| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Atraps.Gen festgestelltWindows 7 Hier gehören alle Fragen zum Thema Trojaner, Viren, Würmer, Dialer, Spyware und andere Plagegeister hinein. |
 |
28.04.2012, 21:51
| #1 |
 |  TR/Atraps.Gen festgestellt Guten Tag seit Kurzem habe ich den Trojaner TR/Atraps.Gen durch das Programm Avira festgestellt und komme erst jetzt dazu gegen ihn etwas zu unternehmen (PC wird auch von anderen benutzt) Der Trojaner hat einige Tage nichts getan, aber jetzt funktioniert der PC nicht mehr richtig (ich schreibe gerade über Laptop). -Windows braucht länger zum Starten. -Internet funktioniert gar nicht mehr auf dem PC. -Anti-Viren-Programme werden geblockt. System: Vista 32-bit Jetzt wollte ich eine Hilfsanfrage starten und habe wie gefordert zuerst die drei Schritte (defogger, dds, Gmer) gemacht. Leider funktionerte nur ersteres. dds startet erst gar nicht und GMER stürzt mitten im Scan ab. Daher im Anhang nur der Bericht von defogger. Ansonsten noch ein Bericht über einen kompletten Scan von Avira sowie ein kompletter Scan von Malwarebytes. Keine Ahnung warum im Avira Bericht der Trojaner nicht drin steht wo er doch 3 Dateien infiziert hatte. C:\Windows\System32\aptwx5day.dll C:\Windows\System32\d3dytd1vd.dll C:\Windows\System32\xptn0r8k.dll hatte er befallen. Hoffe ich habe alles soweit. Vielen Dank für eine schnelle Antwort MfG |
|
30.04.2012, 15:57
| #2 |
| /// Malware-holic   | AW: TR/Atraps.Gen festgestellt hi, Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten! http://markusg.trojaner-board.de Wenn Ihr uns unterstützen möchtet |
|
30.04.2012, 19:24
| #3 |
| | AW: TR/Atraps.Gen festgestellt Erstmal vielen Dank, dass du dich hier meldest Hier OTL.txt:OTL Logfile: Code:
OTL logfile created on: 30.04.2012 19:04:10 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,63% Memory free 10,72 Gb Paging File | 9,59 Gb Available in Paging File | 89,51% Paging File free Paging file location(s): c:\pagefile.sys 8000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 293,33 Gb Total Space | 37,09 Gb Free Space | 12,64% Space Free | Partition Type: NTFS Drive D: | 293,08 Gb Total Space | 109,62 Gb Free Space | 37,40% Space Free | Partition Type: NTFS Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive N: | 3,71 Gb Total Space | 3,55 Gb Free Space | 95,65% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.30 18:56:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.04.20 10:33:24 | 000,497,152 | ---- | M] (LOL Replay) -- C:\Programme\LOLReplay\LOLRecorder.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.31 09:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 00:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.12.18 11:13:54 | 000,132,560 | ---- | M] (United Internet AG) -- C:\Programme\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe ========== Modules (No Company Name) ========== MOD - [2012.04.20 10:33:22 | 000,265,728 | ---- | M] () -- C:\Programme\LOLReplay\LOLUtils.dll MOD - [2012.03.05 14:45:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2012.01.31 12:37:24 | 012,907,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\03c1786328450d3eb3129a6ee9c161d0\System.Windows.Forms.ni.dll MOD - [2012.01.31 12:37:17 | 001,653,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6abcaa7df5e346b0912197bcf7fcab15\System.Drawing.ni.dll MOD - [2012.01.31 12:37:10 | 005,764,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1d2279b148a6fb152f2a45b7d31fff2d\System.Xml.ni.dll MOD - [2012.01.31 12:37:06 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0360226da2794a6b15a262f3e48709ef\System.Configuration.ni.dll MOD - [2012.01.31 12:37:04 | 008,367,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9b3afa5f4ba74c561f0fa1bfceba7e0\System.ni.dll MOD - [2012.01.31 12:35:58 | 015,424,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3cdbdfe526ccd9eef32943313ea0231d\PresentationFramework.ni.dll MOD - [2012.01.31 12:35:44 | 013,094,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4861ab3c08650851bc270cebd6745e99\PresentationCore.ni.dll MOD - [2012.01.31 12:35:32 | 003,568,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a17ee74a7d2abf0a25e989efe881f3c\WindowsBase.ni.dll MOD - [2012.01.31 12:32:16 | 002,517,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\5f3a699a62a098beef04f48514c47a58\System.Core.ni.dll MOD - [2012.01.29 14:10:59 | 000,406,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6cd5c2f950025f574dde718eb20af161\PresentationFramework.Aero.ni.dll MOD - [2009.08.21 16:47:12 | 004,361,056 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2009.03.29 22:42:14 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 22:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.20 17:08:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.12 19:08:16 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.08.21 16:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009.08.21 16:39:22 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.21 16:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- d:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device) SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.12.18 11:13:54 | 000,132,560 | ---- | M] (United Internet AG) [Auto | Running] -- C:\Programme\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe -- (SmartSurferManager) SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2005.09.23 17:45:46 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.01.31 09:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 09:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.10.13 08:00:27 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.31 13:15:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.31 13:15:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.01.15 19:36:52 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.12.25 13:02:13 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PzWDM.sys -- (PzWDM) DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.02.12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm) DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.05.07 03:00:00 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE) DRV - [2007.05.07 03:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2005.09.23 17:38:44 | 000,316,928 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ) DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT) DRV - [2003.01.14 11:41:10 | 000,273,664 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\AGFUCAPI.sys -- (agfucapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19764&mntrId=2cec11f30000000000000007776409320932 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.09 10:26:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.15 18:39:29 | 000,000,000 | ---D | M] [2011.03.06 11:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.04.27 19:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions [2012.03.03 11:19:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.04.27 17:16:56 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.04.03 19:35:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\engine@conduit.com [2011.09.30 15:05:00 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\8ns316pj.default\extensions\ffxtlbr@babylon.com [2011.11.15 18:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8NS316PJ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8NS316PJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.09 10:26:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.06 13:14:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.09 10:26:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.24 17:54:18 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.04.09 10:26:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.09 10:26:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.09 10:26:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.09 10:26:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.09 10:26:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3059536D-C6FF-4A7F-BBB5-ED3FF977FDCB}: NameServer = 192.168.120.252,192.168.120.253 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.01.06 17:31:24 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2012.01.06 17:55:32 | 000,806,912 | R--- | M] (Ion Storm) - E:\Autorun.exe -- [ CDFS ] O33 - MountPoints2\{4e8aca29-e32b-11dd-9a8c-0021853ffcbf}\Shell - "" = AutoRun O33 - MountPoints2\{4e8aca29-e32b-11dd-9a8c-0021853ffcbf}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{73852072-12c9-11e1-adbc-9c3512d860d1}\Shell - "" = AutoRun O33 - MountPoints2\{73852072-12c9-11e1-adbc-9c3512d860d1}\Shell\AutoRun\command - "" = N:\AutoRun.exe O33 - MountPoints2\{880e8c92-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun O33 - MountPoints2\{880e8c92-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = J:\PopCDRun.exe O33 - MountPoints2\{880e8c95-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun O33 - MountPoints2\{880e8c95-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = L:\SETUP.EXE O33 - MountPoints2\{880e8c97-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell - "" = AutoRun O33 - MountPoints2\{880e8c97-6c2f-11e0-9dbb-e7d0c706d8ea}\Shell\AutoRun\command - "" = M:\SETUP.EXE O33 - MountPoints2\{b176a6b2-8a2c-11dd-ac62-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b176a6b2-8a2c-11dd-ac62-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.01.06 17:55:32 | 000,806,912 | R--- | M] (Ion Storm) O33 - MountPoints2\{ce9aac69-fba5-11de-9c88-0021853ffcbf}\Shell\AutoRun\command - "" = avira.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.30 19:03:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.27 17:54:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.04.27 17:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.27 17:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.27 17:53:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.27 17:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.27 17:53:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.60.0.1800.exe [2012.04.20 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Thief - Deadly Shadows [2012.04.20 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Thief - Deadly Shadows [2012.04.20 19:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Thief - Deadly Shadows [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.30 19:07:13 | 000,690,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.30 19:07:13 | 000,647,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.30 19:07:13 | 000,152,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.30 