| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JAVA/Exdoer.BC.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.04.2011, 00:00
| #1 |
 |  JAVA/Exdoer.BC.1 Hallo, ich hatte eben einen Befall von im Titel stehendem Javavirus und wollte mich nun schlau machen, inwieweit das Ding eventuell noch auf meinem PC vorhanden ist. Schon blöd, aber ich war auf einer etwas dubiosen Seiten, worauf hin 4 lustige Firefoxfenster sich öffneten - und 4 Warnmeldungen von Antivir aufpoppten. "In der Datei 'C:\Users\Admin\AppData\Local\Temp\jar_cache6692596117640739272.tmp' wurde ein Virus oder unerwünschtes Programm 'JAVA/Exdoer.BC.1' [virus] gefunden. Ausgeführte Aktion: Datei in Quarantäne verschieben" 4x der selbe Virus, in verschiedenen TMP-Dateien. Hier mal eine Liste dessen, was ich bis jetzt tat 1. CC Cleaner drüber laufen lassen und den Cache gelöscht. 2. Anti-Malway Quickscan drüber laufen. Resultat: Nichts gefunden. 3. [AntiVir Scan läuft noch, editiere ich dann hier rein] 4. OTL geladen und gescannt. Hier die 2 Logfiles dazu: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.04.2011 00:33:11 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 55,00% Memory free 10,00 Gb Paging File | 7,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 53,71 Gb Total Space | 5,09 Gb Free Space | 9,48% Space Free | Partition Type: NTFS Drive D: | 166,01 Gb Total Space | 41,72 Gb Free Space | 25,13% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 7,32 Gb Free Space | 15,00% Space Free | Partition Type: NTFS Drive F: | 119,09 Gb Total Space | 9,20 Gb Free Space | 7,73% Space Free | Partition Type: NTFS Drive G: | 43,94 Gb Total Space | 4,82 Gb Free Space | 10,97% Space Free | Partition Type: NTFS Drive H: | 75,60 Gb Total Space | 9,23 Gb Free Space | 12,21% Space Free | Partition Type: NTFS Drive I: | 166,02 Gb Total Space | 7,72 Gb Free Space | 4,65% Space Free | Partition Type: NTFS Drive J: | 14,65 Gb Total Space | 3,68 Gb Free Space | 25,13% Space Free | Partition Type: NTFS Drive K: | 7,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TRUEMMER | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - D:\Program Files (x86)\MirandaFusion\miranda32.exe (modified by Miranda Fusion Team) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe () PRC - D:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Program Files (x86)\VideoLAN\VLC\vlc.exe () PRC - D:\Program Files (x86)\foobar2000\foobar2000.exe () PRC - D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - D:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe (Logitech, Inc.) PRC - D:\Program Files\Logitech\SetPoint\LU\LuLnchr.exe (Logitech, Inc.) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - D:\Program Files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - D:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe () SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- D:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys () DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys () DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys () DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys () DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys () DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys () DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys () DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys () DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS () DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS () DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS () DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS () DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS () DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS () DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys () DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys () DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s115mgmt.sys () DRV:64bit: - (s115obex) -- C:\Windows\SysNative\DRIVERS\s115obex.sys () DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\DRIVERS\s115mdm.sys () DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\DRIVERS\s115mdfl.sys () DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s115bus.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (SASENUM) -- D:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- D:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- D:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (LGII2CDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys () DRV - (LGDDCDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.last.fm/user/Inkompatibel" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2011.03.30 02:42:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.30 02:42:09 | 000,000,000 | ---D | M] [2008.12.29 14:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.04.07 09:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions [2011.03.12 10:43:48 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.02.20 04:54:52 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010.11.23 10:55:01 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2011.04.01 21:07:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.21 14:09:00 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions\anycolor.pavlos256@gmail.com [2009.07.29 16:29:42 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\m752khhf.default\extensions\battlefieldheroespatcher@ea.com File not found (No name found) -- () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M752KHHF.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M752KHHF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.03.19 03:36:33 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009.04.10 09:56:50 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.10.30 18:38:27 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.06.01 14:28:49 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.16 22:42:47 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.05 04:18:23 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} O1 HOSTS File: ([2008.12.29 23:39:38 | 000,290,768 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10015 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] D:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] File not found O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-QAT8K.