| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.20156 seit gestern AbendWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.04.2011, 07:07
| #1 |
 |  TR/Kazy.20156 seit gestern Abend Jo wie der Titel schon sagt ständig iwelche "festplatte beschädigt" meldungen ect bekommen sowie datein auf dem Desktop und anders wo unsichtbar geworden, allerdings konnte ich das schon durch Ad-Aware beheben, somit bekomme ich momentan nur im sekunden takt eine Meldung von AntiVir das eben TR/Kazy.20156 noch auf meinem Rechner ist und weiß net was ich tuen soll vielen dank schonmal im vorraus |
|
22.04.2011, 10:42
| #2 |
| /// Malware-holic   | TR/Kazy.20156 seit gestern Abend Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
22.04.2011, 11:38
| #3 |
| | TR/Kazy.20156 seit gestern Abend OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.04.2011 11:46:04 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Blub\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 44,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 118,12 Gb Free Space | 25,36% Space Free | Partition Type: NTFS Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: x | User Name: Blub | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Blub\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Razer\Lachesis\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Lachesis\razertra.exe () PRC - C:\Program Files (x86)\Razer\Lachesis\OSD.exe (razercfg MFC Application) PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Razer\Lachesis\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Blub\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Creative ALchemy AL1 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (AntiVirScheduler) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe (SiSoftware) SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe (SiSoftware) ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys () DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys () DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\DRIVERS\nlndis.sys () DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\DRIVERS\nlndis.sys () DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys () DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys () DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys () DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys () DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys () DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys () DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys () DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys () DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys () DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS () DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS () DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS () DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS () DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS () DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys () DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys () DRV:64bit: - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys () DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software) DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.4 FF - prefs.js..extensions.enabledItems: {C8535153-1548-4A71-820D-B219C8B83B00}:1.9.1 FF - prefs.js..extensions.enabledItems: LF@ChaosRing:0.9 FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.3.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 01:45:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 01:45:34 | 000,000,000 | ---D | M] [2009.10.04 19:09:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Extensions [2011.04.21 18:03:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions [2009.10.04 19:10:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.03 18:00:47 | 000,000,000 | -H-D | M] (Zynga Toolbar) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.03.02 22:30:41 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.02 20:29:38 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.09 16:26:58 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\DTToolbar@toolbarnet.com [2011.01.17 23:28:59 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\foxyproxy@eric.h.jung [2011.04.16 18:09:20 | 000,000,000 | -H-D | M] (Lolifox by ChaosRing) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\LF@ChaosRing [2011.04.16 18:12:17 | 000,000,000 | -H-D | M] (BlackFox V1) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\zigboom@hotmail.com [2011.04.16 18:09:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Blub\AppData\Roaming\mozilla\Firefox\Profiles\t8qr196n.default\extensions\LF@ChaosRing\mozapps\extensions [2011.03.09 16:25:28 | 000,002,059 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\daemon-search.xml [2011.04.17 11:24:54 | 000,000,950 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-1.xml [2010.02.10 15:00:53 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-2.xml [2010.02.12 14:55:39 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-3.xml [2010.02.19 22:24:50 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-4.xml [2010.03.02 22:31:51 | 000,000,958 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin-5.xml [2010.02.03 15:38:36 | 000,000,947 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Mozilla\Firefox\Profiles\t8qr196n.default\searchplugins\icqplugin.xml [2011.04.17 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.12.29 17:32:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.17 14:47:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.04.21 16:47:03 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\BLUB\APPDATA\LOCAL\{C8535153-1548-4A71-820D-B219C8B83B00} [2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPAPIX.dll [2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPFluxBrowserHelper.dll [2007.09.07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPMPDRM.dll [2007.09.07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPWMDRMWrapper.dll [2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Auzentech\X-Fi Forte 7.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Dbedejimijigok] C:\Users\Blub\AppData\Local\pshqlF.dll (Acronis) O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [ISUSPM Startup] File not found O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Octoshape Streaming Services] C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Ojifoxisigih] File not found O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [uPc+nfdhfngXdaCxl] File not found O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [uvEWQXCeAJwf] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB (DyynoX Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.193 217.0.43.1 O18:64bit: - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000 Winlogon: Shell - (C:\Users\Blub\AppData\Roaming\hotfix.exe) - File not found O24 - Desktop WallPaper: C:\Users\Blub\Pictures\Horrifique 3.jpg O24 - Desktop BackupWallPaper: C:\Users\Blub\Pictures\Horrifique 3.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.14 17:56:17 | 000,464,144 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.12.14 17:56:15 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.12.14 17:56:03 | 002,295,296 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.12.14 17:56:03 | 000,000,139 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{2316e0f3-a442-11de-b632-001a4d57079e}\Shell\AutoRun\command - "" = E:\PStart.exe O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell - "" = AutoRun O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\AutoRun\command - "" = E:\setup.exe /autorun O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\directx\command - "" = E:\DirectX\dxsetup.exe O33 - MountPoints2\{88f9dcc4-d72c-11dc-bccd-001a4d57079e}\Shell\setup\command - "" = E:\setup.exe O33 - MountPoints2\{90a17993-f223-11de-ab02-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{90a17993-f223-11de-ab02-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.12.14 17:56:17 | 000,464,144 | R--- | M] (Electronic Arts) O33 - MountPoints2\{9a55c014-4161-11df-a0a2-001a4d57079e}\Shell\AutoRun\command - "" = E:\PStart.exe O33 - MountPoints2\{fed5584e-af1e-11dd-9bed-001a4d57079e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe EGWIF1-005.vbs O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^Users^Blub^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk - - File not found MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EPSON Stylus D120 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATICCE.EXE () MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\valve\steam\steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A81F05CA-1201-3755-1908-6B91DE046902} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {DC96EB4F-0A67-5C55-6674-784171D07270} - Browser Customizations ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm () Drivers32:64bit: VIDC.FPS1 - frapsv64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 07:57:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Blub\Desktop\OTL.exe [2011.04.22 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\Blub\AppData\Roaming\Malwarebytes [2011.04.22 07:36:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.22 07:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.22 07:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.22 07:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.22 07:33:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Blub\Desktop\mbam-setup.exe [2011.04.21 18:23:23 | 000,000,000 | ---D | C] -- C:\Users\Blub\AppData\Local\Sunbelt Software [2011.04.21 18:22:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA} [2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.04.21 18:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.04.21 17:50:49 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.21 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Blub\Documents\Tunngle [2011.04.21 17:11:45 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\Tunngle [2011.04.21 17:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2011.04.21 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2011.04.21 17:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2011.04.21 17:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2011.04.21 16:47:02 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Local\{C8535153-1548-4A71-820D-B219C8B83B00} [2011.04.21 16:30:06 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Local\SKIDROW [2011.04.18 07:03:24 | 000,000,000 | -H-D | C] -- C:\Users\Blub\AppData\Roaming\LolClient [2011.04.17 22:27:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2011.04.17 22:27:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011.04.17 22:27:10 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011.04.17 22:18:07 | 000,000,000 | ---D | C] -- C:\Riot Games [2011.04.17 22:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2011.04.17 18:41:40 | 000,000,000 | -H-D | C] -- C:\Users\Blub\Desktop\League of Legends [2011.04.17 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.04.17 14:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.04.17 14:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.04.16 23:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sven XXX - XS [2011.04.13 17:39:12 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.13 17:38:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.04.13 17:38:48 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.13 17:38:46 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.04.13 17:38:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.13 17:38:44 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.13 17:38:44 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.13 17:38:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.04.13 17:38:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll [2011.04.13 17:38:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.13 17:38:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.13 17:38:18 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.13 17:38:18 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.13 17:38:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.03.26 14:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2009.08.27 14:52:37 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2009.08.27 14:52:37 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2008.11.10 16:51:43 | 000,092,672 | ---- | C] (Acronis) -- C:\Users\Blub\AppData\Local\pshqlF.