19:07:13 | 000,125,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.30 18:58:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 18:58:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.30 18:58:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.30 18:56:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.28 21:42:09 | 000,428,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.28 20:09:14 | 000,002,855 | ---- | M] () -- C:\Users\***\Desktop\dds.PIF [2012.04.28 19:59:19 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.04.28 17:05:08 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.04.27 17:55:04 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.27 17:53:23 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.60.0.1800.exe [2012.04.20 16:52:15 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.04.20 16:52:15 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.04.17 19:58:48 | 000,140,800 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.04.17 19:58:39 | 000,283,304 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.04.17 19:58:25 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.28 21:41:57 | 000,428,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.28 20:09:14 | 000,002,855 | ---- | C] () -- C:\Users\***\Desktop\dds.PIF [2012.04.28 19:59:02 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.04.27 17:53:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.31 22:40:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.12.31 22:39:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.04.21 18:45:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.04.21 18:45:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.04.21 18:45:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.04.21 18:18:10 | 000,070,308 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.04.14 11:30:01 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.02.17 18:50:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll [2010.11.20 19:49:45 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.30 20:18:57 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE [2010.10.13 08:00:27 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys [2010.06.20 18:01:57 | 000,000,674 | ---- | C] () -- C:\Windows\eReg.dat ========== LOP Check ========== [2010.04.22 16:04:41 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.08.12 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011.09.24 17:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2011.06.18 09:06:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2 [2010.08.29 10:50:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.10.17 11:14:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kanes Rache [2010.10.18 17:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.06.19 10:10:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools [2012.01.13 13:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.06.19 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2009.04.23 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FFSJ [2011.04.09 13:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2011.09.24 17:21:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2012.01.13 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft [2008.12.25 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.06.08 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2010.11.27 18:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.11.11 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.12.04 15:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT [2010.05.07 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games [2010.09.07 17:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation [2012.01.13 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartSurfer [2011.04.10 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2011.04.08 13:14:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2011.04.06 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.01.13 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2011.05.30 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net [2008.12.30 14:42:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEBDE [2012.04.28 17:05:08 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.04.28 17:08:52 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%. > < %PROGRAMFILES%.exe > < %LOCALAPPDATA%.exe > < %systemroot%. mp s > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%system32.dll lockedfiles > < %USERPROFILE%. > < %USERPROFILE%Local SettingsTemp.exe > < %USERPROFILE%Local SettingsTemp.dll > < %USERPROFILE%Application Data.exe > < HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystemsWindows rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 56044 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Und hier Extras.txt:OTL Logfile: Code:
OTL Extras logfile created on: 30.04.2012 19:04:10 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,63% Memory free
10,72 Gb Paging File | 9,59 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 37,09 Gb Free Space | 12,64% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 109,62 Gb Free Space | 37,40% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 3,71 Gb Total Space | 3,55 Gb Free Space | 95,65% Space Free | Partition Type: FAT32