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O8:64bit: - Extra context menu item: &Download by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: companyofheroes.com ([www] * in Vertrauenswürdige Sites) O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.06 18:33:09 | 000,000,043 | R--- | M] () - K:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{173865d5-7d57-11de-a193-0018f34d741d}\Shell - "" = AutoRun O33 - MountPoints2\{173865d5-7d57-11de-a193-0018f34d741d}\Shell\AutoRun\command - "" = R:\Autorun.exe O33 - MountPoints2\{67c60b4e-d58c-11dd-9aab-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{67c60b4e-d58c-11dd-9aab-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Start.exe -- [2006.01.10 15:49:24 | 000,492,032 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.12 00:28:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.04.01 15:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.04.01 15:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2011.03.20 05:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011.03.20 05:44:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\PunkBuster [2011.03.20 05:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.09.27 00:49:21 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Admin\AppData\Roaming\REX Shared Library.dll [2010.09.27 00:49:21 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Admin\AppData\Roaming\Rewire.dll [2008.10.08 00:42:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2008.10.08 00:23:46 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.12 00:28:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.04.12 00:26:00 | 000,711,168 | ---- | M] () -- C:\Windows\is-QAT8K.exe [2011.04.12 00:26:00 | 000,012,846 | ---- | M] () -- C:\Windows\is-QAT8K.msg [2011.04.12 00:26:00 | 000,000,373 | ---- | M] () -- C:\Windows\is-QAT8K.lst [2011.04.12 00:19:21 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.11 23:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.11 23:28:24 | 000,165,376 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.11 22:39:00 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.11 22:39:00 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.11 19:40:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.10 03:46:11 | 000,014,456 | ---- | M] () -- C:\Users\Admin\Desktop\The essential.rtf [2011.04.06 18:44:24 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.06 18:44:24 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.06 18:44:24 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.06 18:44:24 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.06 18:44:24 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.06 18:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.06 18:39:00 | 1005,772,799 | -HS- | M] () -- C:\hiberfil.sys [2011.04.06 15:30:31 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2011.04.06 15:30:31 | 000,062,644 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2011.04.06 15:30:31 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx [2011.04.01 15:40:05 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2011.03.29 07:52:39 | 000,001,014 | ---- | M] () -- C:\Users\Admin\Desktop\Crysis2.exe - Verknüpfung.lnk [2011.03.20 08:03:12 | 000,000,977 | ---- | M] () -- C:\Users\Admin\Desktop\AssassinsCreedBrotherhood.exe - Verknüpfung.lnk [2011.03.20 05:44:48 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.20 05:44:46 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.12 00:26:00 | 000,711,168 | ---- | C] () -- C:\Windows\is-QAT8K.exe [2011.04.12 00:26:00 | 000,012,846 | ---- | C] () -- C:\Windows\is-QAT8K.msg [2011.04.12 00:26:00 | 000,000,373 | ---- | C] () -- C:\Windows\is-QAT8K.lst [2011.04.12 00:19:45 | 000,000,634 | ---- | C] () -- C:\Users\Admin\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.29 07:52:39 | 000,001,014 | ---- | C] () -- C:\Users\Admin\Desktop\Crysis2.exe - Verknüpfung.lnk [2011.03.20 08:03:12 | 000,000,977 | ---- | C] () -- C:\Users\Admin\Desktop\AssassinsCreedBrotherhood.exe - Verknüpfung.lnk [2010.11.22 04:41:44 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.05.14 01:23:55 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\downloads.m3u [2010.04.02 18:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.16 19:04:24 | 000,000,190 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\default.rss [2009.11.24 06:15:15 | 000,003,436 | ---- | C] () -- C:\Users\Admin\AppData\Local\springsettings.cfg [2009.09.26 00:21:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2009.09.10 23:19:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.31 02:30:22 | 000,000,760 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\setup_ldm.iss [2009.07.29 16:34:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.07.29 16:34:11 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.07.29 16:34:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.01.06 23:32:13 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.01.06 23:32:11 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009.01.06 23:32:11 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.01.06 23:32:11 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.06 23:32:09 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.01.06 23:18:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2008.12.30 20:21:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2008.12.30 20:21:15 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2008.12.30 20:21:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008.12.30 20:21:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2008.12.29 22:05:31 | 000,165,376 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.29 13:54:30 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.12.29 13:54:30 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.12.29 12:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.12.29 11:55:32 | 000,144,896 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2008.12.29 11:55:32 | 000,071,168 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2008.12.29 11:54:52 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2008.12.29 11:49:19 | 000,000,732 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat [2008.12.01 22:08:39 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.10.08 01:08:38 | 000,020,936 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2008.10.08 00:41:40 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2008.10.08 00:31:14 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2008.10.08 00:31:14 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2008.10.08 00:23:50 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2008.09.12 22:22:40 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2008.08.19 19:39:18 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.04.2011 00:33:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 55,00% Memory free
10,00 Gb Paging File | 7,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 53,71 Gb Total Space | 5,09 Gb Free Space | 9,48% Space Free | Partition Type: NTFS
Drive D: | 166,01 Gb Total Space | 41,72 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 7,32 Gb Free Space | 15,00% Space Free | Partition Type: NTFS
