| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoorporgramm Problem!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2010, 17:20
| #1 |
| |  Backdoorporgramm Problem! Hallo zusammen, mein Anti-Vir hat vor einigen Tagen ein Backdoorprogramm entdeckt. Dies versuchte ich zu löschen aber ohne "wirklichen" erfolg. Deshalb habe ich mein Antivirenprogramm gewechselt und habe jetzt Kapersky Anti-Virus. Laut Kasperspy hat es das Backdoorprogramm erfolgreich gelöscht, aber seit knapp 1Woche passieren ziemlich seltsame Sachen. Nicht nur das mein PC sehr viel langsamer geworden ist , sondern auch das beim Starten folge Nachricht kommt: Fehler beim Laden von C:/Users/MeinUserName/AppData/Local/Temp/attretup.dll Manchmal steht auch statt: "Das angegebene Modul wurde nicht gefunden" Zugriff verweigert!! Jetzt wollte ich Fragen ob das vielleicht immer noch das Backdoorprogramm ist oder auch etwas total anderes. Ich habe das Problem schon gegoogelt aber keine brauchbaren Tipps gefunden. Außerdem kenne ich mich nicht sooo gut mit dem PC aus. Ich hoffe ihr könnt mir helfen! (aber BITTE keine Computer-Fremdwörter benutzten xD) Mit freundlichen Grüßen DDDAlexDDD (P.S. Habe Windows Vista Home Premium wenn das weiter hilft  ) |
|
11.09.2010, 15:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdoorporgramm Problem! Hallo und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
11.09.2010, 20:30
| #3 |
| | Backdoorporgramm Problem! sooo hier einmal das von Malwarebytes:
__________________Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mdrestat (Trojan.Agent.U) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\MeinUserName\AppData\Roaming\chrtmp (Malware.Trace) -> No action taken. Und hier OTL Logdatei1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.09.2010 20:51:58 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Alex und Corinna\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,74 Gb Total Space | 12,73 Gb Free Space | 13,03% Space Free | Partition Type: NTFS Drive D: | 489,64 Gb Total Space | 438,26 Gb Free Space | 89,51% Space Free | Partition Type: NTFS Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEX-CORINNASPC Current User Name: Alex und Corinna Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Alex und Corinna\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) PRC - C:\Programme\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe (Fujitsu Siemens Computers GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) ========== Modules (SafeList) ========== MOD - C:\Users\Alex und Corinna\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3746.dll () SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva343) -- C:\Windows\System32\XDva343.sys File not found DRV - (oflpydin) -- C:\Users\ALEXUN~1\AppData\Local\Temp\oflpydin.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Users\ALEXUN~1\AppData\Local\Temp\EagleNT.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (ithsgt) -- C:\Windows\System32\drivers\ithsgt.sys () DRV - (lilsgt) -- C:\Windows\System32\drivers\lilsgt.sys () DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ffpro" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ffpro" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {ef468e5b-5b30-4136-a833-7f2e3a31afdf}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010070301 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 19:09:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 19:09:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.09.01 12:48:10 | 000,000,000 | ---D | M] [2009.08.30 12:05:51 | 000,000,000 | ---D | M] -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Extensions [2010.09.11 20:41:54 | 000,000,000 | ---D | M] -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions [2010.04.30 19:03:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.15 21:17:02 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.08.22 11:29:23 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.06.28 10:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.20 13:53:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.04 22:53:00 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.08.20 13:53:03 | 000,000,000 | ---D | M] (2Shared Toolbar) -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf} [2010.07.05 18:14:41 | 000,000,000 | ---D | M] -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\multipletab@piro.sakura.ne.jp [2010.08.22 11:29:23 | 000,000,000 | ---D | M] -- C:\Users\Alex und Corinna\AppData\Roaming\mozilla\Firefox\Profiles\mxpup8ml.default\extensions\sam@samfind.com [2009.11.20 19:21:26 | 000,000,917 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\conduit.xml [2010.09.11 10:43:20 | 000,000,950 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-1.xml [2010.02.20 13:48:26 | 000,000,954 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-2.xml [2010.03.16 18:04:49 | 000,000,943 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-3.xml [2010.03.23 23:39:00 | 000,000,943 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-4.xml [2010.04.09 16:52:03 | 000,000,943 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-5.xml [2010.06.27 13:10:12 | 000,000,943 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-6.xml [2010.08.01 15:25:59 | 000,000,950 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-7.xml [2010.09.09 19:10:05 | 000,000,950 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin-8.xml [2010.06.28 10:49:31 | 000,000,168 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin.gif [2010.06.28 10:49:31 | 000,000,618 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin.src [2010.04.22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\icqplugin.xml [2009.12.05 00:15:51 | 000,003,915 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Mozilla\FireFox\Profiles\mxpup8ml.default\searchplugins\sweetim.xml [2010.09.03 18:44:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.05 21:53:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.12.04 00:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.30 22:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.03 18:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.01 12:49:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.02 18:11:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.10.02 16:36:29 | 000,002,487 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml [2010.08.02 18:11:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.02 18:11:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.02 18:11:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.02 18:11:03 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.16 12:19:00 | 000,352,008 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 12067 more lines... O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\System32\gigagetbho_v10.dll (Giganology Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Gigaget] C:\Program Files\Giganology\Gigaget\GigagetShell.exe (Giganology Inc.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [KeyConfiguration] C:\Program Files\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [fukkuukkkk.exe] C:\fukkuukkkk.exe\fukkuukkkk.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [MdReSTAT] C:\Users\ALEXUN~1\AppData\Local\Temp\attretup.DLL File not found O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Wallpaper4U] C:\Program Files\Wallpaper4U\Wallpaper4U.exe File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Alex und Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10-Registrierung.lnk = D:\Fifa10\Support\EAregister.exe (Leader Technologies) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: &Download All by Gigaget - C:\Programme\Giganology\Gigaget\getAllurl.htm () O8 - Extra context menu item: &Download by Gigaget - C:\Programme\Giganology\Gigaget\geturl.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Users\Alex und Corinna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Alex und Corinna\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.09.04 08:10:22 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{cc2a18fe-2a64-11de-8504-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cc2a18fe-2a64-11de-8504-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.09.04 08:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.11 20:48:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Alex und Corinna\Desktop\OTL.exe [2010.09.11 18:32:52 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\AppData\Roaming\Malwarebytes [2010.09.11 18:32:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.11 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.11 18:32:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.11 18:32:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.11 17:23:55 | 002,933,760 | ---- | C] (www.fifacz.com) -- C:\Users\Alex und Corinna\Desktop\editor.exe [2010.09.11 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Money ML 2010 Tool by MxSoniC [2010.09.10 17:08:42 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe [2010.09.10 17:08:41 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe [2010.09.10 17:08:41 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe [2010.09.10 17:08:41 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe [2010.09.10 17:08:41 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe [2010.09.10 17:08:40 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe [2010.09.10 17:08:40 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe [2010.09.10 17:08:40 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe [2010.09.10 17:08:39 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe [2010.09.10 17:08:39 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe [2010.09.10 17:08:39 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\System32\Process.exe [2010.09.10 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\AppData\Roaming\vlc [2010.09.10 17:01:26 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.09.07 21:07:34 | 001,235,456 | ---- | C] (CheatHappens) -- C:\Users\Alex und Corinna\Desktop\Pro Evolution Soccer 2010 Trainer.exe [2010.09.07 19:02:32 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\PES2010Patch103 [2010.09.06 17:01:02 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Documents\PESEdit [2010.09.06 16:57:55 | 000,000,000 | ---D | C] -- C:\Programme\PESEdit [2010.09.05 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Documents\Vokabeln2 [2010.09.03 18:45:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.09.03 18:44:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.03 18:44:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.03 18:44:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.03 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Neuer Ordner [2010.09.03 16:05:58 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.09.03 16:04:58 | 000,000,000 | ---D | C] -- C:\Programme\T4E Player [2010.09.01 12:47:19 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2010.09.01 12:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.09.01 12:46:55 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.09.01 12:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.09.01 11:43:43 | 104,076,528 | ---- | C] (Kaspersky Lab) -- C:\Users\Alex und Corinna\Desktop\kav11.0.0.232de.exe [2010.08.31 22:08:16 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware [2010.08.31 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Documents\Anti-Malware [2010.08.31 16:41:42 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC30U.DLL [2010.08.31 16:41:42 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCO30U.DLL [2010.08.31 16:41:42 | 000,133,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCANS32.DLL [2010.08.31 16:41:42 | 000,133,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCO30.DLL [2010.08.31 16:41:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCUIW32.DLL [2010.08.31 16:41:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCUIA32.DLL [2010.08.31 16:41:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCD30.DLL [2010.08.31 16:41:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCN30U.DLL [2010.08.31 16:41:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCN30.DLL [2010.08.31 16:41:41 | 000,322,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC30.DLL [2010.08.31 16:41:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC30DEU.DLL [2010.08.31 16:41:41 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CTL3DNT.DLL [2010.08.31 16:41:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CTL3D95.DLL [2010.08.31 16:41:26 | 000,000,000 | ---D | C] -- C:\Programme\Brief-Druckerei [2010.08.30 16:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Apollox Tools [2010.08.30 15:09:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\pack [2010.08.30 15:09:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\icon [2010.08.30 15:04:07 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Neuer Ordner (4) [2010.08.30 15:00:37 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Lead-Rain2 [2010.08.28 21:25:19 