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"D:\Program Files\Combat Arms EU\CombatArms.exe" = D:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"D:\Program Files\Combat Arms EU\Engine.exe" = D:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0395D966-5124-478E-BB1A-8B4013589898}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0B074541-DCE1-4E13-A596-68BEED113198}" = lport=445 | protocol=6 | dir=in | app=system |
"{10F249D5-4925-42C8-80D6-3CF020C64A26}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B4B318C-5D00-4B7C-B555-5AD364E35294}" = lport=138 | protocol=17 | dir=in | app=system |
"{253E8AC0-9FE5-41DA-AB24-217766B9A325}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{4D1D05ED-B8D4-46B4-A374-AF5EFA0F132D}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B392386-BE32-4967-9959-93E3011523ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E8CFE6B-AC05-4145-A698-38C3CD790973}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{742E9F08-44F0-4629-9A0F-A77D6FEDD002}" = lport=139 | protocol=6 | dir=in | app=system |
"{7809D06C-8CE5-4D82-979B-A094B276F251}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8832AD9B-0AB8-435D-81D8-3960A46C167F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8BEBDF46-68CA-4FF4-9CDC-881FC3E70293}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6E254F5-51E1-4ABF-982E-68C7F9662FA2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{AD8B79A8-420B-48F1-9D32-0781539D8C9F}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4043FFD-6C9B-4150-9810-E0BA7C5443C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE759ACE-AE52-42DB-BEAD-6D18B099C819}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039C1103-3FC4-4AD5-896B-1219957CD743}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{08E48ED4-342A-45C8-BC40-EAE14BA7B2ED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B277B2C-D8AC-48CA-8679-7E5D77C52124}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0D69C4EF-4967-4C70-A4BA-3DB7665E6ADD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0FEF0ED0-299A-4D82-A366-C1E60F52F52F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{1103BF39-4F8C-485D-B751-F72419842DAD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{11AC2C7A-3E65-4336-9A71-DD3CE55CE40E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1253CDD9-4F31-4E22-BEB9-92EAD6A26237}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{131D4B7F-5AB1-4D73-8755-ADA03C1BAADD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{15B13F34-82D0-4BAD-8CA3-1051C3D21046}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{1997CB96-7552-494E-BAA8-467343A8C1E9}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{19C85426-B25C-4597-9CC4-9F3D53524B1D}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{1B50BEE7-6785-4CB6-92CE-8038E30918A0}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{1D463E1B-9315-4D0A-A66F-C845DC330165}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A730283-FE19-4920-944E-460DC4831394}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{2EF8AE37-3F12-4733-ACE7-7ADDF31B0815}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
"{3832F267-0C1A-42F7-83A7-F828F250BF5B}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{3B24459D-2515-4813-8297-46673257B304}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{3B468A51-7935-4C53-AAA4-EA22421CA4BC}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{3DFFA4A8-816F-4402-A5F9-7851407B1FD1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3FDBA2EF-A5A1-493E-9145-42CD5C964550}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40BD987E-FE24-4487-96D8-04AF788401F8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{43BC04D6-FD7A-48BD-921F-8B9100060A01}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{45D91E8A-1E30-4360-A413-1E3ACAD9D493}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe |
"{47570617-57E5-48BE-9234-DA55A32B318C}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{51CEB41A-2E02-43C5-B7F8-E9AE03D67C93}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{541EFD1F-1790-495B-8AD0-FFBD29A4E14A}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{550F0D9C-2759-4034-B1C3-01B51E52FC4A}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{595C85C0-B813-4C14-A99D-1AD49240EA1D}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{59C549CD-F2FA-495F-B7BE-B49821FBB645}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe |
"{5B8C4E44-0F97-4F04-A232-0A465A807757}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5F4F4A9E-5999-400C-858C-E9A722D22980}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\blackprophecy.exe |
"{5F78F51E-243A-4197-90F6-3D17CDC36086}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{62131C02-BEE1-46DC-BA2C-4B0691537111}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{678054F7-B923-4565-945D-BFECFA7AAD1A}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\launcher.exe |
"{6A0918DD-2C36-466D-B99F-C59C6816E7B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7215D894-967B-4F77-A690-302DCD0D5E35}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{72C1AC9B-2689-4A51-926D-FAC9F6055B1C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{73B7353A-B379-4A54-AF13-FECEA99D5C96}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