Drive F: | 119,09 Gb Total Space | 9,20 Gb Free Space | 7,73% Space Free | Partition Type: NTFS
Drive G: | 43,94 Gb Total Space | 4,82 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
Drive H: | 75,60 Gb Total Space | 9,23 Gb Free Space | 12,21% Space Free | Partition Type: NTFS
Drive I: | 166,02 Gb Total Space | 7,72 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive J: | 14,65 Gb Total Space | 3,68 Gb Free Space | 25,13% Space Free | Partition Type: NTFS
Drive K: | 7,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: TRUEMMER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- D:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = D:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = D:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files (x86)\Combat Arms\CombatArms.exe" = D:\Program Files (x86)\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Program Files (x86)\Combat Arms\Engine.exe" = D:\Program Files (x86)\Combat Arms\Engine.exe:*Enabled:Engine.exe
"D:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = D:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = D:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files (x86)\Combat Arms\CombatArms.exe" = D:\Program Files (x86)\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Program Files (x86)\Combat Arms\Engine.exe" = D:\Program Files (x86)\Combat Arms\Engine.exe:*Enabled:Engine.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0280C9CC-DFA0-47CB-ACA6-BD6F8CB175F9}" = lport=61122 | protocol=17 | dir=in | name=azureus-ports |
"{04E6F76C-C053-439C-98C7-C2059AD570E0}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher |
"{081E5DD3-B5DA-4018-A154-4F8B426D4D56}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{09D226C2-A962-4E07-A7B4-D7B9C05B49F0}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{0C96BFEE-F306-47DC-A509-B09BB3B4752F}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher |
"{16D42004-A435-4A21-AFCE-5F3EEAD69765}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{1904AB39-3A33-4369-A6C0-CA849DA32AB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19601FAB-6D9D-420C-A6BF-E0CC0F2B34A0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1C1F9503-2A66-411A-8E4C-AFA9B613B5A5}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{21601C1A-D7C9-48AF-B6BE-63FDAAE7FC13}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{2BE42BAE-FCEC-407C-BC61-65B3AB994699}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{3CF646A4-1EAD-42CC-A6A7-D4DFB4E3637B}" = lport=6974 | protocol=6 | dir=in | name=league of legends launcher |
"{3DBFA0B8-C342-4A35-BEE9-EC699C792B39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40CB7FD1-6C54-4CD9-93B2-07C334DE61EC}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{5B3FA75C-F0F8-4CD3-83F8-EBB1216CB7CA}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher |
"{64495A21-6DAA-44EA-A634-51B6C3308C22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{66DCF270-BB37-4AA7-8532-EB967DCAB66B}" = lport=6974 | protocol=17 | dir=in | name=league of legends launcher |
"{76C33441-3863-4008-B574-15DAC1FC9415}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher |
"{76C5E1B8-0FFB-401C-86DE-D725DD16DD21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81A51C5A-1B3F-454A-AE06-AE2F9D654091}" = lport=6112 | protocol=6 | dir=in | name=company of heroes online |
"{910214E0-F424-4DF5-97EC-6802E247CB6C}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |
"{9311A6C0-1B88-4AFD-960E-8AD6F20EE864}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9F63425-DE05-46EE-B501-FDA4396D0E8F}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BB019783-D330-435C-8247-B425D703087D}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |
"{C73AAF44-0FA0-4990-B93B-90FD22799697}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher |
"{C7CE82CD-11BA-4E07-A1C9-4364FBED71D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF46FEF9-09C3-4365-94A9-DE841ACA8B67}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{D5648EFA-9118-47AE-BFB7-B735DCE51DF6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E762712E-21DA-43FE-9E70-771A558A0196}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher |
"{FF1896C2-FDF9-4D57-A505-7D3DE2B03C61}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0528CD27-7974-4E74-BD09-DB8721A3AED4}" = protocol=6 | dir=in | app=f:\program files (x86)\league of legends\air\lolclient.exe |
"{08C2D578-22EB-4456-976A-897224811DA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0AAD6BA6-3FFB-419F-A625-F6091E6D9CC7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F0187E5-58F6-4709-AE44-3FEBE9C08B85}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{0F7E2D9F-CBBF-447C-9693-7C7E7EEBA5BC}" = protocol=17 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{10A7C992-A54E-406A-A374-86126C425711}" = protocol=6 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{11B7F14D-BC4E-4B2A-A9CD-78029D630034}" = protocol=17 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{12529AEA-7EC4-47C2-9C22-987F5A6B9DA8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1704F193-3397-4C28-8CE3-4BED9D1FF554}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\dragon age™ ii\bin_ship\dragonage2.exe |
"{17D34E83-A405-416F-9BF6-B823F3753B4C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{18F164AE-52BA-4C9A-A5BD-9ED8AFCD72A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{19FE742B-A186-4526-9C49-F379922D7C02}" = protocol=6 | dir=in | app=d:\program files (x86)\free flv converter\freeflvconverter.exe |
"{1ADEE6D9-6128-40F0-9658-EA735CE0891C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1C50FA48-43AF-468D-9B3F-5C757C27B271}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\launcher.exe |
"{202AA4C1-2AA9-4A69-98A0-B3BA1367A4F5}" = protocol=17 | dir=in | app=f:\program files (x86)\league of legends\lol.launcher.exe |
"{219129F1-67C3-450B-AFC9-42CBF900A3CD}" = protocol=6 | dir=in | app=d:\program files (x86)\binaries\win32\shippingpc-stormgame.exe |
"{24072274-81F6-4344-B03E-C8744E79FEC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2621CC2C-9766-4821-ABD4-DAE2083F2F80}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{278AFD70-1CA4-4B71-B94E-AD69046328EE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{29FE2E93-9E11-4A48-B3AB-3747B0C30158}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{2B75B982-05C8-43CC-8E7C-ADEF087683B8}" = protocol=6 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{2E0E6D40-5DFF-459D-B8B3-C2F51595A8C0}" = protocol=6 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{2E6FDA49-F1FE-4A33-ACAA-63139C051CD7}" = protocol=17 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{2FDAD211-9D86-4CD0-8DC7-04C3D04A7AF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{312977D3-D966-4AC5-BD11-4B2AB73F64F8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\pirates, vikings, and knights ii\hl2.exe |