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Blub\*.tmp files -> C:\Users\Blub\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 11:21:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.22 11:18:10 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.22 10:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 10:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 07:57:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Blub\Desktop\OTL.exe [2011.04.22 07:37:41 | 000,504,657 | ---- | M] () -- C:\Users\Blub\Desktop\unhide.exe [2011.04.22 07:36:27 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 07:34:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Blub\Desktop\mbam-setup.exe [2011.04.22 07:27:27 | 004,326,175 | ---- | M] () -- C:\Users\Blub\Desktop\cofi.exe.exe [2011.04.22 03:21:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.22 02:29:34 | 000,005,812 | -H-- | M] () -- C:\aaw7boot.cmd [2011.04.21 18:46:19 | 000,604,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.21 18:46:19 | 000,107,562 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.21 18:46:18 | 001,472,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.21 18:46:18 | 000,638,510 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.21 18:46:18 | 000,130,462 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.21 18:39:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 18:39:47 | 545,326,573 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.21 18:28:21 | 000,064,392 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx [2011.04.21 18:28:21 | 000,064,392 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx [2011.04.21 18:28:21 | 000,000,904 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00495431}.rfx [2011.04.21 18:26:58 | 000,049,752 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.04.21 18:24:35 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D45BA6FC-B2B5-4AD7-90D8-A5DBBA7FE330}.job [2011.04.21 17:51:19 | 000,000,120 | ---- | M] () -- C:\ProgramData\~45735688r [2011.04.21 17:51:19 | 000,000,104 | ---- | M] () -- C:\ProgramData\~45735688 [2011.04.21 17:50:06 | 000,000,344 | ---- | M] () -- C:\ProgramData\45735688 [2011.04.21 17:15:55 | 000,248,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.21 16:47:05 | 000,000,000 | -H-- | M] () -- C:\Users\Blub\AppData\Local\Okomanug.bin [2011.04.21 16:47:04 | 000,000,120 | -H-- | M] () -- C:\Users\Blub\AppData\Local\Mcoramumusetubet.dat [2011.04.19 02:00:29 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys [2011.04.18 12:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011.04.17 22:27:31 | 000,001,673 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Blub\*.tmp files -> C:\Users\Blub\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 07:37:23 | 000,504,657 | ---- | C] () -- C:\Users\Blub\Desktop\unhide.exe [2011.04.22 07:36:27 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 07:36:23 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.22 07:26:44 | 004,326,175 | ---- | C] () -- C:\Users\Blub\Desktop\cofi.exe.exe [2011.04.21 19:16:44 | 000,005,812 | -H-- | C] () -- C:\aaw7boot.cmd [2011.04.21 18:35:39 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2011.04.21 18:27:00 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys [2011.04.21 18:26:58 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.04.21 17:51:19 | 000,000,120 | ---- | C] () -- C:\ProgramData\~45735688r [2011.04.21 17:51:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~45735688 [2011.04.21 17:50:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\45735688 [2011.04.21 17:11:41 | 000,031,232 | ---- | C] () -- C:\Windows\SysNative\drivers\tap0901t.sys [2011.04.21 16:47:05 | 000,000,000 | -H-- | C] () -- C:\Users\Blub\AppData\Local\Okomanug.bin [2011.04.21 16:47:04 | 000,000,120 | -H-- | C] () -- C:\Users\Blub\AppData\Local\Mcoramumusetubet.dat [2011.04.17 22:27:31 | 000,001,673 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2011.04.13 17:39:24 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.04.13 17:39:24 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.04.13 17:39:24 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.04.13 17:39:24 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011.04.13 17:39:22 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011.04.13 17:39:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.04.13 17:39:22 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.04.13 17:39:15 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011.04.13 17:39:14 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011.04.13 17:39:14 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011.04.13 17:39:14 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011.04.13 17:39:14 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011.04.13 17:39:14 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011.04.13 17:39:14 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011.04.13 17:39:13 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.04.13 17:39:12 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.04.13 17:39:11 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.04.13 17:39:07 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.04.13 17:38:52 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.04.13 17:38:50 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.04.13 17:38:49 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.04.13 17:38:47 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.04.13 17:38:47 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.04.13 17:38:47 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.04.13 17:38:47 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.04.13 17:38:47 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2011.04.13 17:38:46 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.04.13 17:38:46 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.04.13 17:38:45 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.04.13 17:38:45 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.04.13 17:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.04.13 17:38:44 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.04.13 17:38:44 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2011.04.13 17:38:44 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll [2011.04.13 17:38:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.04.13 17:38:22 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011.04.13 17:38:22 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011.04.13 17:38:19 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011.04.13 17:38:18 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011.04.13 17:38:12 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011.04.13 17:38:12 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011.04.13 17:38:12 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2010.10.28 01:22:50 | 000,000,006 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\start [2010.10.28 01:22:08 | 000,000,006 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\completescan [2010.10.28 01:10:33 | 000,000,010 | -H-- | C] () -- C:\Users\Blub\AppData\Roaming\install [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.01 22:52:21 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.07.17 23:44:15 | 000,017,408 | -H-- | C] () -- C:\Users\Blub\AppData\Local\WebpageIcons.db [2010.05.09 18:53:31 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.03.20 22:36:12 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll [2010.03.20 22:36:12 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2010.03.20 22:33:56 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2009.12.23 15:31:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.12.23 15:31:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.11.19 00:20:10 | 000,074,240 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2009.11.05 19:28:18 | 000,000,029 | ---- | C] () -- C:\Windows\TOBITADD.INI [2009.10.23 23:09:59 | 000,134,122 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe [2009.09.18 14:43:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.27 16:48:49 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.08.27 16:48:48 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.08.27 16:48:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.08.27 14:52:39 | 000,390,609 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2009.08.27 14:52:39 | 000,051,979 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2009.08.27 14:52:38 | 000,028,127 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.08.27 14:52:38 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.08.27 14:52:38 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.08.27 14:52:38 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.08.27 14:52:37 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2009.05.26 02:03:22 | 000,000,600 | -H-- | C] () -- C:\Users\Blub\AppData\Local\PUTTY.RND [2009.04.04 21:30:27 | 000,007,808 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d9caps.dat [2009.01.12 20:09:55 | 000,042,326 | ---- | C] () -- C:\Windows\SysWow64\uninstdivx.exe [2009.01.12 01:10:46 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2008.11.12 15:06:52 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.11.12 15:06:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.11.10 16:53:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.11.10 16:51:35 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008.10.09 00:21:06 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2008.09.16 18:02:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2008.09.16 18:02:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2008.09.16 18:02:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2008.09.16 18:02:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2008.09.16 18:02:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2008.09.16 18:02:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2008.09.16 