"{7624909E-7878-44ED-9203-F1C94E410B91}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\launcher.exe |
"{76B9D823-7611-40A7-9A8B-F72E5E5305BF}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{778F3C38-07A5-467C-B8CE-E47B284D329C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{782E9C2C-1C57-4E41-924F-BB981004259E}" = protocol=17 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{79E1F77C-80EA-4D7C-9E67-33AFB1C6290A}" = protocol=6 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"{7AA113C5-3152-47BA-BC28-41F4A16098B3}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\launcheflc.exe |
"{7F388A50-DEE1-4D6C-897A-0C62CD1097E4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{84245EDF-A8E6-47C1-AB7B-BDBA4787D5F3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{845F6259-2F67-4530-9F6C-F023D8EB7738}" = protocol=17 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\patcher.exe |
"{84A116CE-8287-4ECA-9E9F-5F826164DB8F}" = protocol=17 | dir=in | app=d:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{8BFBD4C6-3B61-4522-9A8C-6F22E5B5953C}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{8C8CDF9D-029F-4AEE-8E95-0E035F88C0CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E2D8158-45EE-49BC-BC9A-8182D43B67AE}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{95561682-1890-4704-A8B9-F77323AD4182}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe |
"{98833D45-2301-4C74-92C1-9EBB8C5ED320}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\patcher.exe |
"{989B4984-63C8-4D00-B907-279B216C1DC4}" = protocol=6 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{99F92906-07D2-4DB2-A25F-505A0A24412D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9BD1C6DF-F6DA-41FB-BE31-D0D6755E994A}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9E07DAD7-1696-4603-A3AD-80B17E6A793D}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{9FEFF40F-2749-4BA5-BDB9-79C053D953D6}" = protocol=17 | dir=in | app=d:\program files\combat arms eu\nmservice.exe |
"{A12A4BF5-1F09-42A9-B2EA-CCE3B13C1F72}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{A37A02E1-E77A-4D76-BE10-C28206868CA8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A44EB374-80E8-4870-B089-840883709F32}" = protocol=6 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{ABAE2BA1-34DE-49CE-9BE6-8F340DCEB44D}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{AD6BBDD6-E5F0-40E0-AFF9-F95A78513F51}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{B3AC6BCD-064E-40D2-B58D-5664911D3ACE}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B8D8B61B-C60E-4414-B1D1-B999AFC9938A}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{B921883F-F2B0-4737-A7C0-448097BAA241}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{BB1B4D66-0268-43DA-ACC4-E9A296A90BC1}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{BC2C7675-A3C9-4404-B507-BC12B442ED1E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BF8D7381-1CAC-4536-ABF9-BBE643D5445C}" = protocol=17 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{C06F3282-ADAD-44EB-9CF0-09D22259CB68}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire.exe |
"{C0C6188A-9971-4C9D-B87B-8721CB2C5C73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C4F9D52A-509C-4B91-B73E-098F9B14CE50}" = protocol=6 | dir=in | app=d:\program files\kalypso\sins of a solar empire\sins of a solar empire diplomacy.exe |
"{C50969D3-EFC4-41A4-970E-3D413C3E757B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7236144-A2B3-4047-A2BF-3754EA89DA77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C8193F27-1869-4179-A128-73F41FD6B798}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe |
"{CC9CFEB2-EC4D-41BA-A7E0-A116226A8247}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{D095E801-56C6-4D0B-9313-73952CA1A3F5}" = protocol=17 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D4BFACC7-FC45-4912-A5A2-B680BB76ABB3}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe |
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{DDE41A50-73A3-4609-9220-D46869DB953E}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DF693DEC-C2D3-4B98-B119-C1D715DF5CBB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{E35E42A5-AA14-4A89-9FCD-533FB37AF8DC}" = protocol=17 | dir=in | app=d:\program files\rockstar games\eflc\eflc.exe |
"{E3F4D504-2189-49BA-B5E6-87D292B49AE0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{E46C46D3-12F1-4EA2-9A38-889B27F4A025}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E5A54859-9308-45D7-AD37-575F2A1A37CB}" = protocol=6 | dir=in | app=d:\program files\combat arms eu\nmservice.exe |
"{E9D1C5E7-BD9D-4F38-83BA-518A07D81B9D}" = protocol=6 | dir=in | app=d:\program files\gamigo\black prophecy\bin\win32\blackprophecy.exe |
"{F02DC6E8-4781-4672-B9D0-105D98D8B775}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{F2A0DCA4-DD2A-40A2-AD26-9937CFD318F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F5FE6640-9394-4816-B83C-4B6437EFE7E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{F610FEF9-52B1-46A8-B803-5247BBDAE6A0}" = protocol=6 | dir=in | app=d:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{F86EDB41-43F4-4A78-B7BC-3563BF63EC75}" = protocol=17 | dir=in | app=d:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{F9CCC119-6AD7-46BA-8C2E-C64A8A25846D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FBFDED03-C66D-421D-947B-6AE0877045EE}" = protocol=6 | dir=in | app=d:\program files\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{FC2AB6EB-CC82-45BA-B5D4-27A1F3A7E087}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{029A61C0-ACAC-4212-8EC7-4F478732E2E1}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{043BD321-CE6C-4640-910C-DB86B853F2F6}C:\program files\frozen synapse\frozensynapse.exe" = protocol=6 | dir=in | app=c:\program files\frozen synapse\frozensynapse.exe |