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Chucky [2010.08.26 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Documents\FM10_temp [2010.08.26 15:06:27 | 000,000,000 | ---D | C] -- C:\Programme\Fifa Master [2010.08.26 13:02:33 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Chucky (2Good Client) [2010.08.22 13:58:19 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll [2010.08.22 13:58:18 | 000,000,000 | ---D | C] -- C:\Programme\Cheat Engine [2010.08.21 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Pservermt2-Client by Justin 18.08.10 [2010.08.21 08:13:54 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2010.08.18 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Documents\Unregelmäßige Verben [2010.08.17 22:20:49 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Documents\Vokabeln [2010.08.17 22:12:33 | 000,000,000 | ---D | C] -- C:\Programme\Teachmaster 4.3 [2010.08.17 22:05:07 | 000,000,000 | ---D | C] -- C:\Programme\Belearn 7 [2010.08.17 13:54:42 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Neuer Ordner (3) [2010.08.15 08:56:28 | 000,000,000 | ---D | C] -- C:\Users\Alex und Corinna\Desktop\Metin2 [2010.08.13 16:01:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MSSoap [2010.08.13 16:01:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Motorola Shared [2010.08.13 16:01:14 | 000,000,000 | ---D | C] -- C:\Programme\Motorola [2010.08.13 14:03:24 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.13 14:03:23 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.13 13:36:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.13 13:36:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.13 13:36:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.13 13:36:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.13 13:36:55 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.13 13:36:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.13 13:36:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.13 13:36:55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.13 13:36:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.13 13:36:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.13 13:36:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.13 13:36:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.13 13:36:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.13 13:36:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.13 13:36:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.13 13:36:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.13 13:36:47 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.13 13:36:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll ========== Files - Modified Within 30 Days ========== [2010.09.11 21:21:49 | 008,126,464 | -HS- | M] () -- C:\Users\Alex und Corinna\NTUSER.DAT [2010.09.11 20:48:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Alex und Corinna\Desktop\OTL.exe [2010.09.11 20:22:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.11 20:22:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.11 20:10:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.11 20:10:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.11 18:32:38 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.11 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2010.09.11 17:15:58 | 000,001,436 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\T4EPlayer.conf [2010.09.11 10:10:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.11 10:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.10 22:56:46 | 000,524,288 | -HS- | M] () -- C:\Users\Alex und Corinna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.10 22:56:46 | 000,065,536 | -HS- | M] () -- C:\Users\Alex und Corinna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.10 22:56:18 | 004,700,556 | -H-- | M] () -- C:\Users\Alex und Corinna\AppData\Local\IconCache.db [2010.09.10 21:51:03 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD9BE6BC-8F12-4671-89C2-5B865B98E93A}.job [2010.09.10 17:17:45 | 001,555,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.10 17:17:45 | 000,668,882 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.10 17:17:45 | 000,629,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.10 17:17:45 | 000,144,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.10 17:17:45 | 000,118,890 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.10 17:09:01 | 000,006,898 | ---- | M] () -- C:\Windows\System32\tmp.reg [2010.09.06 22:24:11 | 000,000,366 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Vokabeln2.aw [2010.09.06 22:24:11 | 000,000,062 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Vokabeln2.kk [2010.09.06 18:32:41 | 000,006,887 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Vokabeln2.vok2 [2010.09.06 17:01:29 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\2010 FIFA World Cup.lnk [2010.09.03 16:04:59 | 000,000,829 | ---- | M] () -- C:\Users\Alex und Corinna\Desktop\T4E Player.lnk [2010.09.03 13:48:48 | 000,000,768 | ---- | M] () -- C:\Users\Alex und Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10-Registrierung.lnk [2010.09.01 13:29:58 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.09.01 13:29:57 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.09.01 12:46:55 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.09.01 12:25:43 | 104,076,528 | ---- | M] (Kaspersky Lab) -- C:\Users\Alex und Corinna\Desktop\kav11.0.0.232de.exe [2010.08.31 22:08:33 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2010.08.31 16:41:44 | 000,000,766 | ---- | M] () -- C:\Users\Alex und Corinna\Desktop\Brief-Druckerei.lnk [2010.08.30 16:41:44 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\Apollox Realistic Gameplay Switcher.lnk [2010.08.26 16:27:37 | 000,000,681 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.32.lnk [2010.08.26 15:06:29 | 000,001,056 | ---- | M] () -- C:\Users\Alex und Corinna\Desktop\MM 10.lnk [2010.08.22 13:58:20 | 000,000,798 | ---- | M] () -- C:\Users\Alex und Corinna\Desktop\Cheat Engine.lnk [2010.08.19 19:16:36 | 000,000,312 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Vokabeln.aw [2010.08.19 19:16:36 | 000,000,056 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Vokabeln.kk [2010.08.18 20:25:19 | 000,000,046 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Unregelmäßige Verben.kk [2010.08.18 17:55:36 | 000,005,542 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Unregelmäßige Verben.vok2 [2010.08.17 22:40:09 | 000,006,074 | ---- | M] () -- C:\Users\Alex und Corinna\Documents\Vokabeln.vok2 [2010.08.17 22:12:33 | 000,000,906 | ---- | M] () -- C:\Users\Alex und Corinna\Desktop\Teachmaster 4.3.lnk [2010.08.13 16:09:49 | 000,298,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.13 16:02:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf ========== Files Created - No Company Name ========== [2010.09.11 18:32:38 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.10 17:09:01 | 000,006,898 | ---- | C] () -- C:\Windows\System32\tmp.reg [2010.09.10 17:08:40 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe [2010.09.10 17:08:39 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe [2010.09.10 17:08:39 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe [2010.09.06 17:01:29 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\2010 FIFA World Cup.lnk [2010.09.05 19:25:39 | 000,000,366 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Vokabeln2.aw [2010.09.05 19:23:09 | 000,000,062 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Vokabeln2.kk [2010.09.05 19:21:53 | 000,006,887 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Vokabeln2.vok2 [2010.09.03 16:04:59 | 000,000,829 | ---- | C] () -- C:\Users\Alex und Corinna\Desktop\T4E Player.lnk [2010.09.01 12:49:09 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.09.01 12:49:09 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.08.31 22:08:33 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2010.08.31 16:41:44 | 000,000,766 | ---- | C] () -- C:\Users\Alex und Corinna\Desktop\Brief-Druckerei.lnk [2010.08.31 16:41:41 | 000,001,161 | ---- | C] () -- C:\Windows\DB Adress.dat [2010.08.31 16:41:41 | 000,000,567 | ---- | C] () -- C:\Windows\DB Absender.dat [2010.08.30 16:41:44 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\Apollox Realistic Gameplay Switcher.lnk [2010.08.26 16:27:37 | 000,000,681 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.32.lnk [2010.08.26 15:06:29 | 000,001,056 | ---- | C] () -- C:\Users\Alex und Corinna\Desktop\MM 10.lnk [2010.08.22 13:58:20 | 000,000,798 | ---- | C] () -- C:\Users\Alex und Corinna\Desktop\Cheat Engine.lnk [2010.08.22 13:58:19 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.08.18 17:48:22 | 000,000,046 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Unregelmäßige Verben.kk [2010.08.18 17:33:11 | 000,005,542 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Unregelmäßige Verben.vok2 [2010.08.17 22:33:34 | 000,000,312 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Vokabeln.aw [2010.08.17 22:18:10 | 000,000,056 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Vokabeln.kk [2010.08.17 22:17:37 | 000,006,074 | ---- | C] () -- C:\Users\Alex und Corinna\Documents\Vokabeln.vok2 [2010.08.17 22:12:33 | 000,000,906 | ---- | C] () -- C:\Users\Alex und Corinna\Desktop\Teachmaster 4.3.lnk [2010.08.13 16:02:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf [2010.08.02 17:28:34 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.08.01 17:49:25 | 000,000,363 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.06.02 21:47:04 | 000,045,056 | ---- | C] () -- C:\Users\Alex und Corinna\AppData\Roaming\chrtmp [2010.04.30 18:27:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.02 16:07:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.10 16:24:33 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys [2009.10.10 16:24:21 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys [2009.10.06 15:39:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.13 16:05:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.13 16:05:27 | 000,022,328 | ---- | C] () -- C:\Users\Alex und Corinna\AppData\Roaming\PnkBstrK.sys [2009.09.13 16:05:09 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2009.08.22 20:55:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.06.20 14:06:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.06.04 18:38:13 | 000,000,009 | ---- | C] () -- C:\Users\Alex und Corinna\AppData\Roaming\mdb.bin [2009.06.04 17:53:08 | 000,000,104 | ---- | C] () -- C:\Users\Alex und Corinna\AppData\Local\fusioncache.dat [2009.06.03 17:49:07 | 000,029,184 | ---- | C] () -- C:\Users\Alex und Corinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.03 12:00:22 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.01.07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > Geändert von DDDAlexDDD (11.09.2010 um 20:56 Uhr) |
|
11.09.2010, 20:32
| #4 |
| | Backdoorporgramm Problem! Und hier Nummer 2 :OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.09.2010 20:51:58 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Alex und Corinna\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,74 Gb Total Space | 12,73 Gb Free Space | 13,03% Space Free | Partition Type: NTFS
Drive D: | 489,64 Gb Total Space | 438,26 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ALEX-CORINNASPC
Current User Name: Alex und Corinna
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" File not found
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E96C53-6758-4313-9D8C-97FBCBBC8465}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{027A13DB-C90C-4782-A5AA-704B46590C98}" = rport=137 | protocol=17 | dir=out | app=system |
"{05FFCD27-7D67-49B8-8174-09C7FB951BBA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0752B987-5D62-4EFD-97D6-47117BE6BBD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0CF5EE49-C8EC-466D-A4D8-608ED504378F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{15956021-C4BB-42AD-BE42-063B8F49DDB7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1A68806B-EFEC-4A09-8470-648DB111E6A2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{1C2E9467-6B8A-4BAE-9F0D-8304013894FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1D4F562E-1C15-4DD9-8FC5-47A39DD623A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F7B1677-ECD6-4191-959A-7311B39750F0}" = rport=2869 | protocol=6 | dir=out | app=system |
"{3AD36C68-D222-46BE-977C-59C7625FA1CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{4039B68A-682F-4A0E-9FF5-3820E842054C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{434D13F1-1D71-4AA2-B0AC-082E4072F887}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |
"{4527BA5B-B391-4726-9FA3-88108FD03737}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45835C3B-3EB8-44C7-8DBA-C4C126545125}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{474CCA58-9D1E-4B70-9A1E-3F6DB95DAB8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{4D4271E5-8023-44E5-9608-32BA38166E90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F44DDC2-1440-40C0-B5F3-C3C3CBB0F930}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63E4E2CE-2456-47B8-95D9-ADC02A50FA69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{713ED071-4C2F-46F2-A7B5-15C9AD828470}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F2ED456-EADB-4764-9CE6-FC7B6E844935}" = lport=10243 | protocol=6 | dir=in | app=system |