"{32AB6979-4AD9-4C70-9782-FD47C513CA96}" = protocol=17 | dir=in | app=d:\program files (x86)\mirandafusion\miranda32.exe |
"{34F0BB36-CA4C-4F0B-87B1-58CB3AFCBBDB}" = protocol=6 | dir=in | app=f:\program files (x86)\league of legends\air\lolclient.exe |
"{41476DC8-A13A-4D80-BEB9-AFF3251B3C93}" = protocol=17 | dir=in | app=d:\program files (x86)\hamachi\hamachi.exe |
"{419EBA82-BEEA-4FA7-97B4-91C36E3BB58A}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\dragon age™ ii\dragonage2launcher.exe |
"{41F26433-896F-4907-A7BF-501C433C0384}" = protocol=6 | dir=in | app=f:\program files (x86)\league of legends\lol.launcher.exe |
"{4548AD1F-CE8B-4520-A57C-620E9336C413}" = protocol=6 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{4689627D-10F9-4456-AAFF-F30077F6EDE8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{481DEC7A-37EC-412F-944D-CA4683B84F62}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\source sdk base 2007\hl2.exe |
"{4CC28801-E3BB-4839-B0D2-F2C91A3E24F7}" = protocol=17 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{51ED7CA5-BA95-447E-BCD2-024933ED3662}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{53236D95-9E5A-43E1-8C78-D6F15B1A9BD0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{540EA4E0-BD58-4771-A9AA-068F34100185}" = protocol=17 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{550DAFBC-0BE3-4CDD-8BF9-F625606E9400}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\pirates, vikings, and knights ii\hl2.exe |
"{555D305F-82C4-4552-9B9B-3E45D3303F2C}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\pirates, vikings, and knights ii\hl2.exe |
"{59E04F01-E3A0-4514-BCA3-C4661E33EE99}" = protocol=17 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{5C3AF77E-EF1E-4C83-AF45-847FAA754C80}" = protocol=6 | dir=in | app=d:\program files (x86)\vuze\azureus.exe |
"{617E6C0C-D038-4CAA-A80E-3AA12ED2910D}" = protocol=17 | dir=in | app=d:\program files (x86)\vuze\azureus.exe |
"{62E22219-2261-400E-B168-72C9D14B41CC}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\dragon age™ ii\bin_ship\dragonage2.exe |
"{638ADE24-D5C9-45D5-BEA8-50435AD3FFA8}" = protocol=17 | dir=in | app=f:\program files (x86)\league of legends\game\league of legends.exe |
"{6DBB0530-FDC3-44B6-BBF5-01238F37F2DE}" = protocol=17 | dir=in | app=d:\program files (x86)\binaries\win32\shippingpc-stormgame.exe |
"{708717C6-F185-43D6-9429-14568112DD28}" = protocol=17 | dir=in | app=d:\program files (x86)\gamigo\heroes in the sky\his.exe |
"{723E8C05-FCCD-4E19-8215-F70EF053EE46}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{7569B189-1EE1-4EC0-8B59-58DA42C45E9A}" = protocol=17 | dir=in | app=d:\program files (x86)\combat arms\combatarms.exe |
"{78B1C5ED-F263-46B4-A99A-5859850BFB25}" = protocol=6 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{7EF279D3-7382-4F89-BBF7-C2F7E2745CD4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7F6F9E7A-8E41-485F-9563-B546FF980766}" = protocol=6 | dir=in | app=d:\program files (x86)\hamachi\hamachi.exe |
"{7F8A321C-A510-47BA-B3D3-54CC622F2ED4}" = protocol=6 | dir=in | app=d:\systemcheck_dede.exe |
"{837D2E13-346E-4D2C-87C6-ACC7133D7C2B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\pirates, vikings, and knights ii\hl2.exe |
"{84F9253E-76A5-4AB7-89BE-170CE8E2D75F}" = protocol=6 | dir=in | app=d:\program files (x86)\mirandafusion\miranda32.exe |
"{8626C9AD-FA94-402A-AD13-0459838D5BA2}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{8C61E5C0-9B19-4DF9-889D-1E9B6825BB0B}" = protocol=6 | dir=in | app=d:\program files (x86)\mirandafusion\miranda32.exe |
"{97721B3E-6284-451A-ABD8-B534FFE5F03C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9A4D09C5-3CFE-409F-BB7A-5970EC2804F8}" = protocol=6 | dir=in | app=d:\program files (x86)\gamigo\heroes in the sky\his.exe |
"{9AC99A2B-21A2-4920-A673-FFE115F73E01}" = protocol=6 | dir=in | app=d:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{9AF8FAB6-3141-47E8-8834-0E55C12873E0}" = protocol=17 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{A1060CBA-8B16-44AB-8295-3AC9F7FDC708}" = protocol=6 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{A196C275-441D-4D3F-AFAE-91486201E514}" = protocol=6 | dir=in | app=f:\program files (x86)\league of legends\game\league of legends.exe |
"{A65B45F4-436E-46CB-8A9B-0ABA7E9B4154}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\daoriginslauncher.exe |
"{A7EF837A-B6D3-4815-8EDF-A3BF87B084A6}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{A8A9F472-BF94-40C1-8E97-D1963652E39E}" = protocol=6 | dir=in | app=f:\program files (x86)\league of legends\game\league of legends.exe |
"{AD899F5B-AAD6-4575-864D-9D5258E3C6E3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\zombie panic! source\hl2.exe |
"{AEE1CFD3-F7C1-497D-A8EC-102300DBE726}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AEF2E688-9B5E-446C-96A5-C05BA456C5BC}" = protocol=6 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{AF290E0E-4B51-4293-A5ED-EFA1FDDE4CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{B113F505-4E55-4DC7-AE24-9659ABC1A8B8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{B3E70353-7FFA-4553-8D23-A42D251F441A}" = protocol=6 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{B88D52D5-763E-4CF2-92F8-4572AFB1B5F9}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\daoriginslauncher.exe |
"{B95ECAC6-ACCD-4F88-B73A-4512064323DE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BB7132D5-D408-4C09-81C3-909200765F85}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BC1319F5-5EE0-4AD8-A36A-445A13AD2CEA}" = protocol=17 | dir=in | app=h:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{BC6589E2-8A67-4140-8436-82488716D395}" = protocol=17 | dir=in | app=f:\program files (x86)\league of legends\air\lolclient.exe |
"{BC96265D-3323-4D39-BC55-00C98B11CBD7}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{C12A005D-CACB-4ED2-9B3D-D780AAE217D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C267DE66-622C-4086-AFAD-A43B091DA8A0}" = protocol=17 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{C3285A29-A696-4DEF-8E9B-8F2B4F2CC0B6}" = protocol=17 | dir=in | app=f:\program files (x86)\league of legends\air\lolclient.exe |
"{C8AADD9B-C1D6-4152-8021-B94EC96A66A7}" = protocol=17 | dir=in | app=d:\program files (x86)\mirandafusion\fusiontools\updater.exe |
"{CBD96586-92A2-4C7A-B298-9CB536D89139}" = protocol=17 | dir=in | app=d:\program files (x86)\free flv converter\freeflvconverter.exe |
"{CEC8970C-10DF-4619-87BB-7F79D767249A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\zombie panic! source\hl2.exe |