"TCP Query User{0465769C-4FAB-49FE-90A4-352DB536A932}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"TCP Query User{452ECE8F-ABEC-43B0-8835-63212324EF3B}C:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe |
"TCP Query User{5B25FB28-0650-4EBA-AB8B-C246EF8F9823}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{8170F916-555C-49EC-8D72-3CCEE083855B}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{83360715-7875-4E12-8793-889BA8CF0625}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{8E497A54-DCE9-4DA6-A8D2-11AC938F0FF3}C:\program files\defcon\defcon (2).exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon (2).exe |
"TCP Query User{8F274C24-81E0-40B1-AF16-FEA02AF085D9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8FF86361-C44C-4894-BAC1-DB56FDAD0217}D:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=d:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"TCP Query User{90EF570A-9779-4689-8DB1-5936C09A852D}D:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe |
"TCP Query User{941725AC-8AEB-4DAB-B229-BA54DCA20C0E}D:\programme\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=d:\programme\thq\company of heroes\reliccoh.exe |
"TCP Query User{989714AC-C7AD-4911-97C4-4DA41857C7D2}C:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"TCP Query User{A7BF466F-2F30-4491-8E95-A91873A89050}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{A9CEEB4A-5DB2-4C79-BB2D-106488A5343B}D:\program files\combat arms eu\engine.exe" = protocol=6 | dir=in | app=d:\program files\combat arms eu\engine.exe |
"TCP Query User{AF6C71AA-8274-4619-B604-FAA0ABF2E414}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{B1D7CAFA-635D-4750-9743-08F8FFBC00B7}C:\program files\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files\defcon\defcon.exe |
"TCP Query User{B8785842-9A50-41E7-AE7B-9911EBAC0EBB}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{BCEB1D43-6598-4C28-9886-CFAA21210F93}D:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{BEF1A818-E3C7-4BDC-AC4C-629DE0E607B7}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{D1621A1C-5231-47B2-A48D-ED4EC4680496}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{E1576CF9-6384-47BD-9C92-57571CDB2E0D}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"TCP Query User{E38BF9B6-E7F5-4E00-91B9-D0348227FEBF}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{E45E443E-7D8E-4C28-A005-3B26735B7E8B}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{E5B8197E-BA10-4000-92E7-1F0491F0239A}C:\users\***\desktop\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\world of warcraft\repair.exe |
"TCP Query User{EA7F38C1-3CB8-41FD-A183-D6EF9B1F5815}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{01A068DB-7E74-4F1D-892E-0D5B3A79949E}D:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\programme\r.u.s.e\r.u.s.e\uplaybrowser\uplaybrowser.exe |
"UDP Query User{1B90522C-A771-4D5C-B119-EF405CE17E33}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{1CB2256E-4A91-496F-8FE3-FF3B30AF1010}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{340801C1-0314-495C-8610-D9D14F626040}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4911193B-D101-4BB3-A7E9-2908890099EF}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{56C708EC-F91D-4A65-A693-57E7E80E31F1}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{70BBFE8B-9737-44B3-9826-A7F70B238F69}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{7528C4CE-B7C1-4C5C-9E6D-4C437024689B}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{84B52E3C-3667-48A2-BC89-DC7988DF5AF2}C:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pcftw333\team fortress 2\hl2.exe |
"UDP Query User{895FC838-40BC-4F07-9680-D0A081C563B1}D:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=d:\program files\stunlock studios\bloodline champions\binary\bloodlinechampions.exe |
"UDP Query User{89A6AC7A-6D5B-4B8A-B306-6615B121F8B3}C:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\der herr der ringe® - die eroberung™\conquest.exe |
"UDP Query User{8BE9652E-9D57-4C29-9F60-303D1537D6B4}C:\program files\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon.exe |
"UDP Query User{94DE0A5A-A223-4F58-BB7A-7B71FE5F9A4C}C:\users\***\desktop\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\world of warcraft\repair.exe |
"UDP Query User{98276506-1E2D-4E76-8185-F10966BA3556}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{9FDA8560-9621-45B5-8D91-6C4A2C18FDD4}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{AC2320E8-85BF-4055-9C71-D72031036690}C:\program files\frozen synapse\frozensynapse.exe" = protocol=17 | dir=in | app=c:\program files\frozen synapse\frozensynapse.exe |
"UDP Query User{ADFF1377-669B-4252-9A2F-C3B55C4508E1}C:\program files\defcon\defcon (2).exe" = protocol=17 | dir=in | app=c:\program files\defcon\defcon (2).exe |