"{804B6BA3-2182-4F68-A19A-BBD86E524B2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A3395D4-B46A-4A77-B517-C145FD0DF95D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{9250E188-A960-4804-A891-9FC25999164D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{98200EA9-E0C9-49FE-A86C-87AD621AA33F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9BCDF768-B465-45A7-ADAE-11F3086FD3C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D1CEF18-15B4-4A3F-B4DC-8A9ED554C30A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0EFB4FE-7AE4-405D-8CD1-92297771F886}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4A35482-7F18-4E6C-8B27-21A78CE21D6B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA34DF2D-FEB2-4AB0-AA18-B64D8B19ADE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B712BB09-95FE-4087-86E2-C6A3C4A48581}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C62CA7FE-D157-4B82-AD83-48D57C718F5A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7F015DD-5E04-4CC0-AD17-51FC7A39D630}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA3CE874-6DFB-4985-B796-27B2A075EE3D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{D0ACB531-C720-4043-85BE-CCFE12878E9C}" = lport=139 | protocol=6 | dir=in | app=system |
"{DD652AF2-DB8E-454C-8EC3-25A8D0F04C99}" = lport=50522 | protocol=6 | dir=in | name=akamai netsession interface |
"{E50119B3-0F44-4C72-A6A8-1FE57FF43FA2}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0B2AB79-7E2E-404A-902C-92FCDC941694}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1D2C8B9-3310-4E21-BAB8-3EEB4CDA54A1}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023596EF-39D6-402A-805A-2A5DF6AA50FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BFA34D2-A1EE-47DD-A9D2-B1019067BB93}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{12C2A4A8-DA40-4A04-A63F-6F551557848F}" = protocol=6 | dir=in | app=c:\comeonbaby\coragent.exe |
"{13DED618-86F1-49A0-9622-85EA6087DB3D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2205799B-30F6-444B-BC3C-5E012F32D405}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{222A34FC-4C27-4CD5-BCA8-CA3716D006AF}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{26C76DB1-824A-4D8C-88A6-B7CBFE67EFC4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2BCD2321-3F14-4AA2-BC37-69566855CCAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{37B8975B-0017-4DF1-A5C9-C3B94AAA0044}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CCE9458-A834-4336-B97B-0D1C9DB374B2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4070ACFC-B434-4089-9D6B-13814C50D1E7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{42D4C87D-812C-40CF-8B04-FFFFB42DDF88}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43DDDAE6-AD43-4B77-B461-A1EC3992CB67}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4728C882-E8C1-46D0-BA3A-6F6561AF99D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{499394AE-6548-42AD-B624-B6B253E7BB8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50F263EA-3ACC-4E82-8F05-98FBC4D0ED78}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{54595614-D97F-4C9B-8161-F20C3DBC389F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6252B2FB-D0BD-43EE-AD20-91B17AC65C39}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{6434F4F9-1181-47E6-A02D-52D9E4172442}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6EFE2AD2-B5BE-4B45-A3B3-8D01A8C94302}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7041363D-55FB-4924-9CA8-826E278C647B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72786A60-2291-4647-8565-9D3DAD9FC270}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{74299E6A-6797-48E4-A953-C3A42AE9D644}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{748CC489-F164-425C-BC51-14D09B72A2B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF32A64-C2D3-4BAA-9E19-B585A336A0A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83E31A27-BAEA-4DCD-865F-96B8710E30B9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{957ED6B1-842D-4243-A003-3A699FD94427}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{999FA691-EF2F-4D71-A918-1C1C02A34663}" = protocol=6 | dir=out | app=system |
"{9AA06D8A-7566-4971-9F12-8CFF826695CE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9E44F149-1368-4BDD-B8EC-F817A2CFFA6B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9FD65CDD-4960-4389-B4E5-F487EDE5E4E3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A4574E3D-A577-4C88-BE63-841644B0F624}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A52CF7C5-3A4C-4B1E-BE64-5727E157E4B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A75EA8FE-471D-4EB4-80E1-330E5F0C4411}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{A7E61321-4066-4611-B4DF-34C12264816C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7EA36D3-31D7-45B8-B8FC-600627F4B8DF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ACDC7DA7-A4C0-418C-90BD-9752A9909E6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD825E8E-861C-4F95-B773-A562EAA2DF66}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5ED0732-A65A-4EEA-8205-912E30DD870F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{B94B078C-1BD2-4E8E-8D9F-FFE3EEFDA41B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{BB443552-FD7A-4EE8-A53B-5D36F3A6490F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE5CE980-01E3-4E83-A69C-33184F629A60}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BEBA7741-6850-4274-8653-29D879259F85}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CC9780C1-4C0A-443E-9038-3B7D32023B38}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D09AE6D3-1342-49E5-BC24-0B42EB781BC3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{D287E967-5DE5-4E2A-9DC3-134031DC2450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D56D5024-9F51-4FE6-B15C-8A5ACB9D7485}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D62A7456-C4BC-469A-93EA-B028366A524C}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{DAD6E28C-DD22-4236-B37B-7E8F5CC7F070}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1F77B6B-1373-4926-A33D-191631E36706}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE1FA28B-82C4-49CB-A619-DA53D5B73FED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F10E812B-A19B-4C56-8A5E-626E1155B906}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F17FF3C1-5FE7-45A5-A7C6-EB8DD9E51E76}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F1EF98F4-E017-41CE-9963-5CEC11373C69}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F451CB3C-4C1A-431D-88DB-0063CCD76C21}" = protocol=17 | dir=in | app=c:\comeonbaby\coragent.exe |
"{F5057C49-40CD-41E7-B25B-586C94B447A3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FFC1E52F-40A2-4100-A794-03234C5285E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{06C1B681-1994-4C56-A7B9-132900095597}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\worldmt2.exe |
"TCP Query User{06F39B80-8BBB-4564-8063-4EB79DA8C0CA}C:\users\alex und corinna\desktop\neuer ordner (3)\germanserver1.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\germanserver1.exe |
"TCP Query User{072F0EC1-889C-42CD-B483-97AFA8AA2E8D}C:\users\alex und corinna\desktop\p-server(s)\old school\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\old school\mc.exe |
"TCP Query User{07B721D0-4AC4-4453-963F-B41B5DE6F3FF}C:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe |
"TCP Query User{090721D6-70E6-401A-B84C-F77A020A88DE}C:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe |
"TCP Query User{0C806FEC-589B-49BE-AD56-F6A5E2C3E776}C:\users\alex und corinna\desktop\p server\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p server\mc.exe |
"TCP Query User{0CC7A5D7-BFDB-4A99-9E0B-2534FE459141}C:\users\alex und corinna\desktop\metin2\local.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\metin2\local.exe |
"TCP Query User{0FCB8F8C-E60C-4AFD-B9DC-E36EA1A68E8E}C:\users\alex und corinna\desktop\deathmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\deathmt2\mc.exe |
"TCP Query User{16481B71-FE2F-41EB-9628-FF399A566BB0}C:\users\alex und corinna\desktop\gumgummt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\gumgummt2\mc.exe |
"TCP Query User{1668EFBA-A1E2-49CA-874C-7C71108FF44A}C:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe |
"TCP Query User{1695F17E-6279-408D-93D2-9948F42D6FDD}C:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe |
"TCP Query User{19AC058D-D1AC-48AF-ACFC-BC650236CD4F}C:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe |
"TCP Query User{1AC72A24-F079-49AE-B7DD-F0795BB93B24}C:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe |
"TCP Query User{1C34579A-23FD-4DC3-9244-2B32BEC16ACC}C:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe |
"TCP Query User{201AA974-A03B-485A-B17F-EC9783CF9ADF}C:\users\alex und corinna\desktop\p-server(s)\china\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\china\mc.exe |
"TCP Query User{2029AE2C-26D7-488A-A1E0-7C0D3A8EB41C}C:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe |
"TCP Query User{20EA7594-1014-43E9-BBC5-322645534147}C:\users\alex und corinna\desktop\neuer ordner (4)\metin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\metin2.exe |
"TCP Query User{2142AFC9-74BB-4013-A5E5-4A847CD0BE43}C:\users\alex und corinna\desktop\worldmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\mc.exe |
"TCP Query User{22E07127-DC11-430E-A3FF-055BB24C2E2B}C:\users\alex und corinna\desktop\p-server(s)\deathmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\deathmt2\mc.exe |
"TCP Query User{2679D1DF-3E55-4845-AF7E-E177BF1D4502}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{2D2B9672-A80F-486D-896D-A33F5F9348FF}C:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe |
"TCP Query User{2D589C0A-1317-49B4-B646-11843F9ED980}C:\users\alex und corinna\desktop\p-server (metin2)\china\5imt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server (metin2)\china\5imt2.exe |
"TCP Query User{2DFD86A8-09E8-486F-899E-68B5B08EEA47}C:\users\alex und corinna\desktop\warcraft 3\war3.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\warcraft 3\war3.exe |
"TCP Query User{2F263901-39A7-4B39-B384-CD57687A521B}D:\swb2\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\swb2\gamedata\battlefrontii.exe |
"TCP Query User{3191ADEA-41D8-4BB1-9AE6-555521D37692}C:\users\alex und corinna\desktop\p-server(s)\china\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\china\mc.exe |
"TCP Query User{31DC7D3A-1ACF-4F7B-98B8-035FC8E812AF}C:\users\alex und corinna\desktop\magnetmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\magnetmt2\mc.exe |
"TCP Query User{31E11028-82B4-4824-BB4C-4AB99D5626E8}C:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe |
"TCP Query User{32138670-0FD7-4F81-90F7-0A77EF4E0FBD}C:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe |
"TCP Query User{34950041-B971-4370-AA85-E5957B65C7F1}C:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe |
"TCP Query User{374286AE-5B11-4EB7-A01B-6D2B5E6FF367}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe |
"TCP Query User{387BB848-FBB8-48E2-ACAE-7E5423C33480}C:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe |
"TCP Query User{3A94B1CB-4D57-4B27-87EE-AB2D9DD03530}C:\users\alex und corinna\desktop\neuer ordner\finalm2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\finalm2.exe |
"TCP Query User{3C24A69C-B402-4B42-8742-97465E6F1055}C:\users\alex und corinna\desktop\longju3 und vicelin34mt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\longju3 und vicelin34mt2\mc.exe |
"TCP Query User{3C47E47F-D5A3-4B72-98D1-F75B030B5E21}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{3CC2371E-252A-4CC2-9D01-D1D0A96266D2}C:\users\alex und corinna\desktop\snickimt2\modified-client_v3.5\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\snickimt2\modified-client_v3.5\mc.exe |
"TCP Query User{3DE6E5C8-8D4B-4E0F-91F3-C31790E3D158}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe |
"TCP Query User{3E12CAAE-CD87-4790-971B-A1646E79CDFD}C:\users\alex und corinna\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\program files\dna\btdna.exe |
"TCP Query User{3F9BA3E9-3E18-4732-8FD2-98104078FE95}C:\users\alex und corinna\desktop\p-server(s)\gumgummt2\matrixmt2_server2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\gumgummt2\matrixmt2_server2.exe |
"TCP Query User{4342FA51-DE4D-4E42-9CB9-8A71C21C3FF1}C:\program files\fantasymt2\fantasymt2.exe" = protocol=6 | dir=in | app=c:\program files\fantasymt2\fantasymt2.exe |
"TCP Query User{44058442-16E6-4FC2-AAF3-EDEAA4B14620}C:\users\alex und corinna\desktop\p-server(s)\spiritmt2\spiritmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\spiritmt2\spiritmt2.exe |
"TCP Query User{44BD99FB-5AC0-40FC-8032-C451AE9F3D44}C:\users\alex und corinna\desktop\worldmt2\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\worldmt2.exe |