"{CEEEA8CE-9D50-40B6-82D9-E2A9E7293F37}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CFA92D61-CC17-4117-950E-0477858FD157}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D08AEE31-6199-47D8-8A46-6EC09AF818EF}" = protocol=6 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{D52C0773-DF47-4E72-85F3-F9A385125633}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\dragon age™ ii\dragonage2launcher.exe |
"{D6B23BEF-F681-44B9-82A2-E65994BCB716}" = protocol=17 | dir=in | app=d:\program files (x86)\mirandafusion\miranda32.exe |
"{D84507FD-DF6D-4382-82CC-2B2B1B28AEB2}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\source sdk base 2007\hl2.exe |
"{E4EBE696-148C-425E-96C6-F712901982C3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\zombie panic! source\hl2.exe |
"{E68A2CE1-3BAB-4A40-B6FE-DB873085C148}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E85BC82B-DBFD-4844-A36F-7F8948618509}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{E94B2BAF-5068-40E0-9ADA-280581AAC35A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EBB83342-265A-4F2C-9119-410127CE85B7}" = protocol=17 | dir=in | app=f:\program files (x86)\league of legends\game\league of legends.exe |
"{EBD96535-E018-4220-A496-DAF06E9562DD}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{ECAC66E3-1DD4-4624-875F-885CC818471E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{EE0EA254-FB82-4B2F-A04E-433634E9F6C2}" = protocol=6 | dir=in | app=d:\program files (x86)\combat arms\combatarms.exe |
"{EFE10F38-CA9E-4714-937C-443016EB1F98}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F6F019A9-AABB-4D58-A975-7F4E887E0B5B}" = protocol=17 | dir=in | app=d:\systemcheck_dede.exe |
"{FBC34DA9-37A6-493A-A6D8-FB3C1CF8B197}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{FCA168AD-F211-46A2-9483-92235E044844}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{FD09B0DB-E128-4E3F-938B-6B4BD5B758F7}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\zombie panic! source\hl2.exe |
"{FE491C02-DCBB-439F-900D-A9C4C2D54FA1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FEBD8E0B-4759-4E59-89A1-F829F8B4D1FD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\launcher.exe |
"TCP Query User{011EE90D-6FE2-40CB-97D1-B09EEA8EF459}D:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{03F8D06D-8AC9-4D7A-817F-E295273ECBB7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{07C87886-1F95-442A-A7A4-703867DB371E}D:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{0A2A8B17-BB95-40EF-91C3-A15EA3FF48C2}F:\program files (x86)\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\sid meier's civilization v\civilizationv.exe |
"TCP Query User{16AAA867-9378-4700-A1B5-6DF24D5E7E8D}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{2008D7D7-87EF-4FB6-AF52-559BDA5CB7A7}D:\program files (x86)\spring\springlobby.exe" = protocol=6 | dir=in | app=d:\program files (x86)\spring\springlobby.exe |
"TCP Query User{2170901F-7D32-40D0-864C-6DAD72944BC4}F:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"TCP Query User{23385652-C07F-456B-B25F-E3FE906D5AB0}D:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\program files (x86)\anno 1701\anno1701.exe |
"TCP Query User{320089AF-DB90-41CD-8DC3-26C0FC32D0BA}F:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"TCP Query User{35FF7EDC-093B-4777-A2A0-48C98BFE3F57}E:\program files (x86)\nfsworld\data\nfsw.exe" = protocol=6 | dir=in | app=e:\program files (x86)\nfsworld\data\nfsw.exe |
"TCP Query User{4AC29DC4-7C8F-44C2-9C26-121FFFD342A8}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{4E07B1EF-2B3A-4570-8888-F7DC670F8006}F:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{5F8EC169-5241-4453-AA92-A9CAFC7BD4AC}C:\users\admin\appdata\local\temp\blizzard launcher temporary - a0838110\launcher.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\blizzard launcher temporary - a0838110\launcher.exe |
"TCP Query User{666C4CC4-6061-4C1C-8F84-F94CE8FCDD02}D:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{6D8059BB-FE65-40C4-9419-FAB15D451A8C}C:\users\admin\appdata\local\temp\blizzard launcher temporary - 9e03cc28\launcher.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\blizzard launcher temporary - 9e03cc28\launcher.exe |
"TCP Query User{6EA7262A-825D-445B-AE76-F47B802A4F2D}E:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire.exe" = protocol=6 | dir=in | app=e:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire.exe |
"TCP Query User{70FA536B-CF32-423C-AD40-78FF71491DF4}C:\programdata\electronic arts\need for speed world\data\nfswo.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfswo.exe |
"TCP Query User{78B398C5-1CA8-4462-89EE-ABFB5163CE9D}F:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe |
"TCP Query User{78F4AA07-8ED5-4E54-8479-A41B8FF7D1F8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{7A50591A-E770-484E-A5C8-4FF472D31910}D:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{7AF01DF1-0005-41F9-83AE-C22B869C0E71}F:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{80FB537B-4731-463E-8C59-9FE521A5E28C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{87DE4EE5-5BB9-483A-9C3D-9CBFDCDB6FE7}F:\program files (x86)\steam\steamapps\darkensky\insurgency\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\insurgency\hl2.exe |
"TCP Query User{969AA986-5153-428A-A722-72A3EDF4C016}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{985DA2B5-6748-43C5-976B-051026286935}D:\program files (x86)\face of mankind\fom_client.exe" = protocol=6 | dir=in | app=d:\program files (x86)\face of mankind\fom_client.exe |
"TCP Query User{9A9978B3-C81D-4A21-BEC9-2E41EE066A94}E:\tdu2downloader.exe" = protocol=6 | dir=in | app=e:\tdu2downloader.exe |
"TCP Query User{9C5E62C5-4FC2-42CD-92AA-07D1176C7116}F:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe" = protocol=6 | dir=in | app=f:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe |
"TCP Query User{9EE63BCE-AAC3-4C57-A8BC-05B85C72ABA5}D:\program files (x86)\spring\spring.exe" = protocol=6 | dir=in | app=d:\program files (x86)\spring\spring.exe |
"TCP Query User{A202E141-A700-499A-AA67-E927D8B64EC7}D:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{A63E7F68-CD65-4DA0-9438-C466092B0B34}E:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire diplomacy.exe" = protocol=6 | dir=in | app=e:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire diplomacy.exe |
"TCP Query User{A9A94C76-C2C6-4BBA-BD11-5533B35C8CEB}F:\program files (x86)\electronic arts\nfsworld\data\nfsw.exe" = protocol=6 | dir=in | app=f:\program files (x86)\electronic arts\nfsworld\data\nfsw.exe |
"TCP Query User{AB6636FC-4240-45C2-AFC1-3B5157A93885}D:\program files (x86)\tremulous\tremulous.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tremulous\tremulous.exe |