"UDP Query User{B8877521-C136-4092-9766-E9ABA6DD725E}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{BCFD42F1-F777-4B89-B130-36EB50F2786E}D:\program files\combat arms eu\engine.exe" = protocol=17 | dir=in | app=d:\program files\combat arms eu\engine.exe |
"UDP Query User{CDDA0730-3594-4EDA-AAEF-75D583076612}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"UDP Query User{D03B47B5-D1D7-4317-A706-ED9EB43891AD}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D0AF568D-2AD3-47F1-B054-53AC294F468B}D:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{E013F960-8DC9-4F40-8663-B241E8E94D9A}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{E7FAEFC8-D3E2-4FC0-A54F-AAAAF3F275AE}C:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe |
"UDP Query User{F74E6033-3798-4196-85D3-088C62B2F51C}D:\programme\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=d:\programme\thq\company of heroes\reliccoh.exe |
"UDP Query User{FFD36144-5F41-41F3-8965-9E57EE4BC523}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06029DFB-9E17-410D-A1FE-7EB5F1A1E3FD}" = HOT ALBUM MYBOX
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0D5FAD7E-C1A2-4753-8A28-346A5CD42813}" = Defense Grid: The Awakening
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{11CA6E01-3992-4115-AB6E-D325552C166D}" = WEB.DE SmartSurfer AutoUpdate 5.2
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20140000-000F-0000-0000-0000000FF1CE}" = Microsoft Office Mondo 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0102-0409-0000-0000000FF1CE}" = Microsoft Office MondoOnly MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{433BF933-81D6-4646-A318-3DE5DB6108F2}" = Icewind Dale - Herz des Winters
"{47957648-B46A-4211-85E1-01A15B6A1B45}" = Ace of Spades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E2FAB2F-9004-40D6-8BF8-DB2F2DA16DEC}" = Crashday Patch#2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7AF32AB1-CB97-11D4-9607-0050BA84F5F7}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaos
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{9FB2CE8C-E86C-4368-B3C9-F472898F926E}" = Desert Storm
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3620221-A9E3-43AD-BDB9-985C88E85AC1}" = Silent Storm
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B785CA1C-3EA0-4EFC-91BC-330EC34555BA}" = GhostMaster
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D99DFFE0-EBB5-4A3E-8430-7995353E6870}" = Stranded 2
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E074FB23-D61B-4C6A-AD15-AB9695ED2EF7}" = Red Faction® II
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Labor Basisversion
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Black Prophecy_is1" = Black Prophecy
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Clonk Planet" = Clonk Planet
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"Cossacks : Back To War" = Cossacks - Back To War
"Counter-Strike Source 1.9.1" = Counter-Strike Source 1.9.1
"Cultures - Die Entdeckung Vinlands" = Cultures - Die Entdeckung Vinlands
"Defcon_is1" = Defcon v1.6
"Diablo II" = Diablo II
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"EVE" = EVE Online (remove only)
"Fallout 2" = Fallout 2
"Fallout New Vegas_is1" = Fallout New Vegas
"Fraps" = Fraps (remove only)
"FRITZ! 2.0" = AVM FRITZ!
"Glary Utilities_is1" = Glary Utilities 2.41.0.1358
"Greed Corp_is1" = Greed Corp
"Icewind Dale" = Icewind Dale
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{8047C1BD-BB4D-4C64-A8EF-A34A45D71F04}" = Xpand Rally Xtreme
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark X1100 Series" = Lexmark X1100 Series
"Little Fighter 2" = Little Fighter 2 version 2.0a
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.MONDO" = Microsoft Office Mondo 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PokerStars.net" = PokerStars.net
"Prototype_is1" = Prototype
"PunkBusterSvc" = PunkBuster Services
"Rekkaturvat" = Truck Dismount (remove only)
"RollerCoaster Tycoon Setup" = Roll
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"S4Uninst" = Die Siedler IV
"Sid Meier's Colonization" = Sid Meier's Colonization 1.0
"Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0
"Soldat_is1" = Soldat 1.4.2
"ST6UNST #1" = Defcon-5 WEP KeyGen
"ST6UNST #2" = Defcon-5 WEP KeyGen (C:\Program Files\WEP KeyGen\)
"ST6UNST #3" = Defcon-5 WEP KeyGen (C:\Program Files\WEP KeyGen\) #3
"StarCraft" = StarCraft
"Steam App 550" = Left 4 Dead 2
"The KMPlayer" = The KMPlayer (remove only)
"ThiefDeinstallKey" = Dark Project: Der Meisterdieb
"Thunder Brigade" = Thunder Brigade
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Vindictus EU" = Vindictus EU
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{8D722BFA-5764-4A36-85D1-839F991CF641}" = Space Siege Demo
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"StarOffice 7" = StarOffice 7
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
Mein Name wurde übrigens durch *** ersetzt. |
|
01.05.2012, 16:17
| #4 |
| /// Malware-holic | AW: TR/Atraps.Gen festgestellt hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
:OTL
SRV - [2011.11.12 19:08:16 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. führe jetzt lsp fix aus: LSPfix - Freeware - DE - Download.CHIP.eu teste ob alle browser funktionieren.