"TCP Query User{4978C16C-F46A-45D3-8598-7995BD01FB9E}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{4AC5A455-5114-4158-A2CA-AC8EC207F68C}C:\users\alex und corinna\desktop\neuer ordner\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\mc.exe |
"TCP Query User{4BEBE5A6-421B-4D52-A893-9562D15AADB5}C:\users\alex und corinna\desktop\p-server(s)\metin2\metin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\metin2\metin2.exe |
"TCP Query User{4C080AEF-1598-428A-AD8E-3AD469144331}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (8)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (8)\mc.exe |
"TCP Query User{4C4E4F41-5E6C-4E58-8D3B-F2FEB3AE458E}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\neuer ordner (7)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\neuer ordner (7)\mc.exe |
"TCP Query User{4CEAA767-5659-4527-B866-E2FF5BF7B339}D:\metin2\ohne patch.exe" = protocol=6 | dir=in | app=d:\metin2\ohne patch.exe |
"TCP Query User{5051B3BC-A8C1-43FE-A4DB-46D044117EA6}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"TCP Query User{51094967-0446-4EBD-962F-9334E2C76316}C:\users\alex und corinna\desktop\neuer ordner (5)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (5)\mc.exe |
"TCP Query User{528D0436-93A1-4B52-8B53-B40C29707A48}C:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe |
"TCP Query User{53AAAE00-EB2C-4600-8463-BF28FE9A8A07}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{64B8FB80-0F2D-4AEA-81D7-49A502999E6B}C:\users\alex und corinna\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\program files\dna\btdna.exe |
"TCP Query User{65B7FC8B-3C7F-4D75-A0C0-73928F878BE3}C:\users\alex und corinna\desktop\p-server(s)\versuch2\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\versuch2\worldmt2.exe |
"TCP Query User{661841B7-2140-4E95-88BB-6F9418BF22D7}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (2)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (2)\mc.exe |
"TCP Query User{6B727E5F-D4BE-4C91-BF98-BB1052134631}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{6BDFAE5C-DB7C-4B83-A9CE-B7BF94F46401}C:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe |
"TCP Query User{6E1FF5BB-5A89-42DA-8562-02AFB01A585C}C:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe |
"TCP Query User{6F98C651-EF86-49F2-A14C-C2B809CA8665}C:\users\alex und corinna\desktop\p-server(s)\server\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\server\mc.exe |
"TCP Query User{73C0DC10-154F-4D27-8DAC-013E50DE4868}C:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe |
"TCP Query User{753883BE-25E3-4DD0-804E-6D0DF1D877AF}C:\users\alex und corinna\desktop\atzenmt2\modified-client_v3.5\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\atzenmt2\modified-client_v3.5\mc.exe |
"TCP Query User{7798FA04-D4B2-4367-8DF1-35CAF5511E23}C:\users\alex und corinna\desktop\neuer ordner (4)\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe |
"TCP Query User{77ACE3ED-A72F-4F15-95DC-16B56C7B18CF}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{77C10A38-A006-4EDE-8F08-5DA2D5571FCE}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{78528934-A565-437A-8104-911D1D66AFB9}C:\users\alex und corinna\desktop\worldmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\mc.exe |
"TCP Query User{7963615C-376A-41CB-A0A7-98C1B81CDF27}C:\users\alex und corinna\desktop\p-server(s)\deathmt2\metorymt2.exe.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\deathmt2\metorymt2.exe.exe |
"TCP Query User{79C05B00-65AA-41D4-B6B3-98B4E4159451}C:\users\alex und corinna\desktop\neuer ordner (4)\rct.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\rct.exe |
"TCP Query User{79EE6579-1C94-4383-8BEA-B2DB56D4C4D1}C:\users\alex und corinna\desktop\neuer ordner (5)\metin2.bin" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (5)\metin2.bin |
"TCP Query User{7AE37FDF-2549-467C-93F5-32D85C3CB933}C:\users\alex und corinna\desktop\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\metin2\metin2client.bin |
"TCP Query User{7B64D5E6-F20E-4B41-9FA1-1B770C273CCA}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{7F7B5C35-9E07-4A5F-A8BC-546F6BE8385A}C:\users\alex und corinna\desktop\haha\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\haha\mc.exe |
"TCP Query User{81D5B8A5-C44C-486C-AA90-1A639497E996}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{8315EF53-7C28-4B96-B361-BC18F2AEDA97}C:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\metin2starter.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\metin2starter.exe |
"TCP Query User{846CE2F8-BD38-4443-8D3B-5446AF7A7E80}D:\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\metin2\metin2.bin |
"TCP Query User{862D981B-32FB-4722-AB3A-1D2BA2742173}C:\users\alex und corinna\desktop\neuer ordner\germanserver2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\germanserver2.exe |
"TCP Query User{86AD1085-F7E2-4901-AD5F-C60F98605174}C:\users\alex und corinna\desktop\worldmt2 und worldlongju\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2 und worldlongju\worldmt2.exe |
"TCP Query User{86F052D6-034D-40A9-BF0E-9691B58B711D}C:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe |
"TCP Query User{87FE6CAF-E298-4094-BBEB-908BAB6230AD}C:\program files\metin2_germany\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"TCP Query User{8A5D8A8A-C9F7-488C-8FD1-0CAB50547BF5}C:\users\alex und corinna\desktop\neuer ordner (7)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\mc.exe |
"TCP Query User{8BCF84EE-3A19-4BA4-8241-834CCECE671C}C:\users\alex und corinna\desktop\neuer ordner (5)\new_world2_de_by_angelandi (1).exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (5)\new_world2_de_by_angelandi (1).exe |
"TCP Query User{8E1D97E1-5D9C-4476-B0ED-923D54FCAAF4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{8E24067B-1F1B-4E60-89C1-519182096C5B}C:\users\alex und corinna\desktop\portmap.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\portmap.exe |
"TCP Query User{910F6FE0-991A-47A7-AFE6-4B6830D49805}C:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe |
"TCP Query User{918B1974-5B1E-42F8-8573-2F4188D87574}C:\users\alex und corinna\desktop\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\metin2\metin2.bin |
"TCP Query User{92139CC3-20C3-4B44-8EA6-B968D9B2065A}C:\users\alex und corinna\desktop\neuer ordner (7)\newmt2_reloaded_de.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\newmt2_reloaded_de.exe |
"TCP Query User{94909EDC-D809-4401-BF06-76602F2A5410}C:\users\alex und corinna\desktop\p-server(s)\worldmt2 und worldlongju\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\worldmt2 und worldlongju\worldmt2.exe |
"TCP Query User{96B97911-05FC-47A8-9B25-E350BB09E59C}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe |
"TCP Query User{96E04285-C83A-4E5E-818F-8FD7EC3B8CBD}C:\users\alex und corinna\desktop\neuer ordner\germanserver1.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\germanserver1.exe |
"TCP Query User{9BA215FC-1241-4FE9-998F-445694DCFB2A}C:\users\alex und corinna\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\alex und corinna\appdata\local\virtualstore\program files\metin2_germany\metin2.bin |
"TCP Query User{9DD058C4-4FE6-48A7-ABF1-07946F26387B}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe |
"TCP Query User{9DE52FBC-55CD-48C4-95FC-8660765C1F4E}C:\users\alex und corinna\desktop\p-server(s)\versuch\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\versuch\worldmt2.exe |
"TCP Query User{A1416622-E3B1-433C-B47A-797FFEA5FBC9}C:\users\alex und corinna\desktop\newmt2\newmt2_reloaded_de.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\newmt2\newmt2_reloaded_de.exe |
"TCP Query User{A2447B94-D5A3-4527-9503-6CC3F3EC6562}C:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\mc.exe |
"TCP Query User{A2683F79-98A3-4DF5-B752-71C5F30E3ABC}C:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe |
"TCP Query User{A3D87959-1588-469A-AFD3-7483EC58ECFB}C:\program files\giganology\gigaget\gigaget.exe" = protocol=6 | dir=in | app=c:\program files\giganology\gigaget\gigaget.exe |
"TCP Query User{A424A80A-9DA0-40F3-A35E-A6052A51EA61}C:\users\alex und corinna\desktop\neuer ordner\finalm2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\finalm2.exe |
"TCP Query User{A657C2D7-9F09-4642-B66E-A7F978C746AA}C:\users\alex und corinna\desktop\p-server(s)\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\godmt2-reloaded\client\godmt2-reloaded.exe |
"TCP Query User{A6A6A308-8246-48F4-B6D7-BAF9D4B8205A}C:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe |
"TCP Query User{A6D0A7FE-3E27-4657-B33C-EFF5424E3F19}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\metorymt2.exe.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\metorymt2.exe.exe |
"TCP Query User{A99F45CF-9D0B-42EA-9970-DAD6564F11B0}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{AAD4C533-9CEF-4EEB-AD91-52E5D9F09ED3}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\nrgmetin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\nrgmetin2.exe |
"TCP Query User{B04C029A-4956-4C9B-AEA5-27B9075A7CF3}C:\users\alex und corinna\desktop\p-server(s)\old school\oldschool-united_de.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\old school\oldschool-united_de.exe |
"TCP Query User{B0C872DA-B865-4857-8582-1FF90298D97A}C:\users\alex und corinna\desktop\376 mt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\376 mt2\mc.exe |
"TCP Query User{B16636E9-4F87-40FF-86D5-7224AB45D37D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B344C762-33C0-4114-9344-DE8D63A6EA98}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B50E4C38-575B-4E1C-A9ED-ED6A60314132}C:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe |
"TCP Query User{B9A8740C-C59B-49D4-A5CD-A10F4C47841B}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\mc.exe |
"TCP Query User{BA911FAA-8D04-429C-B320-43D3DBECA72B}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe |
"TCP Query User{BD54567F-D9EE-4A66-A57E-9B3DBE1CC028}C:\users\alex und corinna\desktop\magnetmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\magnetmt2\mc.exe |
"TCP Query User{BDC04A8D-FD55-4D50-9592-48A5C2B2617A}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (4)\finalmt2\finalmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (4)\finalmt2\finalmt2.exe |
"TCP Query User{BDD2E532-3390-44C6-BD99-CA3DC29EBA1C}C:\users\alex und corinna\desktop\p-server(s)\bestmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\bestmt2\mc.exe |
"TCP Query User{BDF69CD4-5F36-4E23-BA57-B2CBFD2B33D2}C:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe |
"TCP Query User{BF73AC64-0300-4A9C-A786-35EBB2E8F123}C:\users\alex und corinna\desktop\nrg (down) und unbornmt2\nrgmetin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\nrg (down) und unbornmt2\nrgmetin2.exe |
"TCP Query User{C0637693-C76C-4E19-8AF3-C7FCDC4D265F}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe |
"TCP Query User{C74BB5CF-97D3-4DED-AFCF-793AB013FB2B}C:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe |
"TCP Query User{C86DDAD7-F13C-4C63-91D9-C846FDAB06E3}C:\users\alex und corinna\desktop\haha\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\haha\worldmt2.exe |
"TCP Query User{C8D96247-82FB-4A96-9724-375D46F6CF96}C:\users\alex und corinna\desktop\p-server(s)\bestmt2\matrixmt2_server2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\bestmt2\matrixmt2_server2.exe |
"TCP Query User{C97DCDC9-F253-4F75-9514-133FDC876EBC}C:\users\alex und corinna\desktop\neuer ordner (2)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (2)\mc.exe |
"TCP Query User{CAEB71B3-7406-4D0A-9AA0-4CAF1C976B93}C:\users\alex und corinna\desktop\p-server(s)\longju3 und vicelin34mt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\longju3 und vicelin34mt2\mc.exe |
"TCP Query User{CBB05C6E-D21F-44B9-B89B-A4F57526D485}C:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe |
"TCP Query User{CC5213FA-AA68-43C6-A05C-E31D261D12E2}C:\users\alex und corinna\desktop\fastmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\fastmt2\mc.exe |
"TCP Query User{D00FB29C-330E-40DB-87EA-85012BCE5DB5}C:\users\alex und corinna\desktop\neuer ordner\metin2\metin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\metin2\metin2.exe |
"TCP Query User{D06EC68D-F85A-4180-AB5B-15EC3034E529}C:\users\alex und corinna\desktop\neuer ordner (3)\metin2\multiserver-client.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\metin2\multiserver-client.exe |
"TCP Query User{D2C5B224-8450-4F4D-9518-2A80C006281E}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\black-planet.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\black-planet.exe |
"TCP Query User{D36339A4-785A-440D-A034-F2F668F16888}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe |
"TCP Query User{D3DCD240-6686-4173-B9BF-2ECB83D90629}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe |
"TCP Query User{D423ADA4-9D64-4240-ACF2-A234709DE6BE}C:\users\alex und corinna\desktop\p-server(s)\dirtmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\dirtmt2\mc.exe |
"TCP Query User{D533C0C1-AC92-4F5C-A49A-C6C0A3F88E2C}C:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe |
"TCP Query User{D63D0E60-5BBC-4844-AB02-8ED023285334}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D6B89C86-DF77-4D3D-83D0-51F1AC4A5264}C:\users\alex und corinna\desktop\metin2\metin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\metin2\metin2.exe |
"TCP Query User{D710CA23-D979-4DF9-A99C-ED922137575A}C:\users\alex und corinna\desktop\worldmt2\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\worldmt2.exe |
"TCP Query User{D78BD265-95D2-4EB7-8E17-108F10881ABB}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{DA076D90-6AB1-4AE7-9154-68F273BD8848}C:\users\alex und corinna\desktop\pservermt2-client by justin 18.08.10\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\pservermt2-client by justin 18.08.10\mc.exe |
"TCP Query User{DA36CAB5-853C-4093-9185-1E4D877B7410}C:\users\alex und corinna\desktop\p-server(s)\haha\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\haha\worldmt2.exe |
"TCP Query User{DA45D197-451C-42FF-B427-985079C9D104}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=6 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe |
"TCP Query User{DEDA5DC6-8F7C-4706-B67E-4CFE3D7A37C2}C:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe |
"TCP Query User{DF211BD8-F23B-4647-848E-F2F3465625B2}C:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe |
"TCP Query User{E2F82585-47D5-4AEB-A203-A1D382CAAB64}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\mc.exe |
"TCP Query User{E44BA634-C445-4129-AD7F-B346ECEFED8F}C:\users\alex und corinna\desktop\neuer ordner\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\mc.exe |
"TCP Query User{E471C63A-96BE-415A-B2F3-AFA2E24C829E}C:\users\alex und corinna\desktop\new_worldmt2\new_world2_de_by_angelandi (1).exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\new_worldmt2\new_world2_de_by_angelandi (1).exe |
"TCP Query User{E54C1488-94DB-441E-818F-B435F150E094}C:\users\alex und corinna\desktop\neuer ordner (4)\finalmt2\finalmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\finalmt2\finalmt2.exe |
"TCP Query User{E832C1C0-2FF2-42EF-BA76-E717B2A3F784}C:\users\alex und corinna\desktop\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe |
"TCP Query User{EA464F33-0C28-4415-B8D5-F76D691A9C48}D:\pes10\pes2010.exe" = protocol=6 | dir=in | app=d:\pes10\pes2010.exe |
"TCP Query User{EBDB5C4E-1DF2-45F4-B0C6-7399B3B33F01}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{EEDE7125-B5FB-4EA5-A272-E33EC19E331B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{EF62A57F-AE17-4C3D-8DB3-2FE6F87DF7B7}C:\users\alex und corinna\desktop\neuer ordner (4)\modified-client_v3.5\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\modified-client_v3.5\mc.exe |
"TCP Query User{EF6C80E8-4CED-4DCC-B11D-B120963DAF4A}C:\users\alex und corinna\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"TCP Query User{EF978F7F-3567-44B1-8620-8BF085A5EBF3}C:\users\alex und corinna\desktop\p-server(s)\arusmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\arusmt2\mc.exe |
"TCP Query User{EFE68B09-7219-434D-A0E5-36040F91F827}C:\users\alex und corinna\desktop\dirtmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\dirtmt2\mc.exe |
"TCP Query User{F0BF4F5B-11F2-47A4-83A5-B1E360B4AE6F}C:\users\alex und corinna\desktop\p-server(s)\galatea.mt2\worldmt2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\galatea.mt2\worldmt2.exe |
"TCP Query User{F222EB3D-8C17-4E04-AF38-BF6F5EBA193F}C:\users\alex und corinna\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{F4358181-F1BC-46A0-9784-B66FBAE6AED2}C:\users\alex und corinna\desktop\chucky\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\chucky\mc.exe |
"TCP Query User{F4A0D662-D77F-46C9-A9E9-8A78FD23568C}C:\users\alex und corinna\desktop\376 mt2\metin2.bin" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\376 mt2\metin2.bin |
"TCP Query User{F8F3C12E-4E6D-4FFA-9A83-257DD3BF8D24}C:\users\alex und corinna\desktop\neuer ordner (3)\nrgmetin2.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\nrgmetin2.exe |
"TCP Query User{F91273D0-9A64-454E-BEB9-8D98CA04A5E9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F93FB3FC-9B6C-423E-8388-CCE1D67224FE}C:\users\alex und corinna\desktop\chucky (2good client)\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\chucky (2good client)\mc.exe |
"TCP Query User{FA5F9958-EEF9-4FD7-9470-913C95E55060}C:\users\alex und corinna\desktop\nrg (down) und unbornmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\nrg (down) und unbornmt2\mc.exe |
"TCP Query User{FAEB3829-BCD4-45C5-ADB1-EC1C86E7A54B}C:\program files\fantasymt2\fantasymt2.exe" = protocol=6 | dir=in | app=c:\program files\fantasymt2\fantasymt2.exe |
"TCP Query User{FAF90EDA-C3A2-4301-8139-EE9A6D3B9BBE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{FB6560B2-B686-4C37-9FC5-EA6844D393EA}C:\users\alex und corinna\desktop\376 mt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\376 mt2\mc.exe |
"TCP Query User{FE86335A-D83C-49F9-9810-D1EE8F71B88C}C:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe |
"TCP Query User{FF215B0E-61DC-422B-90E3-680996492157}C:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe |
"TCP Query User{FFB95BDA-77B9-4FE0-ABD7-0BCC3890FBCD}C:\users\alex und corinna\desktop\p-server(s)\aggromt2\metin2.bin" = protocol=6 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\aggromt2\metin2.bin |
"TCP Query User{FFCDC83B-D1DA-4599-A569-EF63E4D008EF}C:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"UDP Query User{00079583-392F-4C4F-B07B-7F57CB55F79D}C:\users\alex und corinna\desktop\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe |
"UDP Query User{00747D1C-CDAA-4709-AB5E-391D1BE685A0}C:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe |
"UDP Query User{00B703B4-D6F7-41E9-A1EC-746CB2CBAE5D}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\black-planet.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\black-planet.exe |
"UDP Query User{01858352-379E-4F03-AD8B-71C70F737245}C:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"UDP Query User{06E4C31E-7DBE-4486-B570-025658DACB19}C:\users\alex und corinna\desktop\worldmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\mc.exe |
"UDP Query User{0708749C-8F6E-46BE-BC22-D7342BC7C3D9}C:\users\alex und corinna\desktop\dirtmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\dirtmt2\mc.exe |
"UDP Query User{07EE5A01-15DD-4E9C-AC5D-396A5F6ABB14}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{09AEDB8F-0AC0-4ABF-BAF8-0AD2CDB9561F}C:\users\alex und corinna\desktop\neuer ordner (4)\metin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\metin2.exe |
"UDP Query User{0AE3A937-C9B7-4F84-885F-08216D05C194}C:\users\alex und corinna\desktop\376 mt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\376 mt2\mc.exe |
"UDP Query User{0B36CBF6-FC37-45FD-828C-0E02D32D4F49}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (4)\finalmt2\finalmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (4)\finalmt2\finalmt2.exe |
"UDP Query User{0CDFD51E-1CC0-4E4F-B60A-1B2988654C64}C:\users\alex und corinna\desktop\chucky\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\chucky\mc.exe |
"UDP Query User{13CC888E-C425-41EF-868F-EF1357573133}C:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe |
"UDP Query User{161E14F2-4AE9-47D3-81E8-B7614BF7C046}C:\program files\pesedit\2010 fifa world cup patch\pes2010.exe" = protocol=17 | dir=in | app=c:\program files\pesedit\2010 fifa world cup patch\pes2010.exe |
"UDP Query User{16A2AE11-BECA-4447-82B7-610AF6FACDB0}C:\users\alex und corinna\desktop\deathmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\deathmt2\mc.exe |
"UDP Query User{172987C9-19EC-4EB5-AFC8-6C2AAD89925C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1BB7A4D0-0067-4F6F-9A99-A944A1C5CB51}C:\users\alex und corinna\desktop\p-server(s)\longju3 und vicelin34mt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\longju3 und vicelin34mt2\mc.exe |
"UDP Query User{1C457573-F474-40C5-9F95-240F0C124776}C:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe |
"UDP Query User{1C7AA1B1-CF74-4E93-9322-B237D8BCFE12}C:\program files\giganology\gigaget\gigaget.exe" = protocol=17 | dir=in | app=c:\program files\giganology\gigaget\gigaget.exe |
"UDP Query User{1D41C765-DF39-48C7-9D56-7BEC32B9B501}C:\users\alex und corinna\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\program files\dna\btdna.exe |
"UDP Query User{1ED112DE-9973-42E0-84EA-D4DD8AF86993}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe |
"UDP Query User{20792FE4-9483-4A7F-B231-75598FA8D450}C:\users\alex und corinna\desktop\p-server(s)\server\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\server\mc.exe |
"UDP Query User{216FF990-107D-4EB0-8A2D-E9D84F94AEB5}C:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe |
"UDP Query User{255486BE-7D63-4853-9BCA-5C166B25F612}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (2)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (2)\mc.exe |
"UDP Query User{26E00A40-A5B9-4542-8CA6-5EBA067B4E08}C:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe |
"UDP Query User{2A6EF923-C9C9-4933-995D-FCBC6BC36250}C:\users\alex und corinna\desktop\neuer ordner\germanserver2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\germanserver2.exe |
"UDP Query User{2BF8A941-1B5D-42FC-9721-F98D730D3EA4}C:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe |
"UDP Query User{2C08C22D-B4AB-4395-91E8-28F12A51ADD8}C:\users\alex und corinna\desktop\worldmt2\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\worldmt2.exe |
"UDP Query User{2D5FE0B0-8775-4D98-8413-6BEA4D49E950}C:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe |
"UDP Query User{2EB29168-B279-4AE2-AA76-73FA5B54E5A9}C:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\fastmt2\mc.exe |
"UDP Query User{31D84D70-6DF7-4584-B8B8-80793251688C}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{34BA1F0D-EC01-4426-A87A-656E0A8B4771}C:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\godmt2-reloaded\client\godmt2-reloaded.exe |
"UDP Query User{359111AF-E020-4AFD-AB82-E20D5A94A3D8}C:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe |
"UDP Query User{3C151E6E-3991-40A4-8B67-894AE72D8111}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3E984611-04F8-4A2B-A600-BEFFF05B86D8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{413D7597-1B7A-4D5B-BE24-6DFE78969792}C:\users\alex und corinna\desktop\fastmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\fastmt2\mc.exe |
"UDP Query User{43DA9831-DF7D-44CC-8621-ABB56ADCAD56}C:\users\alex und corinna\desktop\p-server(s)\galatea.mt2\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\galatea.mt2\worldmt2.exe |
"UDP Query User{44333BB6-D1F3-4D67-9E82-62D4A3C1C3C2}C:\users\alex und corinna\desktop\neuer ordner\finalm2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\finalm2.exe |
"UDP Query User{449EDDFC-2EB8-4136-950F-3082D758C32D}C:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe |
"UDP Query User{486D9639-D17D-421D-B00D-7DCE9BA0B8E4}C:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\gumgummt2\mc.exe |
"UDP Query User{486F02AB-2349-4B89-8B88-B326038C4521}C:\users\alex und corinna\desktop\neuer ordner (5)\new_world2_de_by_angelandi (1).exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (5)\new_world2_de_by_angelandi (1).exe |
"UDP Query User{493579D4-392B-4282-83DB-9167839F59DE}C:\users\alex und corinna\desktop\p-server(s)\arusmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\arusmt2\mc.exe |
"UDP Query User{4D030CB4-617A-48B6-9C96-9BFF79D3E297}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4FC2B7F5-C2D9-464C-88B7-43B575B65C8C}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{50A35856-664C-40F2-8105-EC8E6A363295}C:\users\alex und corinna\desktop\metin2\local.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\metin2\local.exe |
"UDP Query User{536023F2-ABAD-41BD-AABF-03C3BA35F112}C:\users\alex und corinna\desktop\p-server(s)\old school\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\old school\mc.exe |
"UDP Query User{541A2270-2407-406A-A7FD-32C17014CF71}C:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe |
"UDP Query User{542DBC51-1CB1-45DB-BDE6-CC9703258AA8}C:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\longju3.exe |
"UDP Query User{56499CCC-7E02-4DE3-B88B-EE7ABE0C261E}C:\users\alex und corinna\desktop\neuer ordner (4)\modified-client_v3.5\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\modified-client_v3.5\mc.exe |
"UDP Query User{56D00A7A-8E23-4898-B45B-C76F80CAB4F0}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\mc.exe |
"UDP Query User{56D70EF7-7573-419B-871E-4E6B9057A1BA}C:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\cokkie oda so xd\mc.exe |
"UDP Query User{575DBC39-6DE6-4893-9D5C-AE68E05154B2}C:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\mc.exe |
"UDP Query User{578269BB-5503-4BF4-BC6E-3D8E03960D02}D:\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\metin2\metin2.bin |
"UDP Query User{59071658-36F4-4DBA-A7C4-691945F9142A}C:\users\alex und corinna\desktop\neuer ordner\finalm2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\finalm2.exe |