"TCP Query User{ABE9B9B7-D32A-4D9D-9D08-2A6DECB49F94}D:\program files (x86)\thq\relic entertainment\company of heroes online\game\reliccohoww.exe" = protocol=6 | dir=in | app=d:\program files (x86)\thq\relic entertainment\company of heroes online\game\reliccohoww.exe |
"TCP Query User{B2AAF32C-2523-4EC3-9D6E-5C99C5E18BD0}E:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{BD198E43-921D-4DDA-9E6B-6248A9EFA7DA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{BF85122C-2434-4FE9-BCF0-C5101E0A6F64}D:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{BFB915B0-0006-4B52-B997-F1962874EAC4}D:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files (x86)\vuze\azureus.exe |
"TCP Query User{C611D71D-542C-4527-9C3F-F8DC14E9AA43}F:\program files (x86)\steam\steamapps\darkensky\source sdk base\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\source sdk base\hl2.exe |
"TCP Query User{CB86526E-15B2-4777-B9F0-B1F46E76C372}D:\program files (x86)\freeciv-2.0.9-gtk2\civserver.exe" = protocol=6 | dir=in | app=d:\program files (x86)\freeciv-2.0.9-gtk2\civserver.exe |
"TCP Query User{E14D50D9-5831-49E0-B85C-3406FBC66074}F:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{E21A589D-B811-4523-920E-9AC93F270114}F:\program files (x86)\steam\steamapps\darkensky\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\source sdk base 2007\hl2.exe |
"TCP Query User{E2D257E4-5139-4E7F-8491-B6C407D53698}F:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe |
"TCP Query User{E435C876-6FF6-4441-8ACD-ADDB1008753C}D:\program files (x86)\birth of the empires alpha 5.1\bote.exe" = protocol=6 | dir=in | app=d:\program files (x86)\birth of the empires alpha 5.1\bote.exe |
"TCP Query User{E8654A56-E466-4CAA-B6CC-759A430D53D7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F7D894FA-714F-4F9E-90D8-D269257AD001}G:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=g:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{F7EE7D87-2A52-4E3A-A26A-CC1CA1501D94}D:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{FC0E3D35-4D1C-41DA-8C65-80F5451B925B}G:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=g:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{FE4E06A1-16D9-4084-A97A-BB3619B15D7F}D:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{09918899-F741-4640-81F0-E6F483428BB2}E:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire.exe" = protocol=17 | dir=in | app=e:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire.exe |
"UDP Query User{1C6D1F0A-17FD-408C-9F65-28D08D94F718}D:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\program files (x86)\anno 1701\anno1701.exe |
"UDP Query User{1EC5F513-10CF-4E0A-83DF-3865DDBE41EA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{26560BC8-DA8E-4C33-90E8-D3B7F7151AD0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{271C36A7-E223-4F65-A61E-9AF024143962}D:\program files (x86)\freeciv-2.0.9-gtk2\civserver.exe" = protocol=17 | dir=in | app=d:\program files (x86)\freeciv-2.0.9-gtk2\civserver.exe |
"UDP Query User{29090100-F7F0-48DB-A68E-6B34CD77BE2C}F:\program files (x86)\electronic arts\nfsworld\data\nfsw.exe" = protocol=17 | dir=in | app=f:\program files (x86)\electronic arts\nfsworld\data\nfsw.exe |
"UDP Query User{2FCCFA9D-85BC-465E-A832-934ADAC84A72}D:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{310B19F6-E10F-4F53-BE78-DC62C33742A5}D:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{425EA004-B588-4765-AAF4-16D181FA2B29}F:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{443D2151-2BA5-4E5F-9F54-F78DFB9EB78D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{48056E45-07F0-4C97-B8B8-F84C5872762F}D:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{4BB22B4A-BDEB-4086-B656-342865231E6A}F:\program files (x86)\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\sid meier's civilization v\civilizationv.exe |
"UDP Query User{4D4AAE68-E7DD-4C2B-AF6B-B6B7F9F6AA31}E:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{4F9FF81A-6A02-47FD-BD63-D08406EE9352}C:\users\admin\appdata\local\temp\blizzard launcher temporary - a0838110\launcher.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\blizzard launcher temporary - a0838110\launcher.exe |
"UDP Query User{5000EA0E-525B-4724-9B66-123A627815A4}D:\program files (x86)\birth of the empires alpha 5.1\bote.exe" = protocol=17 | dir=in | app=d:\program files (x86)\birth of the empires alpha 5.1\bote.exe |
"UDP Query User{5B43582E-A84B-48BC-9735-751BD4553287}F:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=f:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"UDP Query User{5C479231-7E8E-414F-B4C2-F126B0E20AEF}D:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{68C969DE-C8DE-4009-BD06-89AA1B3DCE65}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{70A95F65-1A4E-4C6E-872F-6159606C4A2E}C:\programdata\electronic arts\need for speed world\data\nfswo.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfswo.exe |
"UDP Query User{711694D3-54BB-41B8-9699-D903F893B369}D:\program files (x86)\tremulous\tremulous.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{7248BF13-61D3-4495-BB84-A6463C877F2B}E:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire diplomacy.exe" = protocol=17 | dir=in | app=e:\program files (x86)\stardock\sins of a solar empire\sins of a solar empire diplomacy.exe |
"UDP Query User{7320D83D-9426-4658-9BC1-04A241D133E3}D:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{7354EBAE-BC29-452B-84A7-B82BD3B3AE03}F:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"UDP Query User{87585B74-364E-41F1-8B2C-E95BEFFDE6D2}F:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe |
"UDP Query User{89F14136-3962-41C6-AF51-177EB45581E4}F:\program files (x86)\steam\steamapps\darkensky\source sdk base\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\source sdk base\hl2.exe |
"UDP Query User{8DA431BB-6208-4C1C-830C-551A2A0813C4}D:\program files (x86)\spring\spring.exe" = protocol=17 | dir=in | app=d:\program files (x86)\spring\spring.exe |
"UDP Query User{9BCC8FC4-346E-47FC-9222-D262F30C4E77}D:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files (x86)\vuze\azureus.exe |
"UDP Query User{9F495D1E-2DB7-4E36-B141-7D5CAEEEE93E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A7583719-BEF4-429F-86A7-24C430003BC0}F:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{A9D26A8A-2EC4-4118-ADBB-295D7B8BA97A}F:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{AACC244E-8342-4838-8B64-9F24DE2967CC}D:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{ACED115E-C540-4C4E-BB12-0C8150BB4375}D:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{B044BC18-1274-4574-BCE6-7A12134D238E}F:\program files (x86)\steam\steamapps\darkensky\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\source sdk base 2007\hl2.exe |
