe | "UDP Query User{4D16831D-A6A4-4E5F-B434-EAF1E738A159}D:\games & spam\steamapps\counterpart42\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\games & spam\steamapps\counterpart42\counter-strike\hl.exe | "UDP Query User{54667A78-494E-469B-9344-9F6857DB69F7}C:\users\alt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\alt\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{58AF022F-9FC5-48FC-8DA0-56AA9AAAC406}C:\program files (x86)\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icqlite\icqlite.exe | "UDP Query User{5FE3A9AE-40BC-4476-8047-F0601E2E9458}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{6531E2BC-2EA9-42A3-BB93-BC7FCBE07960}D:\beta\bfbc2game.exe" = protocol=17 | dir=in | app=d:\beta\bfbc2game.exe | "UDP Query User{68044F6E-6F3E-4845-B4B9-57561BC3E100}D:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-engb-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-engb-downloader.exe | "UDP Query User{6D01188E-6E1B-4375-BDDE-3C73992FFB8E}C:\program files (x86)\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe | "UDP Query User{7231DACA-D632-4508-ABF0-FE736E263101}D:\demos\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=d:\demos\world of warcraft public test\launcher.exe | "UDP Query User{7442F811-7E3D-4066-9768-B24B6546D6C8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{7ADC524E-FDE2-43C9-A5C2-9958AC222628}C:\users\alt\appdata\local\temp\blizzard launcher temporary - 81df1f08\launcher.exe" = protocol=17 | dir=in | app=c:\users\alt\appdata\local\temp\blizzard launcher temporary - 81df1f08\launcher.exe | "UDP Query User{7B23952C-D738-405F-B8F9-6F47E8ECD1FC}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{7D2F592B-B1FE-4155-AEC9-34E22E7AC04F}D:\left 4 dead\left4dead\left4dead.exe" = protocol=17 | dir=in | app=d:\left 4 dead\left4dead\left4dead.exe | "UDP Query User{8376C83D-D947-4DD1-94FD-859001919CB5}D:\demos\metin2.bin" = protocol=17 | dir=in | app=d:\demos\metin2.bin | "UDP Query User{8921F1C5-EB5F-4AA0-A876-6C024DEBE7AB}D:\demos\bfbc2game.exe" = protocol=17 | dir=in | app=d:\demos\bfbc2game.exe | "UDP Query User{927F7FD4-708E-4C99-B1EE-77AA4FAB2DFB}C:\program files (x86)\steam\steamapps\stephan_prang@web.de\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stephan_prang@web.de\counter-strike\hl.exe | "UDP Query User{9D02BCF5-D9D8-40B8-A506-14F017A127E0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{BB957183-D1A2-49C9-A2F9-AB8AED1CCBA6}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{BF4418E4-DB28-41CC-9AC1-AD132BA0DD9F}C:\program files (x86)\steam\steamapps\31072015\opposing force\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\opposing force\hl.exe | "UDP Query User{C0ED8151-043B-46EE-B3D4-8696E71A2CCF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{C1E8C2F0-24DB-4950-9D3A-638484C3F3A7}C:\program files (x86)\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamers.irc\mirc.exe | "UDP Query User{C4B3CC73-96E2-49F6-B9D2-23D4D8CBE29B}C:\program files (x86)\steam\steamapps\31072015\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\31072015\counter-strike\hl.exe | "UDP Query User{C94420AF-E29E-477A-AC8D-415EE6A4EDC5}C:\users\alt\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\alt\program files (x86)\dna\btdna.exe | "UDP Query User{CAEE7182-B5AC-41EC-BDC9-6D9CC61D5F91}D:\d\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe" = protocol=17 | dir=in | app=d:\d\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe | "UDP Query User{CE628D93-49B2-44F1-883C-44DE658319BE}D:\demos\metin\metin2.bin" = protocol=17 | dir=in | app=d:\demos\metin\metin2.bin | "UDP Query User{D10E235B-FCCE-495E-A9C1-14FEE25D69B3}D:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-dede-downloader.exe | "UDP Query User{D1C458EF-6CE9-4029-8AD9-C4045E40B34E}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{D63C9373-8290-46F3-BC99-11E5A03F325C}D:\kane & lynch\kaneandlynch.exe" = protocol=17 | dir=in | app=d:\kane & lynch\kaneandlynch.exe | "UDP Query User{DBE1B4E2-5478-4A0D-B9B4-28346B6C652B}D:\activision\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\activision\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{DBE85630-4638-4971-A9D5-EB3B438C70AE}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "UDP Query User{EC335B64-EC21-4E5C-94C4-1CF1CE97641D}C:\users\alt\appdata\local\temp\blizzard launcher temporary - 103133e0\launcher.exe" = protocol=17 | dir=in | app=c:\users\alt\appdata\local\temp\blizzard launcher