"UDP Query User{59AE5282-1A39-405C-ACF8-2B7B87C3F20C}C:\program files\fantasymt2\fantasymt2.exe" = protocol=17 | dir=in | app=c:\program files\fantasymt2\fantasymt2.exe |
"UDP Query User{5BA28892-34C2-4FF3-8B65-330B93D71C79}C:\users\alex und corinna\desktop\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\metin2\metin2.bin |
"UDP Query User{5E5EE6F6-3DD0-4A8A-9F24-FD2C7A4D2209}C:\users\alex und corinna\desktop\neuer ordner (5)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (5)\mc.exe |
"UDP Query User{624A2F1B-CD6C-442C-8A84-0079EA617CB0}C:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe |
"UDP Query User{662E72C7-316C-4C1C-84DB-AD5BC5CAFBBE}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (8)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (8)\mc.exe |
"UDP Query User{667A8A9C-37B0-4047-878B-708C0F74694A}C:\users\alex und corinna\desktop\warcraft 3\war3.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\warcraft 3\war3.exe |
"UDP Query User{676DFFB4-DE83-4C66-85BB-F294CCFD2C00}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\worldmt2.exe |
"UDP Query User{67A5289E-656D-4DE9-8CC4-00F21BB56182}C:\users\alex und corinna\desktop\neuer ordner (3)\nrgmetin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\nrgmetin2.exe |
"UDP Query User{68DC3E2D-BC39-4A05-A756-A929773297FF}C:\users\alex und corinna\desktop\haha\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\haha\mc.exe |
"UDP Query User{6B19E055-4DDD-4067-B5B3-EE0C5A201F70}C:\users\alex und corinna\desktop\376 mt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\376 mt2\mc.exe |
"UDP Query User{6B31DAB7-9B63-467C-B649-769B32A31D96}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe |
"UDP Query User{71A99CD3-9E9A-40D9-8596-43F8354D0212}C:\users\alex und corinna\desktop\p-server(s)\worldmt2 und worldlongju\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\worldmt2 und worldlongju\worldmt2.exe |
"UDP Query User{726557BD-63C1-4A1B-B85E-943E942C5DD6}C:\users\alex und corinna\desktop\neuer ordner (5)\metin2.bin" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (5)\metin2.bin |
"UDP Query User{72BD08AD-6D50-4D25-B5E4-6FFD5867A186}C:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe |
"UDP Query User{733712B6-165C-419D-829F-823D4CFA010B}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{75F9F159-4B3A-47A9-9D0A-D755429E640C}C:\users\alex und corinna\desktop\nrg (down) und unbornmt2\nrgmetin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\nrg (down) und unbornmt2\nrgmetin2.exe |
"UDP Query User{783C7027-0682-435F-9CB5-4F34F7633080}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\neuer ordner (7)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\neuer ordner (7)\mc.exe |
"UDP Query User{78C5ED1C-93E7-4E92-B842-112BCE7BC715}C:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe |
"UDP Query User{7A42F29A-E341-48D7-954F-4B7541AE4C8E}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe |
"UDP Query User{7CF268F6-7669-42C0-BA86-382ED88DFEEA}C:\users\alex und corinna\desktop\snickimt2\modified-client_v3.5\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\snickimt2\modified-client_v3.5\mc.exe |
"UDP Query User{7E9D6DD4-482E-485B-A03B-34A86D44CB1C}C:\users\alex und corinna\desktop\nrg (down) und unbornmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\nrg (down) und unbornmt2\mc.exe |
"UDP Query User{7ECA90F2-4930-445C-8F2A-7D9C7C10E842}C:\users\alex und corinna\desktop\p-server(s)\metin2\metin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\metin2\metin2.exe |
"UDP Query User{7F24A2D7-7F8E-46BD-9379-EB6EA2AB1914}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\nrgmetin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\nrgmetin2.exe |
"UDP Query User{7FF2A0A8-FFA9-4B74-AE1D-2E7A7E248215}C:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\metin2starter.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\metin2starter.exe |
"UDP Query User{80DACC39-32D0-43DA-ACF7-C3C62B5A0243}C:\users\alex und corinna\desktop\neuer ordner\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\mc.exe |
"UDP Query User{80E65A94-1D90-4DB8-85A0-65F9AE756C04}C:\users\alex und corinna\desktop\neuer ordner\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\mc.exe |
"UDP Query User{8119C1A8-0261-4FFF-9EF1-C283131FDB98}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{82A985A7-0C76-457B-B795-9FFC8B37F9D2}C:\users\alex und corinna\desktop\neuer ordner (4)\rct.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\rct.exe |
"UDP Query User{83080BED-8FFC-4AB2-B2C5-4728E75E9C8A}C:\users\alex und corinna\desktop\376 mt2\metin2.bin" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\376 mt2\metin2.bin |
"UDP Query User{8417927C-1FE8-4355-8F72-0FE96260FCEA}C:\users\alex und corinna\desktop\p-server(s)\aggromt2\metin2.bin" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\aggromt2\metin2.bin |
"UDP Query User{8661D484-5A33-42A0-838A-AB2ACC4E0948}C:\users\alex und corinna\desktop\longju3 und vicelin34mt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\longju3 und vicelin34mt2\mc.exe |
"UDP Query User{883EBF59-34EB-448C-B545-ADED91ABBB3A}C:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (6)\mc.exe |
"UDP Query User{897C37A6-7D8C-491C-83C2-CFDC030EDFB6}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner\metorymt2.exe.exe |
"UDP Query User{899A98B2-C62A-401D-A43F-4A74E6406C69}C:\users\alex und corinna\desktop\worldmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\mc.exe |
"UDP Query User{8A10DDC9-3F2B-4544-8080-60511B310375}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe |
"UDP Query User{8A78FBDF-792A-4DC4-B9A5-90D24C836CE2}C:\program files\metin2_germany\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2client.bin |
"UDP Query User{8AA9109E-F6FB-4F62-A582-7A216F2BE615}D:\pes10\pes2010.exe" = protocol=17 | dir=in | app=d:\pes10\pes2010.exe |
"UDP Query User{8C5787E8-8B0B-4B92-AAFF-63CBFE013A65}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8EE40BCC-4B77-4B58-BC5E-523B45D17454}C:\users\alex und corinna\desktop\gumgummt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\gumgummt2\mc.exe |
"UDP Query User{8F32D84A-83C9-43AB-904C-880C5833810C}C:\users\alex und corinna\desktop\atzenmt2\modified-client_v3.5\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\atzenmt2\modified-client_v3.5\mc.exe |
"UDP Query User{930774C0-09FA-4004-8A7D-2333BE8421C0}C:\users\alex und corinna\desktop\p-server(s)\gumgummt2\matrixmt2_server2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\gumgummt2\matrixmt2_server2.exe |
"UDP Query User{944D7206-D3BF-4088-841C-24F4B7F32D70}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9630FD3B-7D99-49C3-A221-385205A7C6AF}C:\users\alex und corinna\desktop\neuer ordner (7)\newmt2_reloaded_de.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\newmt2_reloaded_de.exe |
"UDP Query User{9776A6EA-0076-4160-85FC-FF141D167745}C:\users\alex und corinna\desktop\worldmt2\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2\worldmt2.exe |
"UDP Query User{986AFDC7-EA34-430D-BCEC-D3ACE25D954C}C:\users\alex und corinna\desktop\neuer ordner (2)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (2)\mc.exe |
"UDP Query User{9EEA7081-C3D9-45A2-8EEF-E9702FBFE587}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{A1A2B91B-84B5-457D-AD2F-8672AF845E40}C:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2009\pes2009.exe |
"UDP Query User{A3660FDE-C8DD-4088-AC49-E729C23B4EF2}C:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\metin2 aggromt2\mc.exe |
"UDP Query User{A36C5345-4535-4EC0-82CB-9314068D11F9}C:\users\alex und corinna\desktop\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\metin2\metin2client.bin |
"UDP Query User{A377DEE3-134F-48B2-A956-CA4875E7714A}C:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe |
"UDP Query User{A65791C1-C634-4E07-953E-1C71F964CCE3}C:\users\alex und corinna\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{A665DC81-074A-42DC-B379-86973C4160A5}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{A8AFB737-D188-4CF0-A7D8-7D4323BDF5F1}C:\users\alex und corinna\desktop\p-server(s)\spiritmt2\spiritmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\spiritmt2\spiritmt2.exe |
"UDP Query User{ABEA414D-6D02-4B17-BDEA-CAF53FF9F91C}C:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\snickimt2\modified-client_v3.5\mc.exe |
"UDP Query User{AC8BEBFB-E93F-49C7-9802-FABC2890AC75}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\metorymt2.exe.exe |
"UDP Query User{ADFDD5CB-A512-4FE3-9D50-E259455AE2B5}D:\swb2\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\swb2\gamedata\battlefrontii.exe |
"UDP Query User{AEF99F6C-CF44-40A0-91F9-38B83C12B841}C:\users\alex und corinna\desktop\pservermt2-client by justin 18.08.10\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\pservermt2-client by justin 18.08.10\mc.exe |
"UDP Query User{AF4FF1A2-37A4-423F-84D9-0511702A7DF3}C:\users\alex und corinna\desktop\worldmt2 und worldlongju\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\worldmt2 und worldlongju\worldmt2.exe |
"UDP Query User{AFEB2937-06B4-4CF2-8C72-561AC3EC71C3}C:\users\alex und corinna\desktop\neuer ordner (4)\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\mysteryzzmt2 client 4.4 ( haupt client )\mc.exe |
"UDP Query User{B0A074CD-0731-4B8C-AA91-DC421DF9F5A7}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\metorymt2.exe.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\metorymt2.exe.exe |
"UDP Query User{B412FB2D-4005-4984-90D6-599DB3B953A7}C:\users\alex und corinna\desktop\p-server(s)\dirtmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\dirtmt2\mc.exe |
"UDP Query User{B5474E6C-B8D3-4C94-BA53-95EC1E3EF084}C:\users\alex und corinna\desktop\neuer ordner (3)\germanserver1.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\germanserver1.exe |
"UDP Query User{B56CC535-B44D-41DF-987E-5F779F62BCE1}C:\users\alex und corinna\desktop\neuer ordner (7)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\mc.exe |
"UDP Query User{B5E1EFBD-1D4C-4534-B40F-0307F476A9DC}C:\users\alex und corinna\desktop\chucky (2good client)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\chucky (2good client)\mc.exe |
"UDP Query User{B77650F4-68C3-465E-856C-13BD20159D9C}C:\users\alex und corinna\desktop\p-server(s)\haha\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\haha\worldmt2.exe |
"UDP Query User{B9A4B529-7417-45E2-94A8-B0CCDBFE5EC5}C:\users\alex und corinna\desktop\p-server(s)\versuch2\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\versuch2\worldmt2.exe |
"UDP Query User{BA08D43F-E871-4D1F-B107-9D18B7B5951C}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (7)\mc.exe |
"UDP Query User{BA5C7493-04B9-4FB8-B0ED-171862A44A43}C:\users\alex und corinna\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\alex und corinna\appdata\local\virtualstore\program files\metin2_germany\metin2.bin |
"UDP Query User{BAF887F5-0FE7-4AC4-999A-F072596DDE13}C:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\neuer ordner (3)\mc.exe |
"UDP Query User{BC110CAD-F30E-444D-9A51-D09DB3F32294}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BD15C4A3-BF2B-461E-804F-06244322E690}C:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\wl-mt2.exe |
"UDP Query User{BD203889-8EBB-4114-A70C-862F97C7299A}C:\users\alex und corinna\desktop\new_worldmt2\new_world2_de_by_angelandi (1).exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\new_worldmt2\new_world2_de_by_angelandi (1).exe |
"UDP Query User{BE373084-06F9-4AC6-9EF3-1EF797325884}C:\users\alex und corinna\desktop\p-server(s)\godmt2-reloaded\client\godmt2-reloaded.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\godmt2-reloaded\client\godmt2-reloaded.exe |
"UDP Query User{C00EE1E6-CAB7-407E-9653-241F5CC97712}C:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\omg wie geil\mc.exe |
"UDP Query User{C0AF918A-395E-4E4D-A47C-195355A65EC7}C:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe |
"UDP Query User{C5A8760A-CB4A-4223-BDE3-53D5800376E2}C:\users\alex und corinna\desktop\haha\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\haha\worldmt2.exe |
"UDP Query User{C69865E0-31E0-4D72-9751-C28F52D26A27}C:\users\alex und corinna\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\program files\dna\btdna.exe |
"UDP Query User{C92272A5-38C0-403C-8D39-56FEC7323275}C:\users\alex und corinna\desktop\neuer ordner (3)\metin2\multiserver-client.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (3)\metin2\multiserver-client.exe |
"UDP Query User{C999B1EF-8738-4C39-8B2B-1F87C1CDFD5F}C:\users\alex und corinna\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"UDP Query User{C9C11A00-0A4B-4A27-ACFE-353AD713B4C9}C:\users\alex und corinna\desktop\metin2\metin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\metin2\metin2.exe |
"UDP Query User{CAAB4882-3F85-4BDA-A197-4FEAE649E4C3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CB68B911-54B6-48CB-94D4-B8AC77BB7628}C:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (8)\mc.exe |