"UDP Query User{BD8D5267-2761-4690-9C6D-5CBCF3B9A669}D:\program files (x86)\spring\springlobby.exe" = protocol=17 | dir=in | app=d:\program files (x86)\spring\springlobby.exe |
"UDP Query User{C76F92AD-5A97-4F4B-8A26-27AC48613F0A}F:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\dystopia\hl2.exe |
"UDP Query User{C88DDA0F-9809-4ADB-A71B-725B34BDD619}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{CA1FDF43-68D2-497B-994F-DB501CD9C649}F:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=f:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{CDE54763-8AC6-4A1A-8279-C19BBCFA7868}D:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{CF8BFD13-9916-498D-878B-B0A378F25ECD}E:\program files (x86)\nfsworld\data\nfsw.exe" = protocol=17 | dir=in | app=e:\program files (x86)\nfsworld\data\nfsw.exe |
"UDP Query User{D6BDE6D2-0D20-40BA-AEEF-84768C9DDCFA}D:\program files (x86)\thq\relic entertainment\company of heroes online\game\reliccohoww.exe" = protocol=17 | dir=in | app=d:\program files (x86)\thq\relic entertainment\company of heroes online\game\reliccohoww.exe |
"UDP Query User{E4F0905D-4705-4A2A-9FA5-CA8A3BAFB4DF}G:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=g:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{E600B533-750E-426D-8C09-2B1847EC6E86}G:\games\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=g:\games\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{E64424DE-98E1-4FCB-93C5-8A0B8111AC23}F:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe" = protocol=17 | dir=in | app=f:\program files (x86)\electronic arts\command & conquer 4 beta\data\rts-final.exe |
"UDP Query User{E6EED493-A557-4B01-AB6E-9ACE54A3ED4F}F:\program files (x86)\steam\steamapps\darkensky\insurgency\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\darkensky\insurgency\hl2.exe |
"UDP Query User{E87D00DE-7B83-44B4-8C37-B6F501E4D779}F:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{E9D3238A-07E7-4FC7-9979-0511CE5291D5}C:\users\admin\appdata\local\temp\blizzard launcher temporary - 9e03cc28\launcher.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\blizzard launcher temporary - 9e03cc28\launcher.exe |
"UDP Query User{F8D10032-97FB-40B5-BAE4-BA0EB9198A54}E:\tdu2downloader.exe" = protocol=17 | dir=in | app=e:\tdu2downloader.exe |
"UDP Query User{FF02E603-CFE7-4D03-B21D-3A91FC2DD1E5}D:\program files (x86)\face of mankind\fom_client.exe" = protocol=17 | dir=in | app=d:\program files (x86)\face of mankind\fom_client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B56EB3-C5B8-421C-3AC5-D47F07CBEFCB}" = ccc-utility64
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{23170F69-40C1-2702-0462-000001000000}" = 7-Zip 4.62 (x64 edition)
"{5C4AD1D5-30DF-1D87-8A52-9ED7E84CBFAD}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{866FADAA-D878-8B7A-738D-E6659493108D}" = ATI Problem Report Wizard
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B9162E8-4274-4323-A31B-444ECA641B8A}" = Adobe Photoshop Lightroom 2 64-bit
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F78D5B74-2B10-4D99-B0D5-13FE1A4E0AFE}" = Sony Ericsson PC Suite x64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{057457E5-2C85-18F9-047E-E7967617E29B}" = CCC Help Japanese
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A60AEBF-9713-2B83-D68E-5587B5A88C07}" = CCC Help Czech
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AD5C939-FF2D-8F94-2262-4234F61427CD}" = CCC Help Finnish
"{1C0935E3-8FC6-55E8-6795-A3CDD60BE8A9}" = CCC Help Swedish
"{1CB31513-EBD1-2459-0856-C05E4408EE7F}" = CCC Help Danish
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks Closed Beta v.0.6.1.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2883F397-4BAB-0A51-1F45-C5A8E8A3959D}" = Catalyst Control Center InstallProxy
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BC2CEA9-41F0-E6B0-EC71-CE2D59ED674C}" = CCC Help Norwegian
"{3CCE46D9-16CC-CBFC-9B19-A39D91BFA061}" = CCC Help Greek
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{437B2D30-C07F-E54B-9233-E53DA623FC44}" = CCC Help Spanish
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D565319-8B91-41CB-961C-0DDC86101AC5}" = Dragon Age II
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{564E996B-604A-07D4-4046-9E853A198820}" = CCC Help Polish
"{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B42C29-3838-1533-679F-313FF4858DFA}" = CCC Help Chinese Traditional
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76A00845-519C-69DF-B66D-15FE27207503}" = CCC Help Italian
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80A2925F-47CA-4569-719A-DCA01048A766}" = CCC Help Hungarian
"{8133A2C6-7D5A-2C48-8C74-279B0E98FEF4}" = Catalyst Control Center Localization All
"{827f603a-aafc-4435-bf47-777be201d1d2}" = Nero 9
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83BBFFFA-806E-0316-D23C-8D6F8BEE652C}" = CCC Help English
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F356627-3D0A-F5DF-B60E-04194A4CCF29}" = CCC Help French
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96DA5DBF-C3A5-BEBB-93F4-EB1601B71B32}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61C7CA4-4604-B116-8C44-9F0539839542}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB2D1EC1-A6FE-F428-86C8-D01DBE122E03}" = CCC Help Portuguese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C1DE66B8-BFBB-0678-7D68-ACBC6A9EFD0C}" = CCC Help German
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9BBA7E5-D502-1831-5BFA-2FFB3DFBBE83}" = Catalyst Control Center Profiles Desktop
"{CB1473AA-C77B-295B-BE3E-F8EDD8227E21}" = CCC Help Dutch
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3FF1277-6444-4466-ABE0-FD884920507C}" = CCC Help Russian
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0263586-7C3E-8912-4E3B-88C6EEC0DDB1}" = ccc-core-static
"{E2354269-C89A-4323-B80F-B0DD65FBA5EB}" = WinExit-Pro
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8989391-9865-473A-A107-625266D6D4BD}" = The Spirit Engine 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E915496B-A802-E211-B241-A7BBFC7F04F5}" = CCC Help Thai
"{EAFDF0CA-5DDA-4666-A3C2-4FD6CBFB97BC}" = CCC Help Korean
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio-Systemsteuerung
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Fallout New Vegas_is1" = Fallout New Vegas
"foo_audioscrobbler" = Audioscrobbler for foobar2000 (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free FLV Converter_is1" = Free FLV Converter V 5.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Google Updater" = Google Updater
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"IrfanView" = IrfanView (remove only)
"Jailbreak: Source_is1" = Jailbreak: Source 0.6
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MirandaFusion" = Miranda Fusion 3.0.14.0
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Orion - FilePlanet Closed Beta" = Orion - FilePlanet Closed Beta