18:02:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2008.09.16 18:02:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2008.09.16 18:02:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2008.09.16 18:02:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2008.09.16 18:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2008.09.16 18:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2008.09.16 18:02:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2008.09.16 18:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2008.09.16 18:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2008.09.16 18:02:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2008.09.16 18:02:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2008.09.16 18:02:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2008.09.16 18:02:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2008.09.16 18:01:31 | 000,000,041 | ---- | C] () -- C:\Windows\CDE D120DEFGIPS.ini [2008.01.26 20:59:26 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.12.28 19:08:15 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2007.12.22 23:41:00 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll [2007.12.09 01:50:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.12.08 20:40:32 | 000,000,092 | -H-- | C] () -- C:\Users\Blub\AppData\Local\fusioncache.dat [2007.12.08 19:50:38 | 001,491,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2007.12.08 19:48:49 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2007.12.08 19:48:47 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2007.12.08 19:48:47 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2007.12.08 18:00:55 | 000,177,664 | -H-- | C] () -- C:\Users\Blub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.08 17:55:47 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.12.08 17:35:55 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2007.12.08 17:10:41 | 000,001,100 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d8caps.dat [2007.12.08 16:57:36 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe [2007.12.08 16:57:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2007.12.08 16:54:52 | 000,002,188 | -H-- | C] () -- C:\Users\Blub\AppData\Local\d3d9caps64.dat [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2006.06.12 21:43:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2005.11.27 18:12:45 | 000,414,272 | ---- | C] () -- C:\Windows\SysWow64\DivXc32.dll [2005.11.27 18:12:28 | 000,414,272 | ---- | C] () -- C:\Windows\SysWow64\DivXc32f.dll [2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll ========== LOP Check ========== [2010.07.21 14:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Atari [2009.12.01 19:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock [2010.10.12 17:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock2 [2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools [2011.03.09 16:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools Lite [2008.06.25 19:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\dyyno-vlc [2011.04.16 23:15:38 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\GetRightToGo [2010.11.11 22:02:50 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HD Tune Pro [2011.04.22 10:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\ICQ [2010.06.24 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\JavaEditor [2010.12.11 11:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\kikin [2008.10.15 13:45:31 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Locktime [2011.04.18 07:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient [2009.09.14 00:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010.01.03 21:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Miranda [2011.03.24 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mumble [2010.12.18 16:01:42 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Notepad++ [2010.06.05 01:15:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Octoshape [2009.09.18 17:29:35 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\OpenOffice.org [2008.08.06 15:36:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Prabang [2009.12.18 17:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\RayV [2009.11.13 18:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\runic games [2007.12.28 20:25:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Screaming Bee [2010.05.09 19:07:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Subversion [2010.03.07 17:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TeamViewer [2010.01.03 21:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Trillian [2010.03.16 01:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TS3Client [2011.04.21 17:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Tunngle [2008.12.20 01:38:06 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ubisoft [2011.04.21 16:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\uTorrent [2011.04.21 18:27:51 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.21 18:24:35 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D45BA6FC-B2B5-4AD7-90D8-A5DBBA7FE330}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.21 16:45:02 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Adobe [2009.12.08 19:36:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Apple Computer [2010.07.21 14:08:09 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Atari [2009.12.01 19:43:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock [2010.10.12 17:35:59 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Bioshock2 [2009.11.20 16:45:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\codeblocks [2009.08.27 17:08:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Creative [2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools [2011.03.09 16:33:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DAEMON Tools Lite [2010.09.13 23:49:26 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\DivX [2008.06.25 19:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\dyyno-vlc [2011.04.16 23:15:38 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\GetRightToGo [2010.01.23 23:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Hamachi [2010.11.11 22:02:50 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HD Tune Pro [2008.06.24 12:45:33 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\HP [2011.04.22 10:50:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\ICQ [2007.12.08 16:54:57 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Identities [2008.04.18 17:26:29 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\InstallShield [2010.06.24 21:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\JavaEditor [2010.12.11 11:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\kikin [2008.10.15 13:45:31 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Locktime [2011.04.18 07:03:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient [2009.09.14 00:51:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2007.12.08 19:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Macromedia [2011.04.22 07:36:43 | 000,000,000 | ---D | M] -- C:\Users\Blub\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Media Center Programs [2010.05.09 19:12:17 | 000,000,000 | --SD | M] -- C:\Users\Blub\AppData\Roaming\Microsoft [2010.01.03 21:19:58 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Miranda [2009.08.12 20:46:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\mIRC [2009.10.05 14:05:10 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mozilla [2011.03.24 19:08:14 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Mumble [2009.09.05 11:02:22 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\NCH Software [2010.12.18 16:01:42 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Notepad++ [2010.06.05 01:15:11 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Octoshape [2009.09.18 17:29:35 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\OpenOffice.org [2008.08.06 15:36:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Prabang [2009.12.18 17:27:20 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\RayV [2009.11.13 18:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\runic games [2007.12.28 20:25:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Screaming Bee [2007.12.08 18:30:47 | 000,000,000 | RH-D | M] -- C:\Users\Blub\AppData\Roaming\SecuROM [2011.04.22 11:35:18 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Skype [2011.04.22 08:30:46 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\skypePM [2010.05.09 19:07:48 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Subversion [2010.07.15 22:16:41 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\teamspeak2 [2010.03.07 17:17:47 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TeamViewer [2010.05.09 19:23:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TortoiseSVN [2010.01.03 21:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Trillian [2010.03.16 01:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\TS3Client [2011.04.21 17:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Tunngle [2008.12.20 01:38:06 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ubisoft [2011.04.21 16:49:32 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\uTorrent [2010.04.25 11:32:23 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Ventrilo [2011.03.04 23:40:43 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\vlc [2007.12.22 23:48:24 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\WinRAR [2008.04.18 15:52:55 | 000,000,000 | -H-D | M] -- C:\Users\Blub\AppData\Roaming\Xfire < %APPDATA%\*.exe /s > [2010.12.11 11:00:58 | 001,166,568 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\kikin\kikin_updater_2.9.1.exe [2009.09.14 00:51:11 | 000,038,208 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.02.13 08:07:36 | 000,393,216 | -H-- | M] () -- C:\Users\Blub\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe [2009.01.08 15:44:06 | 000,070,936 | -H-- | M] (Octoshape ApS) -- C:\Users\Blub\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe < %SYSTEMDRIVE%\*.exe > [2008.04.11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.19 10:09:09 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.02.14 14:12:06 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=05001E1FACCE49DB895B8526B05C7302 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_37cb142cf6008bc1\atapi.sys [2008.01.19 10:07:46 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008.01.19 01:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008.02.14 14:12:07 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=BB55C79E0595D8CFBE4A80A3C9EB77EA -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2007.12.08 18:24:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_b61f6f46696c67ab\explorer.exe [2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2007.12.08 18:24:31 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=819D88EC82C2C44B556DC32ED22044DE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_ac3dc19d4e3a6405\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2007.12.08 18:24:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_b6926bef829b2600\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.19 10:00:15 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.19 01:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2007.12.08 18:24:32 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=FCBF8AC1855EF986CDEC2387760F71C6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_abcac4f4350ba5b0\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 10:11:31 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.19 10:03:01 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2008.01.19 01:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll [2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.19 10:08:50 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys [2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008.01.19 10:03:55 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2008.01.19 01:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll [2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll [2007.12.08 18:19:11 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll [2008.01.19 10:04:23 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.19 09:32:19 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll [2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2007.12.08 18:19:11 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll [2007.12.08 18:19:11 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll [2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2007.12.08 18:19:11 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2008.01.19 01:04:24 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe [2008.01.19 10:00:41 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe [2008.01.19 01:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.19 10:00:45 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2008.01.19 01:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.19 08:37:47 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SoftwareDistribution\Download\79a37311fe2e152e8ed4871b24ebb81b\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [2008.01.18 23:37:48 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2010.10.15 00:35:23 | 000,044,484 | -H-- | M] ()(C:\Users\Blub\Documents\?????¯???.txt) -- C:\Users\Blub\Documents\Ƹ̵̡Ӝ̵̨̄Ʒ.txt [2010.01.30 15:34:01 | 000,044,484 | -H-- | C] ()(C:\Users\Blub\Documents\?????¯???.txt) -- C:\Users\Blub\Documents\Ƹ̵̡Ӝ̵̨̄Ʒ.txt ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Blub\YouTube - WotLK Naxxramas - Kel'Thuzad.mp3:TOC.WMV @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
22.04.2011, 11:42
| #4 |
| | TR/Kazy.20156 seit gestern Abend OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 11:46:04 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Blub\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 31,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 44,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 118,12 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive D: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: x | User Name: Blub | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 14 0E 40 71 49 43 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12CF4DB7-0DAA-4CBC-B9FB-333C49CA7CFA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe |
"{17A8C42F-0BB9-4CEC-AC14-C94FC368B5E3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{219A1FDD-6128-45E9-9FCF-DC91701A7387}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{48B2DC95-0E81-408E-9A9A-59B5A987AD4C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49640DC1-07C4-4F82-BEAF-2EA50B25F9A2}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{563C6D46-FDFE-4B37-9632-59010387F7D0}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{5E51CB45-F547-4231-9684-D0141E65A22E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1F09BB3-B0E8-456E-950E-DAF963E80B11}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{C243750A-8B92-4BA5-881E-0235518DF899}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe |
"{C4D8BFE2-672E-477E-8FC4-33F8FF3924B7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{E5062893-DB72-48A1-BC16-3C009B44961E}" = lport=3306 | protocol=6 | dir=in | name=localhost |
"{FCC36732-805B-473A-9AB4-4BC5B5CE5FBA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0264D9B1-A1FF-404B-850B-906DA6A37360}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{040F017F-5C9A-4590-86A2-9F89E5EBE776}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe |
"{05DBC8E8-71FC-45E3-9A5B-ACA4EE274297}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{06962F71-0DF5-49E9-81F2-D03C78371FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dark fall lost souls\darkfalllostsouls.exe |
"{08F2EC7B-A35A-4100-B845-12406A652A36}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{0B1D9085-CE45-412C-8AC8-EFB17FD4E18B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{0B6DCD8A-2C2A-43E2-9166-0FAC8D6F5531}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{0B9BB747-985F-43E7-B9D2-C65FB88EEA0A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{0D679EFA-23D2-4BC8-9211-11A9F49143F2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{0D6967BB-F8BD-459E-B62D-C787636FCA34}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{0F9E46AE-8BF4-4737-93B0-4F459BEADFF4}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{0FD2BF8D-D3A2-45CC-9DAD-4F979B4E6595}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{145010F6-BC68-4EE1-8886-F9DD55255C33}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{15E59C53-63F3-4FBE-8414-47D1E00A4A6F}" = protocol=6 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{18EB64B6-7FA1-4400-B175-697469B01D78}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{1A1AE26A-2EEB-4176-B1A1-0A18F69E3AF9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{1BED3890-F693-4455-9344-EF3DDA2F2DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{1E73B1F9-B218-4074-9356-586957D5587F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{1F1C40A4-E60E-41FF-8C2D-F3B70C155B74}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{205481A2-5812-4789-934D-E1B3062E2E14}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{222CCC1B-B798-488E-81C1-0EEAB609091C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\chuzzle deluxe\chuzzle.exe |
"{227C4F0E-D437-46AA-A9E2-963A0721F64A}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{23C87C1D-2DD2-44FE-85BB-495D29C650D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{240FBC89-9974-4CBB-A65F-959F6F08DB99}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{24856F73-F99D-40BB-BBB0-0BE8C8E90425}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{24E8AB99-44F3-494E-A4E3-AD59E90BA728}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{26994095-EC4F-4A06-973C-0ECD2896E2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe |
"{2A43E3C7-E554-4441-8148-DA6A778FB22A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{2A814407-4EE2-42C0-B24E-E5E29AE5908B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe |
"{2D39CB9A-D387-47BB-9B3A-AC7179E259B6}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\counter-strike source\hl2.exe |
"{3052D1A8-B7F7-4D0F-8101-1BB1BD5BBA12}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"{30C22F42-2362-4D25-BE1F-1F3D0A37AD1F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-engb-downloader.exe |
"{32C56732-C007-4BAC-87D2-9C23B7A0DAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{330379D4-DCB6-4A49-9DE2-45F0EAF64530}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-engb-ptr-downloader.exe |
"{35CAA15A-C7C9-4F0E-AE78-0B5C210A4EF4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{394D03B0-A9A6-4CA0-9BD6-FC2F73312C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39AE4A98-2400-4CB9-966C-54F4C3729881}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{3DDCAC50-2D5C-4170-B7CC-9143759C7466}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{3EBC20B6-284E-49A3-BD1A-83B13D4337CF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-engb-downloader.exe |
"{4012359A-FE68-4140-A5D6-BA5A2D090620}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{41386F96-F7AC-45B8-BD4C-1B5F05CE4922}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{417EA44E-65DB-4122-94EE-31584FDEF7B3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{419135EE-666D-4277-A1A7-BBEE9458CCD2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe |
"{41F48F44-928F-4414-872A-B0E01A712844}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\counter-strike source\hl2.exe |
"{42C32EF9-6EA7-4EC9-805A-96A46B42F983}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{44EE8BB1-5AA7-4029-9AF2-C08D70723BF9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{4662990D-D239-4D65-A15A-6409BAF3E10C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{46EA6C3A-C51F-46D0-BEBE-8E63BFDC733A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{47BD2E25-4701-4714-90AE-2096900AAF87}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{47D84D13-2903-4040-AD71-90F93FFB00B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{4ACCB5CE-1C4F-481C-B51F-867EABF033C2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe |
"{4C04391E-B63B-49DF-94AC-F9704D37B850}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{4C27E691-E845-4545-ACFA-B3550B2E1BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{4C42A191-0682-4CDD-889E-DE788F3808C1}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{4C5738A2-025C-4C94-AF26-C46FFE2D8BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{4E2BAEBF-66E3-4454-95C4-B8E8DC2F17FB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-engb-downloader.exe |
"{4F30CAE8-531A-48AA-B5E4-2662DBDA42E3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-engb-ptr-downloader.exe |
"{52345690-927B-40E6-942F-64F650AE98E2}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx10.exe |
"{53FBA0C5-0AF1-46FD-B93C-F1E11D2AC0F2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{561882F9-11E9-40E8-A9F1-9447C2B85BF1}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-engb-ptr-downloader.exe |
"{564C0CF7-53B3-47CD-81EC-BC9CB104CCE5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{572237CE-D268-44BF-B7F8-335597AA82DD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe |
"{5CDC6003-C8F2-413B-B777-8153A4BA4ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\chuzzle deluxe\chuzzle.exe |
"{5DE7D8CE-8E8C-4024-ACA6-E2FD9B3B53B7}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{5EF2F955-B232-4D68-A389-5446CF86B4D4}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |
"{612E1709-8573-4F13-9844-141A7294E081}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{676CE437-786C-46BF-9AF9-0DF4533C9AF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{68A8DFD1-BD51-4625-B84C-5379D38C4E13}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2editor.exe |
"{68B827ED-827A-415A-824E-DA9A45AE30BB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{6BF489D5-F975-4967-B2C7-1433374B0699}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{6E011D46-4CE9-49B5-8486-34EF22C98C11}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-engb-ptr-downloader.exe |
"{6E71D27E-4288-4704-9413-8F78BB695EBB}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{6E7797E2-644D-4D5C-BE86-BC803D4BBF7E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe |
"{701CA347-17D4-446C-B1E2-964BCED46ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{70A3B442-554E-47E9-90C1-DBEF4177954C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe |
"{720D9FEC-C150-4EFF-9FB5-4B7090443E1B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{72D7884B-89D4-48A6-80CB-849F04431017}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe |
"{761DBA2A-40D4-45E1-8944-5F44721D9F7F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{78E86215-1BDE-482E-80AF-AD9EF6C9DBE8}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{79354D76-C561-47F4-9875-19144B0DFCA7}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe |
"{799E360A-ED64-42BF-96AC-3A71BDA4F786}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{7B4E71C9-E795-4230-921F-F8CA577995B7}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{7CCB3C47-5202-4E4A-B4DA-422890398E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{81C7A85E-46B0-416A-BCFA-5C4125BB2ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{822D1C53-E807-45EC-9DA6-F0F95D187491}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe |
"{832018A0-4F2A-4C5E-AF78-F339F0BE173F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{8B0490E4-2300-4BAC-A925-70985B0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dark fall lost souls\darkfalllostsouls.exe |
"{8C9939D9-B7B9-46A7-80E8-E213735245CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8D469410-57A0-4AD9-B16F-21B2140F6D0F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8EC10A85-4CAD-4242-83E8-38BC58289F52}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8F5051F4-55F1-4356-9C0D-51EEE0B907EF}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\devil may cry 4\devilmaycry4_dx9.exe |
"{919B62EE-C900-43F7-94B6-4FD02C3C7645}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0-engb-downloader.exe |
"{9246A485-1EF0-421A-8A91-27976B39E75E}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{928825A0-C60E-4A11-8688-3F70B29AAB21}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{9391233B-3CE5-41A7-8FF4-0C31ABFB2AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\ghost master\ghost.exe |
"{9574085B-A337-460D-9F2B-E829086AC09F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe |
"{96C843F9-80C8-48B3-AF23-923E72E8FD90}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\ghost master\ghost.exe |
"{9AE55293-614E-4BCE-BDBD-276B53579317}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9D715D5E-8E31-4DB2-8259-8F2C2DD955CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A1E55E53-8B0E-4284-8F18-82ABBA0C0D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{A47FE973-AA0F-4397-8230-B3346229ED76}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-engb-ptr-downloader.exe |
"{A4CC26A8-8B7F-45FC-91D9-95897F422D00}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5DAC060-B77D-467F-B19B-F430CC58EA83}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{A6BEE062-6998-427E-A58A-0F7B89C49F52}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{A8232B7A-9602-4374-ABEF-59BC9E495D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{A83A0CD5-B784-4162-89B0-EE88F3431D24}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-engb-downloader.exe |
"{A87540EA-05EB-4E8D-B90D-2378FC5ADDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{AA50EE6F-E5F0-4A6F-B1A9-AE99D5A44D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{AA9A8A62-9ED8-4D4D-909F-6F41C15AB5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\farcry2.exe |
"{ACBE4BEE-2217-4E43-B3F8-B9CD077B5EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B0C4373F-3CD8-4EBC-9441-129731CA03F2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{B235BFC2-4EFA-47DF-BA4F-68C14C56A10D}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B259F243-49C9-4E07-8136-592B2D95CD84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2F86696-B237-41D6-A96E-38E02BD07C52}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{B59723DA-48DA-4EEE-AF9A-6239BB7DDD7E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe |
"{B7090879-7492-459B-99AB-F98637D13749}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{BBB00676-56A9-4250-AE8D-0A0ACA9DC685}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{BC020316-5CAF-425B-B680-E3DB0FE0DE69}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BEBF8F36-8B49-4317-908C-491057ECD707}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{C2017633-89A0-403D-B260-A10EC4967D84}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C2128307-6EEF-4FCC-8CA5-24BC44EE0C28}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled twist\bejeweledtwist.exe |
"{C2BFA0E0-DCCF-4491-A7A7-8851B896C369}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{C42F4793-79B3-4FAF-913A-8A30B1050B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{C6A9C4FB-2081-4D7A-8DA5-2E23068DAD46}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{C7A0028F-2EC2-43D0-8A0A-0E6D2FEC8679}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{C7D06970-A18A-4F45-8E40-650EEF172D6D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{C8C06F38-69F2-4E1E-88EA-2ED0750BDDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{C94F7D47-BDB0-4648-A815-E277CF2FEADA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{C96F1C73-9DC8-43AF-860D-2861FC6614EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CB726906-5FF0-4BB1-A722-6BE9E42FF069}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{CBFCCDFC-820A-49F5-A083-1D01958E128A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{CC89DA93-1829-425C-AAB5-3EF1E75D36F0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{CE394FBE-20BE-4D1B-82DD-35620B63DB9B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\bejeweled 2 deluxe\winbej2.exe |
"{CF0BCE72-A009-4328-BF49-A617ED57F3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{D34BE9D2-8355-4CE1-8368-11A30C13779E}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{D48AB012-8E92-4661-A7C7-904C71EF6AA1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D4AB8177-EC3D-4E6E-B327-94D10CB2EB4C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-engb-ptr-downloader.exe |
"{D59A0711-1E80-4E63-BCC1-84ECB40370C5}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{D9650B26-CAA0-431C-B1EC-1FD10BB20740}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{D993AFA1-549B-45D9-8413-89A6F374631B}" = protocol=17 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{D9B445AC-0EE4-4601-A23F-0944E079BDE2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe |
"{DB4624C2-B1F3-459B-834C-3DDDA8D7810C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.2-engb-downloader.exe |
"{DBC56FD3-5004-4779-901E-E7D380060A67}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{DC1B3067-5E0D-4A1B-820A-EAAEC768333F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{DC40BEE3-4B9E-4B0D-A2EA-95E27B133CFD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe |
"{DCB1F339-2BA9-4B5D-A188-0003F6122F45}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe |
"{DD24B90F-201C-4536-AC77-CA399A7D1FC9}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{DD84EDB7-5B95-4152-85D4-7AC35E686DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{DEA2045C-73D7-42F4-A526-9686ADF84560}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{E45BF645-9C4B-4D0F-9948-6668CE51E083}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{E50FE606-2815-401A-B13A-B9C96E74A9F1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{EBC9F0FB-F846-4841-BB36-F00541089217}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{EC147C92-0B71-43C7-8ACA-123BFDEFBA37}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{EFAF3DBF-D3AC-4099-8214-41B46713CEB0}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe |
"{F2979DA1-5A11-4E23-A365-01A8CE587C77}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{F3C167B5-D55A-4F45-B759-4CAC10BFDC04}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-engb-ptr-downloader.exe |
"{F5E3DA64-706A-4BB5-A401-04872E5AB1B4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-engb-downloader.exe |
"{F80678CA-AEDE-4344-85D7-6B256AAAE805}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-engb-ptr-downloader.exe |
"{F864AA5E-9DA0-46C6-995A-D663930FC318}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"TCP Query User{03121608-7C4D-40D3-B6F7-45A32EE7ECAC}C:\users\blub\desktop\neuer ordner\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\valve\hl.exe |
"TCP Query User{03629B3F-6980-4F92-9B7B-758A49DA4683}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{07BA6141-E5FE-473D-B7D4-AC053905271E}C:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe |
"TCP Query User{0945D85B-37EB-42EA-ACCB-A14C1317785D}C:\users\blub\desktop\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\xiii\system\xiii.exe |
"TCP Query User{0BB3C0D6-ABFF-4506-B569-2D9755521693}C:\users\blub\desktop\cabaltemp\estsetuploader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\cabaltemp\estsetuploader.exe |
"TCP Query User{12BAC182-6352-4B8A-85F7-CFCC27D2F17F}C:\sierra\ee-zde\ee-aoc (2).exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc (2).exe |
"TCP Query User{13D4C224-70D7-469F-811C-23EAFC6E08BD}C:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"TCP Query User{1583A3C3-8B55-40AF-B3E5-02316ED396CE}C:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe |
"TCP Query User{1597BE5E-A221-4845-8944-60C4D7CC9064}C:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe |
"TCP Query User{1724854B-A50D-409D-AF57-32EB9534D942}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe |
"TCP Query User{1A3471CC-4B21-4AC8-B51C-9B15977FF162}C:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"TCP Query User{1A63F083-2EBC-4F97-B348-A96F33355126}C:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{1A7C58F7-64E9-4EC1-9573-BBEEAF662C56}C:\users\blub\desktop\stronghold\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\stronghold\stronghold crusader.exe |
"TCP Query User{1DCB847B-6EFE-45F4-9F82-66CC3A2D872A}C:\users\blub\desktop\dg - mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\dg - mangos\mangosd.exe |
"TCP Query User{264134FB-CA7C-4930-B92D-886A45BE3EF3}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe |
"TCP Query User{28578DF1-EDDC-475B-AC09-F9D6E2D0D7CD}C:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe |
"TCP Query User{2A1489B9-30A5-40CB-A92E-F0FEECE1580D}C:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe |
"TCP Query User{2A763B99-6528-4F32-B173-45A1D0700295}C:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe |
"TCP Query User{2AB547F1-17CA-41D8-BAE4-C043A9C887D5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{2DA5FFB0-974E-482C-9225-BCFCA556ED23}C:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"TCP Query User{2E91A64A-03CC-4AB3-9AAA-FE48A77F4211}C:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe |
"TCP Query User{387493AD-16BB-42C6-8495-B85677D33B1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{388E2354-9AC2-4151-B221-BD77C0E19D39}C:\users\blub\desktop\gotcha!\gotcha.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\gotcha!\gotcha.exe |
"TCP Query User{39D01090-F496-44B0-831D-3898771E7675}C:\users\blub\desktop\mangos server\dg - mangos\realmd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\realmd.exe |
"TCP Query User{3A30E95C-3F0F-4A24-B47D-31ECE85871EB}C:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe |
"TCP Query User{3A4ED5E8-5057-4D95-8FDB-88FFAEFFE772}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{3AB5F259-BB9C-4A20-913E-2976818CF806}C:\users\blub\desktop\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\ut2004\system\ut2004.exe |
"TCP Query User{40384B20-5555-4FAD-81CE-5B49F05A3268}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe |
"TCP Query User{408ACE3D-90CF-4FDE-90F9-70B6934FCC66}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{43B2A93F-641D-44BF-B228-3AEA53D92E64}C:\users\blub\desktop\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\flatout\flatout.exe |
"TCP Query User{4D0E7F98-A417-4579-B970-1D5F1707AF17}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"TCP Query User{4FBACF43-582F-4AAA-B9A1-9D965DAE943D}C:\sierra\ee-zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"TCP Query User{52E4A364-D229-41A6-9115-E87BB044D76E}C:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe |
"TCP Query User{5BDEF01C-2AAD-4858-A140-E741A46EB502}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe |
"TCP Query User{6199BAB1-5165-4DE1-8AB7-7B653B01F884}C:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe |
"TCP Query User{63A65B9B-591E-45FF-AB39-34ECA78D6182}C:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe |
"TCP Query User{656A8B37-43D4-4F9A-8769-167F0D6AE28A}\\soeren\games\age of empiresii\age2_x1.exe" = protocol=6 | dir=in | app=\\soeren\games\age of empiresii\age2_x1.exe |
"TCP Query User{6882160C-A1CC-4664-829C-9D1E907B6CE5}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{6A27E0B7-8BC4-40BC-9FED-16E42ABE4CD7}C:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{6BC8D7E8-A863-4DC6-A330-97FC16B09257}C:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe |
"TCP Query User{744E17A5-BECB-48D0-8801-508CE77D627E}C:\users\blub\desktop\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\tmnationsforever\tmforever.exe |
"TCP Query User{79068115-35AA-46FD-B7C9-B56D0C1AEF13}C:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe |
"TCP Query User{7C40660A-BE15-4CC6-B088-6768EC8756F2}C:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"TCP Query User{826DCFD9-7A2E-46F7-AF54-8948E0D1A8CB}C:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe |
"TCP Query User{864FCE63-0B06-47DF-8980-C4EDD46D82EA}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe |
"TCP Query User{88EA9193-F3F2-45BF-B3D1-CC9DC192DC0F}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{8A3CB605-F13A-44EF-9646-36F83AFE2EC6}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{8AA61718-36F7-41B5-8D10-B97D1AC21881}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{8DF04696-E822-453B-A7CD-3D0E8A537419}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8FBDFB7E-9002-43BA-AE22-41846E854178}C:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe |
"TCP Query User{948170EA-E474-4899-9019-13339B38CB7D}C:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe |
"TCP Query User{96FB64EF-1818-408F-9EDD-5554D05C0270}C:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe |
"TCP Query User{971A1A21-0C01-408B-B3E0-2D33FBB0540B}C:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe |
"TCP Query User{999C8B17-29E6-460D-921E-DFBEEC3D324F}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"TCP Query User{9CDD04EA-7426-43EC-A1EF-3EAD7A8BAA3D}C:\users\blub\appdata\local\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\local\dyyno receiver\dppm.exe |
"TCP Query User{A3889922-A3CB-4E68-AE16-650B9D005E42}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{AB1AE069-58F1-4A48-BEFE-C6A55BB76392}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{AEEB176C-7C5D-43FC-A8D0-0D7B1B241CA1}C:\users\blub\desktop\neuer ordner (3)\dx.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner (3)\dx.exe |
"TCP Query User{AF3F7AC2-4570-4580-923C-D184299ADE25}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"TCP Query User{B673B0BB-9145-4565-8F56-01E1766CF08F}C:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe |
"TCP Query User{B9032F5F-010F-4DA6-A17E-2EB1EEC1BB41}C:\users\blub\desktop\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\worms armageddon\wa.exe |
"TCP Query User{BAE3E225-F4D1-4ECB-8F87-A46785E5B4E8}C:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe |
"TCP Query User{BB3579F7-7CEB-4F0B-B223-C618F8AD991F}C:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe |
"TCP Query User{BBCBD572-6D23-4F38-A9CF-0512F9517EBE}C:\users\blub\desktop\dg - mangos\realmd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\dg - mangos\realmd.exe |
"TCP Query User{C17636CA-EA44-42E3-99B5-4D7C247E3B8D}C:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe |
"TCP Query User{C1DAB5FE-8184-4A3D-AED7-F9D505E4A17D}\\soeren\games\age of empiresii\empires2.exe" = protocol=6 | dir=in | app=\\soeren\games\age of empiresii\empires2.exe |
"TCP Query User{C2D1FE59-05E7-4941-97CF-E899E4F31CA6}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{C2F89E00-19B5-40C6-AFE6-460A021121CD}C:\users\blub\desktop\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\counter-strike source\hl2.exe |
"TCP Query User{C4EDAAE4-C737-4DB2-B74A-EEFC428148EF}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{C9EF19EF-E9E0-420D-A985-98C48B049D4D}C:\users\blub\desktop\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\valve\hl.exe |
"TCP Query User{CA32B620-ECFB-49C4-8136-DA32059D00C4}C:\users\blub\desktop\cod4\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\cod4\iw3mp.exe |
"TCP Query User{CDA35547-E630-45D9-AFF0-9AD0101F5112}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{CE689387-F08E-4340-B36A-8B91F49AE1E1}C:\program files (x86)\tortun\gui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"TCP Query User{D148C603-D7A4-4A7D-B0A6-9D5DFDF274E7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{D2FA20E0-8B90-456B-8F5E-F140D5997C14}C:\users\blub\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\blub\appdata\locallow\dyyno receiver\dppm.exe |
"TCP Query User{D36A0FE7-3A94-40A3-B8EB-26F04996800F}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"TCP Query User{D3D921DE-23E7-4F97-95CF-6A7AC417D1A1}C:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe |
"TCP Query User{D58E899C-5AAC-4D58-AE88-71AEDC1F3C18}C:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"TCP Query User{DE2934B0-0249-4D83-9C1F-A1DC1259EA67}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{E73300A0-8443-4378-A18D-E50752CA017C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{EC05A8D3-A730-4A6E-8895-281BDDE3A72F}C:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe |
"TCP Query User{EE5B85B8-8621-465F-818F-590D0459750B}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{F19B6413-37FE-4018-92A4-D8F0F1E01114}C:\users\blub\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\warcraft iii\war3.exe |
"TCP Query User{F6328364-CD49-4B19-83C0-D979AC20BF7D}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{F7E13548-723E-4169-A14D-0CCA8DED1465}C:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"UDP Query User{04BE7518-CF86-4692-915C-56A4CC331666}C:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\worms armageddon\wa.exe |
"UDP Query User{05A8E5ED-D2F0-4045-AE31-39B92A0ED6BC}C:\users\blub\desktop\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\ut2004\system\ut2004.exe |
"UDP Query User{07B7AE82-97A4-4B8C-B4CA-A17A4737BC65}C:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\cod4\iw3mp.exe |
"UDP Query User{097B793F-B6AD-4892-A0F6-B074C709E516}C:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{0DB93BFA-FCE7-40B3-8135-E01AFDCF870A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{0F888632-92FA-458C-BEEE-11CEA1B2E758}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe |
"UDP Query User{0F8D2C33-3882-42AB-B735-425407A1C321}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{10109B2C-16F9-4473-8019-9A577A06708E}C:\program files\world of warcraft beta\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"UDP Query User{162FC2F1-058A-432C-B9FB-41E3B82A5F35}C:\users\blub\desktop\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\tmnationsforever\tmforever.exe |
"UDP Query User{1C69ACD0-7346-4B92-9FF6-4B5B0A080165}C:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan an jan-01ec7a27330\hl2.exe |
"UDP Query User{1D7B2BEC-84C3-476A-B33E-53BF6C334BC9}C:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront\battlefront\gamedata\battlefront.exe |
"UDP Query User{1DF29935-3642-436B-AD13-48BE08C5BD1E}C:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\source-lan\hl2.exe |
"UDP Query User{2B456A91-6879-462C-AEFC-0EAB348A1151}C:\users\blub\desktop\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\xiii\system\xiii.exe |
"UDP Query User{2CFC2079-29D3-42EB-9F41-FB45AA607216}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe |
"UDP Query User{2ED4FAB2-7242-4791-8269-9589219FE406}C:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii\war3.exe |
"UDP Query User{30DEFF4E-30C6-443E-9AAE-C97720D69B42}C:\users\blub\desktop\dg - mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\dg - mangos\mangosd.exe |
"UDP Query User{33262D80-5004-4CD6-979A-CA8B16B37040}C:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"UDP Query User{39175166-91FA-402A-8EB2-7ECEEFAC8BAD}C:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\mangosd.exe |
"UDP Query User{39EBD447-A01D-41BD-962B-64E645622301}C:\users\blub\desktop\neuer ordner (3)\dx.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner (3)\dx.exe |
"UDP Query User{3D37212E-185D-4023-8908-2E0F41D3069A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3F68D1A9-3C75-43E8-9919-93C047BB616F}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{4236A288-D6D7-4C4F-B640-7376C8F0A252}C:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\far cry(geht)\bin32\farcry.exe |
"UDP Query User{464AE905-B702-4983-82EE-2264EA2ACD14}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe |
"UDP Query User{4B106ACC-8909-4300-8DDE-29C71D06DDA3}C:\users\blub\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\warcraft iii\war3.exe |
"UDP Query User{4F4A48C3-D0AA-415D-BA93-32853F1FF37D}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17\war3.exe |
"UDP Query User{50493F05-71C3-44BD-BF99-0D6CB2963F0A}C:\program files (x86)\tortun\gui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tortun\gui.exe |
"UDP Query User{55A4C9FC-E476-4D5F-961A-A89B1E9E21EF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{55E037CA-426F-4FE9-B6A6-623E1C31C826}C:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{58C50F49-278F-4945-8E59-31A767501D89}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{5DCA5BD1-4670-445B-BF2A-368DE68CCE8A}\\soeren\games\age of empiresii\empires2.exe" = protocol=17 | dir=in | app=\\soeren\games\age of empiresii\empires2.exe |
"UDP Query User{607E039F-8B7C-4FFB-8EFD-6799921040C0}C:\sierra\ee-zde\ee-aoc (2).exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc (2).exe |
"UDP Query User{61AA40FF-A4AC-4A87-B29B-DD2D1FBAA44D}C:\users\blub\desktop\stronghold\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\stronghold\stronghold crusader.exe |
"UDP Query User{638E8C6E-7BEC-48E8-BF37-FE62FB10C062}C:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout\flatout.exe |
"UDP Query User{64CFB000-967F-436F-9A7E-B10B6B3C9605}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{684BF62F-0CAE-4617-999E-58B00B8B5B4F}C:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_05\bin\javaw.exe |