"UDP Query User{D06B5003-F789-4808-B704-B4271E804EBE}C:\users\alex und corinna\desktop\p-server(s)\bestmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\bestmt2\mc.exe |
"UDP Query User{D0ABEEBD-BEF0-45E2-B51F-2167A8E21BAF}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{D204B3DA-138D-4CBA-82E4-24FE2BB32018}C:\users\alex und corinna\desktop\magnetmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\magnetmt2\mc.exe |
"UDP Query User{D271895D-6B48-48FF-90F1-3D7AC0BF9279}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D9B02A5D-23B3-4904-9789-F086C4B05947}C:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (7)\nrgmetin2.exe |
"UDP Query User{DC41D512-52C8-4FD5-9427-9B1DBAF18F55}C:\program files\fantasymt2\fantasymt2.exe" = protocol=17 | dir=in | app=c:\program files\fantasymt2\fantasymt2.exe |
"UDP Query User{DD013C31-3DFE-4E84-9F96-2F34CAD3B81B}C:\users\alex und corinna\desktop\p-server(s)\bestmt2\matrixmt2_server2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\bestmt2\matrixmt2_server2.exe |
"UDP Query User{E0341928-BA09-4F0B-919E-025BE4D66343}C:\users\alex und corinna\desktop\newmt2\newmt2_reloaded_de.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\newmt2\newmt2_reloaded_de.exe |
"UDP Query User{E0D64241-63D0-4879-9ED0-F4B282C3861E}C:\users\alex und corinna\desktop\p-server (metin2)\china\5imt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server (metin2)\china\5imt2.exe |
"UDP Query User{E3064AE0-1818-4395-8447-80813284F6E7}C:\users\alex und corinna\desktop\magnetmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\magnetmt2\mc.exe |
"UDP Query User{E59A84CE-D179-4910-B4E8-133069272AFB}C:\users\alex und corinna\desktop\p-server(s)\old school\oldschool-united_de.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\old school\oldschool-united_de.exe |
"UDP Query User{E67C958C-F851-4B55-A48A-EED5C14F5E81}C:\users\alex und corinna\desktop\neuer ordner\metin2\metin2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\metin2\metin2.exe |
"UDP Query User{E90E4BA4-22A0-436A-96B6-7B1D1F8AEBA4}C:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\aggromt2\mc.exe |
"UDP Query User{E91B9292-3339-45E3-9CBE-B60D3FC06D70}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{ED5F85DA-9253-4721-8BAF-4B4E4A227775}C:\users\alex und corinna\desktop\portmap.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\portmap.exe |
"UDP Query User{EEACC738-F149-483A-9125-4F9BAFCBF912}C:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\mc.exe |
"UDP Query User{EFA18BB3-16D1-4117-AA46-CABE3602EE3A}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{F723DEA4-BECC-47E0-8FCA-6663459DC949}C:\users\alex und corinna\desktop\p-server(s)\china\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\china\mc.exe |
"UDP Query User{F74DB48C-DC6D-4BD0-9BAD-2D3623BD0DDC}C:\users\alex und corinna\desktop\p server\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p server\mc.exe |
"UDP Query User{F92EC675-5034-4359-98A1-14F787A7E51C}D:\metin2\ohne patch.exe" = protocol=17 | dir=in | app=d:\metin2\ohne patch.exe |
"UDP Query User{F9A70F46-63B0-4864-B8A5-419AFE0B9986}C:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\nrg (down) und unbornmt2\mc.exe |
"UDP Query User{FB480F6D-F10E-4870-B0C4-7D85DCC02780}C:\users\alex und corinna\desktop\p-server(s)\china\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\china\mc.exe |
"UDP Query User{FBE4042B-EA9B-4FD2-B798-81DD758257DC}C:\users\alex und corinna\desktop\neuer ordner\germanserver1.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner\germanserver1.exe |
"UDP Query User{FE5BBE43-19CF-4CF3-9703-352A1A832CDF}C:\users\alex und corinna\desktop\p-server(s)\deathmt2\metorymt2.exe.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\deathmt2\metorymt2.exe.exe |
"UDP Query User{FE6C3ADD-8673-4D81-B6AF-BE30C26EC93E}C:\users\alex und corinna\desktop\p-server(s)\deathmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\deathmt2\mc.exe |
"UDP Query User{FF1344F7-E864-4EED-B906-064BEB3EFEDC}C:\users\alex und corinna\desktop\neuer ordner (4)\finalmt2\finalmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\neuer ordner (4)\finalmt2\finalmt2.exe |
"UDP Query User{FF5B1FC0-C5AE-42BA-922A-CD78CEE36DBE}C:\users\alex und corinna\desktop\p-server(s)\versuch\worldmt2.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\versuch\worldmt2.exe |
"UDP Query User{FF83A66F-451A-497B-9051-5AE2C5AD197C}C:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe" = protocol=17 | dir=in | app=c:\users\alex und corinna\desktop\p-server(s)\m2 (noch down)\mc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0254256E-81C0-42F2-9F98-B5BF392091FD}" = Key Configuration Tool
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{15e13d3b-4b57-4f68-9ba4-5d86c0931833}" = Pixia
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53454A1C-26F6-4599-A410-847B6AAD0009}" = Motorola Driver Installation 4.6.5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4646CC8-905B-4E6D-A094-4C9FB1621042}" = ArcSoft MediaImpression
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Apollox 2010 Realistic Gameplay Edition" = Apollox 2010 Realistic Gameplay Edition
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Belearn Demo_is1" = Belearn 7 Demo
"Brief-DruckereiV1" = Brief-Druckerei
"Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"Fifa 10 Crowdpatch" = Fifa 10 Crowdpatch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"gigaget_is1" = Gigaget
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manager Master 10_is1" = Manager Master 10 Release 10.2
"Menu- & Loadingbackground Patch v10" = Menu- & Loadingbackground Patch v10
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Nonsense Madness" = Nonsense Madness
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"T4EPlayer" = T4E Player
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Trophies Patch" = Trophies Patch
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.09.2010 07:22:05 | Computer Name = Alex-CorinnasPC | Source = Google Update | ID = 20
Description =
Error - 02.09.2010 07:30:24 | Computer Name = Alex-CorinnasPC | Source = Application Hang | ID = 1002
Description = Programm ManagerMaster10.exe, Version 1.0.0.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 67c Anfangszeit: 01cb4a9208bc6cd8 Zeitpunkt
der Beendigung: 196
Error - 02.09.2010 07:36:46 | Computer Name = Alex-CorinnasPC | Source = Application Hang | ID = 1002
Description = Programm ManagerMaster10.exe, Version 1.0.0.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 11e0 Anfangszeit: 01cb4a927e972bc8 Zeitpunkt
der Beendigung: 201
Error - 02.09.2010 08:22:06 | Computer Name = Alex-CorinnasPC | Source = Google Update | ID = 20
Description =
Error - 02.09.2010 09:18:02 | Computer Name = Alex-CorinnasPC | Source = Application Hang | ID = 1002
Description = Programm Lead-Rain2 - Patcher.exe, Version 2.1.0.0 arbeitet nicht
mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im
Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: df8 Anfangszeit: 01cb4aa12cab31d8 Zeitpunkt
der Beendigung: 8
Error - 03.09.2010 07:46:47 | Computer Name = Alex-CorinnasPC | Source = WinMgmt | ID = 10
Description =
Error - 03.09.2010 07:52:56 | Computer Name = Alex-CorinnasPC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 03.09.2010 10:05:15 | Computer Name = Alex-CorinnasPC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 03.09.2010 10:05:47 | Computer Name = Alex-CorinnasPC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 03.09.2010 12:41:15 | Computer Name = Alex-CorinnasPC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ System Events ]
Error - 11.09.2010 11:06:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 11:26:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 11:46:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 12:26:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 13:06:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 13:26:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 14:06:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 14:26:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 14:46:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.09.2010 15:06:43 | Computer Name = Alex-CorinnasPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
Hoffe das ich alles richtig gemacht habe. Mfg DDDAlexDDD |
|
12.09.2010, 20:52
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoorporgramm Problem! Das Log von Malwarebytes ist unvollständig.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.09.2010, 15:09
| #6 |
| | Backdoorporgramm Problem! Sorry aber mehr war da nicht habe gerade nochmal gemacht und genau das gleche wie oben schon steht |
|
13.09.2010, 15:18
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoorporgramm Problem! Der Kopf vom Log fehlt aber!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2010, 15:13
| #8 |
| | Backdoorporgramm Problem! sorry ich weiss vielleicht was du meinst: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4594 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 11.09.2010 20:46:39 mbam-log-2010-09-11 (20-46-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 348756 Laufzeit: 1 Stunde(n), 39 Minute(n), 36 Sekunde(n) mfg DDDAlexDDD =) |
|
14.09.2010, 16:56
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoorporgramm Problem! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
DRV - (XDva343) -- C:\Windows\System32\XDva343.sys File not found
DRV - (oflpydin) -- C:\Users\ALEXUN~1\AppData\Local\Temp\oflpydin.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "2Shared Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ffpro"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ffpro"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
O4 - HKCU..\Run: [fukkuukkkk.exe] C:\fukkuukkkk.exe\fukkuukkkk.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2010.09.10 17:08:39 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010.09.07 21:07:34 | 001,235,456 | ---- | C] (CheatHappens) -- C:\Users\Alex und Corinna\Desktop\Pro Evolution Soccer 2010 Trainer.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.09.2010, 14:21
| #10 |
| | Backdoorporgramm Problem! hat ein bisschen länger gedauert All processes killed ========== OTL ========== Service XDva343 stopped successfully! Service XDva343 deleted successfully! File C:\Windows\System32\XDva343.sys File not found not found. Service oflpydin stopped successfully! Service oflpydin deleted successfully! File C:\Users\ALEXUN~1\AppData\Local\Temp\oflpydin.sys File not found not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "2Shared Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "moz2-ytff-ffpro" removed from browser.search.param.yahoo-fr Prefs.js: "moz2-ytff-ffpro" removed from browser.search.param.yahoo-fr-cjkt Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=" removed from keyword.URL Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" removed from sweetim.toolbar.previous.keyword.URL Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fukkuukkkk.exe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. C:\Windows\System32\Process.exe moved successfully. C:\Users\Alex und Corinna\Desktop\Pro Evolution Soccer 2010 Trainer.exe moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Alex und Corinna ->Temp folder emptied: 13822461 bytes ->Temporary Internet Files folder emptied: 61444113 bytes ->Java cache emptied: 118005911 bytes ->FireFox cache emptied: 98724885 bytes ->Google Chrome cache emptied: 14829996 bytes ->Flash cache emptied: 55242 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6125589 bytes RecycleBin emptied: 1630 bytes Total Files Cleaned = 299,00 mb OTL by OldTimer - Version 3.2.12.0 log created on 09162010_151434 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\kls4627.tmp not found! Registry entries deleted on Reboot... |
|
16.09.2010, 14:37
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoorporgramm Problem! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2010, 13:27
| #12 |
| | Backdoorporgramm Problem! sooo hoffe das ich alles richtig gemacht habe Combofix Logfile: Code:
ATTFilter ComboFix 10-09-17.04 - Alex und Corinna 19.09.2010 13:56:14.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3327.2220 [GMT 2:00]
ausgeführt von:: c:\users\Alex und Corinna\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\fukkuukkkk.exe
c:\fukkuukkkk.exe\config.bin
c:\users\Alex und Corinna\AppData\Roaming\Microsoft\Windows\Recent\patch.log
c:\users\Alex und Corinna\AppData\Roaming\windows
c:\users\Alex und Corinna\AppData\Roaming\windows\logs.dat
c:\users\Alex und Corinna\SETUP1.EXE
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test
c:\windows\system32\tmp.reg
c:\windows\system32\ui
c:\windows\system32\ui\BANNER\LOADINGEVENT2.SOR
c:\windows\system32\ui\BANNER\LOADINGIMGOPT.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER2.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER3.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER4.SOR
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\kernel32.dll . . . ist infiziert!!