temporary - 103133e0\launcher.exe | "UDP Query User{F9BC223F-D86C-4074-820D-AF28B646B5A6}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | "UDP Query User{FCB15C55-F0C4-40B3-92DD-D901E640A2FC}C:\users\alt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\alt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F78D5B74-2B10-4D99-B0D5-13FE1A4E0AFE}" = Sony Ericsson PC Suite x64 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5894CCB4-3C86-4483-B5F8-279AD4B0B7C5}" = Parabellum Beta "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Essentials "{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{BACBC990-8681-4D00-9227-F3A32123BB7A}" = Half-Life(R) "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007 "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine(R)2 Sandbox(TM)2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12345_is1" = WeGame Client Public Beta 1.1.6 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "DivX Setup.divx.com" = DivX-Setup "EADM" = EA Download Manager "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Fraps" = Fraps "Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Gamers.IRC" = Gamers.IRC 4.42 "Google Chrome" = Google Chrome "Google Updater" = Google Updater "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "IrfanView" = IrfanView (remove only) "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mIRC" = mIRC "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PunkBusterSvc" = PunkBuster Services "RealPlayer 6.0" = RealPlayer "RivaTuner" = RivaTuner v2.22 "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl "Spyware Terminator_is1" = Spyware Terminator "Steam App 10" = Counter-Strike "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008) "SystemRequirementsLab" = System Requirements Lab "Tales of Pirates Online_is1" = Tales of Pirates Online 1.36 "Uninstall_is1" = Uninstall 1.0.0.0 "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp (remove only) "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "Steam App 30" = Day of Defeat "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.02.2010 12:13:29 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 12:23:48 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 13:38:32 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 13:48:33 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 13:56:26 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 13:59:02 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 14:36:14 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 14:42:01 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 06.02.2010 14:50:55 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = Error - 12.02.2010 13:40:29 | Computer Name = Alt-PC | Source = RasClient | ID = 20227 Description = [ Media Center Events ] Error - 16.04.2008 16:57:57 | Computer Name = Alt-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight gescheitert. [ System Events ] Error - 17.04.2010 12:41:51 | Computer Name = Alt-PC | Source = Service Control Manager | ID = 7026 Description = Error - 17.04.2010 13:14:40 | Computer Name = Alt-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 17.04.2010 13:14:41 | Computer Name = Alt-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ProgramData\Spyware Terminator\FileObjInfo.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 17.04.2010 15:20:00 | Computer Name = Alt-PC | Source = Service Control Manager | ID = 7016 Description = Error - 18.04.2010 07:31:08 | Computer Name = Alt-PC | Source = HTTP | ID = 15016 Description = Error - 18.04.2010 07:31:45 | Computer Name = Alt-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 07:31:45 | Computer Name = Alt-PC | Source = Service Control Manager | ID = 7026 Description = Error - 18.04.2010 08:48:13 | Computer Name = Alt-PC | Source = HTTP | ID = 15016 Description = Error - 18.04.2010 08:48:59 | Computer Name = Alt-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18.04.2010 08:48:59 | Computer Name = Alt-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
Themen zu Von ICQ übertragener Trojaner - selbstständiges Verschicken von Links - MWB Log dabei |
anti-malware, appdata, automatisch, bild, browser, datei, dateien, explorer, guard, helper, icq, infizierte, infizierte datei, infizierte dateien, leute, link, links, local\temp, log, malwarebytes, mein log, microsoft, scan, software, spyware.onlinegames, super, system, temp, trojan.bho, trojaner, version, windows system |