"UDP Query User{69E5CE65-4F51-4B9A-A735-9FACA2CF9E92}C:\users\blub\desktop\mangos server\dg - mangos\realmd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\mangos server\dg - mangos\realmd.exe |
"UDP Query User{6FCA580D-2471-4480-B18A-CD542E0E1DF4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{74E50039-718F-4663-ACB5-F7E7F033A2E9}C:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\tmnationsforever\tmforever.exe |
"UDP Query User{7B7CF558-B883-4BEA-88F1-8ABCC056D5CE}C:\users\blub\desktop\flatout\flatout.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\flatout\flatout.exe |
"UDP Query User{7CB41976-3D88-4B0E-84B4-5EB9635971B8}C:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.3.3.7799-to-0.4.0.7897-dede-downloader.exe |
"UDP Query User{818F2364-4CCD-4FA9-B101-51DFC0733919}C:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii 1.17 an sebastians computer (sebastian)\war3.exe |
"UDP Query User{88BA9FAD-F5A2-4906-9B62-2DA1DB8D927A}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{8AEB909D-C6B0-45D4-842B-36C758C215ED}C:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\flatout2\flatout2.exe |
"UDP Query User{8B1EE463-2FAE-49CA-A88D-FD0DF4B4F2BB}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |
"UDP Query User{8B5CE374-8819-45B0-AFA7-57318F8A0AF2}C:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\dead space\dead space.exe |
"UDP Query User{8BEA10BE-C65F-445B-9BA5-F9CD985D6170}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{8C5A97AA-B83E-4E81-B803-DFB5CC645D41}C:\users\blub\desktop\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\valve\hl.exe |
"UDP Query User{906CFD00-CEE4-49B1-86E5-352EC565040E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{90FD74F7-1FE1-4701-A357-705D8E1B525E}C:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\lan-kurve\ipcurve\ipcurve.exe |
"UDP Query User{912C4E25-8BBA-42B7-A63D-8719A0BE0AFB}C:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\call of duty\codmp.exe |
"UDP Query User{928C1903-F6F7-4695-9761-8908BB5B33D5}C:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\eidos interactive\object software (beijing) co., ltd\im jahr des drachen\sanguo.exe |
"UDP Query User{94878407-284A-4EF9-9DE4-785427B953F8}C:\users\blub\desktop\cod4\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\cod4\iw3mp.exe |
"UDP Query User{95AF5BF4-9679-44A1-886E-0D273857A226}C:\users\blub\appdata\local\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\local\dyyno receiver\dppm.exe |
"UDP Query User{99C35F84-A444-4D41-BAB2-9949F3BC3204}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{9C78EB0E-8870-4D5F-AD46-39F7BBE9524C}C:\users\blub\desktop\cabaltemp\estsetuploader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\cabaltemp\estsetuploader.exe |
"UDP Query User{9E13CA69-9F22-49F5-B301-E1DBB3E0BCE9}C:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\lan-kurve\ipcurve\ipcurve.exe |
"UDP Query User{9E4C1147-BB6C-474E-AC34-31755527205C}C:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\3.0.2.8916 ptr installer eu\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"UDP Query User{A0426E05-294B-4D99-AAED-CD82CEE7FB08}C:\users\blub\desktop\gotcha!\gotcha.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\gotcha!\gotcha.exe |
"UDP Query User{A8A49E56-3EC8-4071-A509-6F2F0D26BEEE}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{A8E3D995-D0A3-4F8D-B2CE-E3DDCF5BEA30}C:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"UDP Query User{ACEF5D13-3EFB-4ECE-BD30-98BB484F5C32}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{AEC4E53F-9A77-42F0-8E95-DA396C831B16}C:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\source dedicated server\srcds.exe |
"UDP Query User{AFC7A7DB-2B25-4B7A-B335-B14D96CE7589}C:\users\blub\desktop\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\counter-strike source\hl2.exe |
"UDP Query User{B0242723-7AFD-4C62-99FB-EACC8A6F7BE2}C:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"UDP Query User{B10D2825-2303-44B9-9565-D01DB4560093}C:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\downloads\wow-2.4.2.8278-to-0.4.3.8478-dede-downloader.exe |
"UDP Query User{B33B64E4-23FB-402D-A2FD-4AC878B9D7B9}C:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\battlefront ii [crack]\gamedata\battlefrontii.exe |
"UDP Query User{B625BB6E-43AD-4495-BE83-DF76BBB38288}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{C5E8F48F-A2B5-4106-A2EB-2489B06A593C}C:\program files\world of warcraft beta\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\blizzard downloader.exe |
"UDP Query User{C62F3AF4-DD72-4B1D-8055-D4BFE9DE0946}C:\users\blub\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\blub\appdata\locallow\dyyno receiver\dppm.exe |
"UDP Query User{C97329C2-6D05-4011-A747-60542885F642}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{CA638E1A-AAC8-4771-BD98-CD6BF4D68B08}C:\users\blub\desktop\dg - mangos\realmd.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\dg - mangos\realmd.exe |
"UDP Query User{CBC6F1D3-E612-4809-9881-25E19EC7C291}\\soeren\games\age of empiresii\age2_x1.exe" = protocol=17 | dir=in | app=\\soeren\games\age of empiresii\age2_x1.exe |
"UDP Query User{CD3159D3-FB3C-4E87-A7A1-65796CB195BA}C:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.2.7741-to-2.3.3.7799-engb-downloader.exe |
"UDP Query User{CE763308-89FF-42DB-887D-1D90DFF74893}C:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\counter-strike source\hl2.exe |
"UDP Query User{D01848A3-8594-49F8-A794-3D77255ACFE7}C:\sierra\ee-zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\ee-zde\ee-aoc.exe |
"UDP Query User{D64A7A5D-F97D-4267-8451-A4FD10F4B9A3}C:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"UDP Query User{D8B3BC60-CEC3-46D3-BB33-C61E540F2398}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{E06196A5-C27F-4E4A-B501-26E17B5A5013}C:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\killer1673\half-life 2 deathmatch\hl2.exe |
"UDP Query User{E147E616-854E-47F5-B48C-E81EB6AA1401}C:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\wow-2.3.0.7561-to-0.3.2.7627-engb-downloader.exe |
"UDP Query User{E3452429-2DAD-4276-89D3-F2E0443591AD}C:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\warcraft iii (org)\war3.exe |
"UDP Query User{E7B6F56D-276A-4EF1-8621-C0C50B26739F}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"UDP Query User{EC0092D3-0122-40DF-8887-BB632B493C7A}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{F6AFECEB-23B1-4BD4-A089-B188231C8785}C:\users\blub\desktop\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\worms armageddon\wa.exe |
"UDP Query User{FB4DC75A-A07D-4A67-9E19-F0B03197828F}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{FBB93E2A-1790-41B1-BCF6-EC54689A8D0D}C:\users\blub\desktop\neuer ordner\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\blub\desktop\neuer ordner\games\valve\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02412CEB-47C0-4157-80DE-6E96AAE67604}" = MySQL Server 5.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07C903D3-2996-4683-9B49-7839207148CA}" = NGists G15/TeamSpeak Display
"{08CFF9D1-BD86-4CA3-BC4A-AC51EF7640A4}" = X-Fi Forte 7.1
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{38281E4F-B7AF-42C6-B7F9-8C9DC0024A16}" = MorphVOX Pro
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5454085C-840F-4070-8FAA-441000028301}" = BioShock 2
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.14p, 2010.04.20
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB9EA451-351D-4EDC-B23E-BFECFCEC0E0F}" = Sven XXX - XS
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (murb.com Edition) 2.2
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"Avira Unerase Personal" = Avira Unerase Personal
"Battle.net" = Battle.net
"ColorPic" = ColorPic
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Media Codec" = DivX Media Codec 4.2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"EADM" = EA Download Manager
"EPSON Stylus C110_D120 Benutzerhandbuch" = EPSON Stylus C110_D120 Handbuch
"FLV Player" = FLV Player 2.0, build 23
"Fraps" = Fraps (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"Garena" = Garena
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.1.5
"HD Tune Pro_is1" = HD Tune Pro 4.60
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Basic 6.0 Ablaufmodell Edition (deu)" = Microsoft Visual Basic 6.0 Ablaufmodell Edition (Deutsch)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDF Reader 2" = PDF Reader 2
"Peggle Nights Deluxe" = Peggle Nights Deluxe
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Postal 2" = Postal 2
"Postal 2_is1" = Portal 2
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"Runic Games Torchlight" = Torchlight
"Steam App 11020" = TrackMania Nations Forever
"Steam App 13140" = America's Army 3
"Steam App 17470" = Dead Space
"Steam App 19900" = Far Cry 2
"Steam App 205" = Source Dedicated Server
"Steam App 22380" = Fallout: New Vegas
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 3302" = Bejeweled 2 Deluxe Demo
"Steam App 3312" = Chuzzle Deluxe Demo
"Steam App 3483" = Peggle Extreme
"Steam App 3562" = Bejeweled Twist Demo
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 45700" = Devil May Cry 4
"Steam App 46750" = Dark Fall: Lost Souls
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6200" = Ghost Master
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SWiSH Max2" = SWiSH Max2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmUnitedForever_is1" = TmUnitedForever StarEdition
"Tunngle beta_is1" = Tunngle beta
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Videoload Manager" = Videoload Manager 1.0.1545
"VideoMach 4.0.2" = VideoMach 4.0.2
"VLC media player" = VLC media player 1.1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2011 16:41:38 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Crysis2.exe, Version 1.0.0.5858 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 13c8 Anfangszeit: 01cbee4d5015ecd2 Zeitpunkt der Beendigung:
163
Error - 29.03.2011 16:46:10 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: c04 Anfangszeit: 01cbee1ee5e84f22 Zeitpunkt
der Beendigung: 22
Error - 03.04.2011 16:59:35 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: f74 Anfangszeit: 01cbf21ac8a25a64 Zeitpunkt der Beendigung:
2392
Error - 07.04.2011 12:02:12 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 900 Anfangszeit: 01cbf53c118e3a87 Zeitpunkt der Beendigung:
67
Error - 15.04.2011 12:17:10 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.968.628 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 2e0 Anfangszeit: 01cbfb872b399c6d Zeitpunkt der Beendigung:
64
Error - 17.04.2011 12:48:55 | Computer Name = x | Source = Application Hang | ID = 1002
Description = Programm LeagueofLegends.exe, Version 0.0.0.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 12e0 Anfangszeit: 01cbfd1e1b632640 Zeitpunkt
der Beendigung: 7
Error - 17.04.2011 16:27:16 | Computer Name = x | Source = System Restore | ID = 8193
Description =
Error - 21.04.2011 10:27:14 | Computer Name = x | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung portal2.exe, Version 0.0.0.0, Zeitstempel 0x4d4c804d,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x1480, Anwendungsstartzeit 01cc00300e0b8d10.