"PakkISO_is1" = PakkISO 0.4
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 1.9.0
"Reason_is1" = Reason 3.0
"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.08
"Soulseek2" = SoulSeek 157 NS 13e
"Spring" = Spring 0.80.5.2
"Steam App 17500" = Zombie Panic! Source
"Steam App 17570" = Pirates, Vikings, and Knights II
"Steam App 17580" = Dystopia
"Steam App 17700" = Insurgency: Modern Infantry Combat
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 400" = Portal
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"THXK_is1" = Creative THX-Konsole 3.0.22.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"477233b55d082a86" = Company of Heroes Online Launcher (THQ)
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"MOO2Civ 5.1" = MOO2Civ 5.1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"PhotoZoom Pro 3" = BenVista PhotoZoom Pro 3.0.8
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2010 09:54:03 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2010 10:06:51 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 04.05.2010 10:38:05 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 05.05.2010 09:40:39 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 06.05.2010 09:58:10 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 07.05.2010 10:09:53 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 08.05.2010 10:00:30 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 10.05.2010 10:04:03 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 11.05.2010 10:10:06 | Computer Name = Truemmer | Source = WinMgmt | ID = 10
Description =
Error - 11.05.2010 12:22:33 | Computer Name = Truemmer | Source = Application Hang | ID = 1002
Description = Programm mplayerc.exe, Version 1.2.908.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12c0 Anfangszeit: 01caf124b8db6f85 Zeitpunkt der Beendigung:
46
[ System Events ]
Error - 06.04.2011 03:21:57 | Computer Name = Truemmer | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 06.04.2011 12:38:49 | Computer Name = Truemmer | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Program
Files (x86)\SUPERAntiSpyware\SASKUTIL.sys nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 06.04.2011 12:38:49 | Computer Name = Truemmer | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\D:\Program
Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 06.04.2011 12:39:05 | Computer Name = Truemmer | Source = HTTP | ID = 15016
Description =
Error - 06.04.2011 12:40:36 | Computer Name = Truemmer | Source = Service Control Manager | ID = 7026
Description =
Error - 07.04.2011 14:01:59 | Computer Name = Truemmer | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 08.04.2011 19:41:39 | Computer Name = Truemmer | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 09.04.2011 15:54:54 | Computer Name = Truemmer | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 10.04.2011 14:05:43 | Computer Name = Truemmer | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 11.04.2011 05:18:58 | Computer Name = Truemmer | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Danke schon mal. |
|
12.04.2011, 11:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | JAVA/Exdoer.BC.1Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
12.04.2011, 18:18
| #3 |
| | JAVA/Exdoer.BC.1 Der Vollscan fand nichts, ebenso wenig der von AntiVir - scheine ja noch mal Glück gehabt zu haben.
__________________ |
|
12.04.2011, 18:20
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Exdoer.BC.1 Poste trotzdem ALLE Logs von Malwarebytes auch wenn keine Funde dabei waren.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.04.2011, 20:48
| #5 | ||
| | JAVA/Exdoer.BC.1 Habe nur noch 2 Logs gefunden. Das aktuelle und eines von 2009. Nutzte sonst eher andere AntiSpyware-Programme in der Zwischenzeit. Zitat:
Zitat:
|
|
12.04.2011, 20:55
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Exdoer.BC.1Zitat:
Lade dir das aktuelle Setup von Malwarebytes runter. Installier es und klick solange auf den Updatebuttin, bis es keine Updates mehr findet. Danach den Vollscan wiederholen.
__________________ --> JAVA/Exdoer.BC.1 |
|
12.04.2011, 23:55
| #7 | |
| | JAVA/Exdoer.BC.1 Auch mit der neuesten Version kann er nichts finden - was ich mal als gutes Zeichen sehe. Zitat:
|
|
13.04.2011, 09:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Exdoer.BC.1 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.04.12 00:26:00 | 000,711,168 | ---- | C] () -- C:\Windows\is-QAT8K.exe
[2011.04.12 00:26:00 | 000,012,846 | ---- | C] () -- C:\Windows\is-QAT8K.msg
[2011.04.12 00:26:00 | 000,000,373 | ---- | C] () -- C:\Windows\is-QAT8K.lst
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.06 18:33:09 | 000,000,043 | R--- | M] () - K:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{173865d5-7d57-11de-a193-0018f34d741d}\Shell - "" = AutoRun
O33 - MountPoints2\{173865d5-7d57-11de-a193-0018f34d741d}\Shell\AutoRun\command - "" = R:\Autorun.exe
O33 - MountPoints2\{67c60b4e-d58c-11dd-9aab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67c60b4e-d58c-11dd-9aab-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Start.exe -- [2006.01.10 15:49:24 | 000,492,032 | R--- | M] ()
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 07:17
| #9 | |
| | JAVA/Exdoer.BC.1 Hier das Log: Zitat:
|
|
14.04.2011, 09:39
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Exdoer.BC.1 Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 01:12
| #11 | |
| | JAVA/Exdoer.BC.1 Hier das Log von dem Tool: Zitat:
|
|
15.04.2011, 10:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Exdoer.BC.1 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2011, 19:06
| #13 |
| | JAVA/Exdoer.BC.1 Wie lange dauert so ein Scan mit ComboFix denn im Durchschnitt, und ich kann dabei wenigstens einen Player ala Foobar im Hintergrund laufen lassen? |
|
17.04.2011, 21:03
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Exdoer.BC.1Zitat:
Normalerweise dauert CF nicht viel länger als 10 Minuten. Aber es kann auch länger dauern.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2011, 22:23
| #15 | |
| | JAVA/Exdoer.BC.1Zitat:
|
|
| Themen zu JAVA/Exdoer.BC.1 |
| 7-zip, antivir, audacity, autorun, avgntflt.sys, avira, bho, bonjour, cc cleaner, converter, downloader, error, flash player, format, google, google earth, hijack, hijackthis, home, install.exe, jar_cache, jdownloader, league of legends, location, monitor.exe, mozilla, oldtimer, otl.exe, pirates, plug-in, popup, problem, programm, registry, rundll, safer networking, saver, schattenkopien, sched.exe, security, shell32.dll, shortcut, skype.exe, software, sptd.sys, start menu, svchost.exe, syswow64, teamspeak, vikings, vista, wargame, warnmeldungen |
Linear-Darstellung