__________________ Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten! http://markusg.trojaner-board.de Wenn Ihr uns unterstützen möchtet |
|
01.05.2012, 19:17
| #5 |
| | AW: TR/Atraps.Gen festgestellt Leider kam die Antwort ein wenig spät, sodass ich jenes erst am Sonntag ausführen kann. Melde mich dann aber sofort |
|
01.05.2012, 19:20
| #6 |
| /// Malware-holic | AW: TR/Atraps.Gen festgestellt heut ist feiertag, das ist dir hoffendlich schon klar :-) da können antworten schon mal dauern.
__________________ Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten! http://markusg.trojaner-board.de Wenn Ihr uns unterstützen möchtet |
|
06.05.2012, 12:22
| #7 |
| | AW: TR/Atraps.Gen festgestellt wie könnte ich nur meinen Helfer anprangern, also ich bitte dich^^ sollte natürlich kein Vorwurf sein. Hier der OTL-Bericht: All processes killed ========== OTL ========== Service Update-Service stopped successfully! Service Update-Service deleted successfully! C:\Windows\System32\UpdSvc.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: *** ->Flash cache emptied: 3130812 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 41404 bytes ->Temporary Internet Files folder emptied: 1098260 bytes ->Java cache emptied: 1623987 bytes ->FireFox cache emptied: 49759010 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 757760 bytes %systemroot%\System32 .tmp files removed: 1598848 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 52,00 mb OTL by OldTimer - Version 3.2.42.2 log created on 05062012_120724 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Und Lsp-Fix hat keine Probleme gefunden, aber dennoch gehen die Browser nicht (Firefox, IE), aber das liegt auch daran, dass allgemein der Rechner sich nicht mit dem Internet verbinden kann. |
|
06.05.2012, 17:08
| #8 |
| /// Malware-holic | AW: TR/Atraps.Gen festgestellt start ausführen, tippe: cmd.exe strg+shift+enter nachfrage von uac bestätigen netsh winsock reset eingeben enter wenn keine fehlermeldung aufkommt: exit enter neustart, internet testen. ansonsten bescheid geben welche meldung auftritt
__________________ Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten! http://markusg.trojaner-board.de Wenn Ihr uns unterstützen möchtet |
|
07.05.2012, 09:37
| #9 |
| | AW: TR/Atraps.Gen festgestellt wenn ich netsh winsock reset eingebe, bräuchte ich erhöhte Rechte. Aber bevor ich das ausprobiert hatte, ging das Internet wieder ganz normal. Gestern nach Lsp-Fix ging es noch nicht. |
|
07.05.2012, 16:38
| #10 |
| /// Malware-holic | AW: TR/Atraps.Gen festgestellt deswegen solltest du die eingabeaufforderung genauso starten, wie ichs gesagt hatte. geht das internet für alle instalierten browser? internet explorer auch?
__________________ Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten! http://markusg.trojaner-board.de Wenn Ihr uns unterstützen möchtet |
|
| Stichworte zu TR/Atraps.Gen festgestellt |
| ahnung, anderen, anhang, avira, bericht, brauch, dateien, festgestellt, frage, funktioniert, gmer, guten, infiziert, laptop, länger, nicht mehr, nichts, programm, richtig, scan, startet, system32, tr/atraps.gen, trojaner, vista |