Error - 21.04.2011 10:27:21 | Computer Name = x | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung portal2.exe, Version 0.0.0.0, Zeitstempel 0x4d4c804d,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x6f725056, Prozess-ID 0x1480, Anwendungsstartzeit 01cc00300e0b8d10.
Error - 21.04.2011 12:23:11 | Computer Name = x | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ NetLimiter 3 Events ]
Error - 17.04.2011 01:38:50 | Computer Name = x| Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 18.04.2011 11:36:31 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 19.04.2011 10:00:30 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 20.04.2011 09:20:57 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 21.04.2011 10:52:08 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 21.04.2011 11:16:04 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 21.04.2011 11:26:42 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 21.04.2011 11:49:19 | Computer Name =x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 21.04.2011 12:29:38 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
Error - 21.04.2011 12:40:09 | Computer Name = x | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
[ System Events ]
Error - 21.04.2011 12:29:49 | Computer Name = x | Source = Service Control Manager | ID = 7026
Description =
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = Service Control Manager | ID = 7009
Description =
Error - 21.04.2011 12:31:21 | Computer Name = x | Source = Service Control Manager | ID = 7000
Description =
Error - 21.04.2011 12:34:59 | Computer Name = x | Source = Service Control Manager | ID = 7022
Description =
Error - 21.04.2011 12:39:54 | Computer Name =x | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.04.2011 um 18:37:26 unerwartet heruntergefahren.
Error - 21.04.2011 12:39:59 | Computer Name = x| Source = HTTP | ID = 15016
Description =
Error - 21.04.2011 12:41:45 | Computer Name = x | Source = Service Control Manager | ID = 7022
Description =
Error - 21.04.2011 12:41:46 | Computer Name = x | Source = Service Control Manager | ID = 7026
Description =
Error - 21.04.2011 21:00:52 | Computer Name = x | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
< End of report >
|
|
22.04.2011, 12:10
| #5 |
| /// Malware-holic | TR/Kazy.20156 seit gestern Abend • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-3970948967-3463315275-2260971500-1000..\Run: [Dbedejimijigok] C:\Users\Blub\AppData\Local\pshqlF.dll (Acronis) :Files C:\Users\Blub\AppData\Local\pshqlF.dll :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 12:36
| #6 |
| | TR/Kazy.20156 seit gestern Abend so hier schon mal das PHP-Code: Porcessing C:\" aber irgendwie sieht es so aus als würd sich garnix tun passt das? |
|
22.04.2011, 12:44
| #7 |
| /// Malware-holic | TR/Kazy.20156 seit gestern Abend das dauert immer ne weile. und das nächste mal bitte nicht in php code posten. falls unhide nach 20 min immernoch nicht fertig ist, brich mal ab und starte erneut, mit rechtsklick und als admin
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 12:57
| #8 |
| | TR/Kazy.20156 seit gestern Abend Achso sry dann noch mal so All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3970948967-3463315275-2260971500-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dbedejimijigok deleted successfully. C:\Users\Blub\AppData\Local\pshqlF.dll moved successfully. ========== FILES ========== File\Folder C:\Users\Blub\AppData\Local\pshqlF.dll not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Blub ->Flash cache emptied: 247923 bytes User: das ziehen! User: Default ->Flash cache emptied: 41085 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Sierra Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Blub ->Temp folder emptied: 3539088004 bytes ->Temporary Internet Files folder emptied: 73315084 bytes ->Java cache emptied: 10299 bytes ->FireFox cache emptied: 162162705 bytes ->Google Chrome cache emptied: 6271770 bytes ->Flash cache emptied: 0 bytes User: das ziehen! User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sierra %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 401408 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1268233505 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.816,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04222011_130935 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QD9EXZ4J\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYXAXUO8\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D55KAQ8V\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RY93GLB\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... unhide is jetzt fertig und hab die datei hochgeladen |
|
22.04.2011, 13:46
| #9 |
| /// Malware-holic | TR/Kazy.20156 seit gestern Abend download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 16:03
| #10 |
| | TR/Kazy.20156 seit gestern Abend So Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6417 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 22.04.2011 16:49:05 mbam-log-2011-04-22 (16-49-05).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Durchsuchte Objekte: 571921 Laufzeit: 1 Stunde(n), 55 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+nfdhfngXdaCxl (Trojan.Downloader.Gen) -> Value: uPc+nfdhfngXdaCxl -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ojifoxisigih (Trojan.Agent.U) -> Value: Ojifoxisigih -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Dbedejimijigok (Trojan.Agent.U) -> Value: Dbedejimijigok -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files (x86)\video add-on (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
22.04.2011, 16:04
| #11 |
| /// Malware-holic | TR/Kazy.20156 seit gestern Abend bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 16:40
| #12 |
| | TR/Kazy.20156 seit gestern Abend hm da scheint irgendwas schief gegangen zu sein und zwar habe ich die meldung bekommen "kann syntaktisch an dieser Stelle nicht verarbeitet werden", ich versuchs jetzt nochmal |
|
22.04.2011, 16:45
| #13 |
| | TR/Kazy.20156 seit gestern Abend hm ok wieder das gleiche die genaue Meldung ist: " "\STARtools\StartoolsUP\" ECHO. "C:\Program" kann syntaktisch an dieser Stelle nicht verarbeitet werden." |
|
22.04.2011, 16:48
| #14 |
| /// Malware-holic | TR/Kazy.20156 seit gestern Abend ok folgendes: sp2: Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone für x64-Systeme (KB948465) internet explorer 9: Internet Explorer - Microsoft Windows windows update: Microsoft Windows Update hier instalierst du so lange updates, bis es keine neuen mehr gibt. windows updates automatisch laden/instalieren: Aktivieren oder Deaktivieren von automatischen Updates damit dein system ab sofort immer aktuell bleibt. wenn du so weit bist, sag bescheid
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.04.2011, 16:54
| #15 |
| | TR/Kazy.20156 seit gestern Abend Ok wird wohl erstmal nen bissel dauern hab nich die schnellste Leitung |
|
| Themen zu TR/Kazy.20156 seit gestern Abend |
| abend, ad-aware, antivir, beheben, beschädigt, datei, datein, desktop, festplatte, festplatte beschädigt, gen, gestern, konnte, meldungen, momentan, platte, rechner, schonmal, sekunden, sichtbar, tan, titel, tr/kazy.20156, unsichtbar |
Linear-Darstellung