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-19 bis 2010-09-19 ))))))))))))))))))))))))))))))
.
2010-09-19 12:06 . 2010-09-19 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 18:57 . 2010-09-19 12:06 0 ----a-w- c:\windows\system32\Access.dat
2010-09-18 18:55 . 2010-09-18 19:24 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Tunngle
2010-09-18 18:55 . 2010-09-18 18:55 -------- d-----w- c:\programdata\Tunngle
2010-09-18 18:55 . 2009-09-16 06:02 27136 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2010-09-18 18:55 . 2010-09-18 19:23 -------- d-----w- c:\program files\Tunngle
2010-09-17 19:53 . 2010-09-17 19:53 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Lionhead Studios
2010-09-17 19:52 . 2010-09-17 19:52 -------- d-sh--w- c:\windows\ftpcache
2010-09-17 19:47 . 2010-09-17 19:47 -------- d-----w- c:\programdata\Lionhead Studios
2010-09-17 14:33 . 2010-09-17 14:33 -------- d-----w- c:\program files\Governor of Poker
2010-09-17 14:33 . 2010-09-17 14:33 -------- d-----w- c:\windows\Governor of Poker
2010-09-16 14:04 . 2010-09-16 14:18 -------- d-----w- c:\users\Alex und Corinna\AppData\Local\OpenCandy
2010-09-16 14:04 . 2010-09-16 14:04 331304 ----a-w- c:\users\Alex und Corinna\AppData\Roaming\OpenCandy\OpenCandy_F2C2083185B544869FA22ED95984C682\DLMgr_3_1.6.44.exe
2010-09-16 14:04 . 2010-09-16 14:04 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\OpenCandy
2010-09-16 13:14 . 2010-09-16 13:14 -------- d-----w- C:\_OTL
2010-09-15 16:49 . 2010-09-15 16:49 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\ProgSense
2010-09-15 16:48 . 2010-09-16 14:19 -------- d-----w- C:\downloads
2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\GrabPro
2010-09-15 16:48 . 2010-09-17 13:59 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Orbit
2010-09-15 15:21 . 2010-09-15 16:59 -------- d-----w- c:\program files\Common Files\Real
2010-09-15 14:14 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:14 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:14 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:13 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 16:31 . 2010-09-14 16:31 973496 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\updater.dll
2010-09-14 16:31 . 2010-09-14 16:31 88760 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\libola.dll
2010-09-14 16:30 . 2010-09-14 16:31 973496 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\updater.dll
2010-09-13 14:36 . 2010-09-13 14:36 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-13 14:35 . 2010-09-13 14:18 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-13 14:35 . 2010-09-13 14:17 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-13 14:35 . 2010-09-13 14:17 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-13 14:35 . 2010-09-13 14:35 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-13 14:35 . 2010-09-13 14:35 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-13 14:35 . 2010-09-13 14:35 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-13 14:35 . 2010-09-13 14:35 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-09-13 14:34 . 2010-09-13 14:34 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-09-13 14:33 . 2010-09-13 14:33 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-09-13 14:33 . 2010-09-13 14:33 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-09-13 14:33 . 2010-09-13 14:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-13 14:33 . 2010-09-13 14:33 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-09-13 14:17 . 2010-09-13 14:17 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-13 14:17 . 2010-09-13 14:35 -------- d-----w- c:\programdata\DivX
2010-09-12 09:26 . 2010-09-12 09:26 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Stardock
2010-09-12 09:26 . 2010-09-12 09:26 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-09-12 09:26 . 2010-06-22 19:49 3349784 -c--a-w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
2010-09-12 09:26 . 2010-09-12 09:26 -------- d-----w- c:\program files\Stardock
2010-09-12 09:25 . 2010-09-12 09:25 -------- d-----w- c:\users\Alex und Corinna\AppData\Local\PackageAware
2010-09-11 16:32 . 2010-09-11 16:32 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Malwarebytes
2010-09-11 16:32 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 16:32 . 2010-09-11 16:32 -------- d-----w- c:\programdata\Malwarebytes
2010-09-11 16:32 . 2010-09-11 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 16:32 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-10 15:01 . 2010-09-10 15:03 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\vlc
2010-09-10 15:01 . 2010-09-10 15:01 -------- d-----w- c:\program files\VideoLAN
2010-09-06 14:57 . 2010-09-06 14:57 -------- d-----w- c:\program files\PESEdit
2010-09-03 16:45 . 2010-09-03 16:45 -------- d-----w- c:\program files\Common Files\Java
2010-09-03 14:05 . 2010-09-03 14:05 -------- d-----w- c:\program files\DIFX
2010-09-03 14:04 . 2010-09-03 14:05 -------- d-----w- c:\program files\T4E Player
2010-09-01 11:29 . 2010-09-01 11:29 129720 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-09-01 11:29 . 2010-09-01 11:29 113336 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-09-01 11:29 . 2010-09-01 11:29 170680 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-09-01 11:26 . 2010-09-14 16:30 88760 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\libola.dll
2010-09-01 11:26 . 2010-09-01 11:26 387768 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\ksn_client.dll
2010-09-01 11:26 . 2010-09-01 11:26 191160 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtbbho.dll
2010-09-01 11:26 . 2010-09-01 11:26 264888 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\esmgr.dll
2010-09-01 11:25 . 2010-09-01 11:25 1037648 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-01 11:24 . 2010-09-01 11:25 271696 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sco\i386\win\sys_critical_obj.dll
2010-09-01 11:01 . 2010-09-02 17:33 288080 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-01 10:49 . 2010-09-01 11:29 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-09-01 10:49 . 2010-09-01 11:29 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-09-01 10:47 . 2010-09-19 12:10 -------- d-----w- c:\programdata\Kaspersky Lab
2010-09-01 10:47 . 2010-09-01 10:47 -------- d-----w- c:\program files\Kaspersky Lab
2010-09-01 10:34 . 2010-09-01 10:34 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-31 20:08 . 2010-09-01 10:27 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-30 14:41 . 2010-08-30 14:41 -------- d-----w- c:\program files\Apollox Tools
2010-08-30 13:09 . 2010-08-30 13:09 -------- d-----w- c:\windows\system32\pack
2010-08-30 13:09 . 2010-08-30 13:09 -------- d-----w- c:\windows\system32\icon
2010-08-26 13:06 . 2010-08-26 13:06 -------- d-----w- c:\program files\Fifa Master
2010-08-22 11:58 . 2009-11-03 12:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2010-08-22 11:58 . 2009-11-03 12:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2010-08-22 11:58 . 2010-09-18 10:50 -------- d-----w- c:\program files\Cheat Engine
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 12:08 . 2010-03-31 13:08 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-19 11:53 . 2009-06-03 11:59 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\ICQ
2010-09-19 08:24 . 2009-10-29 15:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-18 19:00 . 2009-06-03 10:01 71520 ----a-w- c:\users\Alex und Corinna\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-17 19:52 . 2009-06-03 12:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 13:15 . 2009-10-29 15:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 18:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 16:59 . 2010-05-05 18:27 -------- d-----w- c:\program files\Real
2010-09-13 18:34 . 2009-09-15 17:32 -------- d-----w- c:\programdata\CanonIJPLM
2010-09-13 14:39 . 2009-12-06 17:07 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\DivX
2010-09-13 14:39 . 2008-01-21 07:15 668882 ----a-w- c:\windows\system32\perfh007.dat
2010-09-13 14:39 . 2008-01-21 07:15 144952 ----a-w- c:\windows\system32\perfc007.dat
2010-09-13 14:39 . 2010-05-31 14:18 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\U3
2010-09-13 14:35 . 2009-12-06 16:54 -------- d-----w- c:\program files\DivX
2010-09-13 14:34 . 2009-12-06 16:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-05 11:41 . 2010-04-24 14:12 -------- d-----w- c:\programdata\KONAMI
2010-09-03 16:44 . 2009-06-20 15:17 -------- d-----w- c:\program files\Java
2010-09-02 17:33 . 2010-05-06 13:00 288080 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-09-02 07:07 . 2010-02-03 05:53 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Daynyd
2010-09-01 14:02 . 2009-06-05 15:21 -------- d-----w- c:\program files\Metin2_Germany
2010-09-01 12:16 . 2009-10-01 15:59 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\McLoad
2010-09-01 11:32 . 2010-05-07 10:34 1037648 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-09-01 11:32 . 2010-05-07 16:18 271696 ----a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-09-01 10:32 . 2009-06-03 09:58 -------- d-----w- c:\program files\Norman
2010-09-01 10:04 . 2010-01-11 16:12 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\Amow
2010-08-31 14:41 . 2010-08-31 14:41 -------- d-----w- c:\program files\Brief-Druckerei
2010-08-23 14:40 . 2010-06-27 10:05 -------- d-----w- c:\program files\ICQ7.2
2010-08-18 15:11 . 2010-08-20 11:53 52224 ----a-w- c:\users\Alex und Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}\components\FFExternalAlert.dll
2010-08-18 15:11 . 2010-08-20 11:53 101376 ----a-w- c:\users\Alex und Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}\components\RadioWMPCore.dll
2010-08-17 20:12 . 2010-08-17 20:12 -------- d-----w- c:\program files\Teachmaster 4.3
2010-08-17 20:05 . 2010-08-17 20:05 -------- d-----w- c:\program files\Belearn 7
2010-08-17 11:47 . 2009-06-03 10:02 -------- d-----w- c:\programdata\HDBR31
2010-08-13 14:02 . 2010-08-13 14:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-08-13 14:01 . 2010-08-13 14:01 -------- d-----w- c:\program files\Motorola
2010-08-13 14:01 . 2010-08-13 14:01 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-08-03 11:13 . 2009-06-20 12:00 -------- d-----w- c:\program files\Atari
2010-08-02 15:41 . 2010-08-02 15:27 -------- d-----w- c:\users\Alex und Corinna\AppData\Roaming\DAEMON Tools Lite
2010-08-02 15:28 . 2010-08-02 15:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-02 15:28 . 2010-08-02 15:28 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-02 15:28 . 2010-08-02 15:27 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-08-02 14:30 . 2009-08-17 17:04 -------- d-----w- c:\program files\7-Zip
2010-08-01 15:50 . 2010-08-01 15:49 19553 ----a-w- c:\windows\hpqins13.dat
2010-08-01 15:50 . 2010-08-01 15:49 -------- d-----w- c:\program files\HP
2010-08-01 15:49 . 2010-08-01 15:49 -------- d-----w- c:\program files\Common Files\HP
2010-08-01 15:49 . 2010-08-01 15:49 -------- d-----w- c:\programdata\HP
2010-08-01 15:29 . 2010-08-01 15:29 -------- d-----w- c:\program files\Seagrand
2010-08-01 15:29 . 2009-06-03 13:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-01 15:28 . 2009-06-03 09:56 -------- d-----w- c:\program files\Picasa2
2010-08-01 15:14 . 2010-08-01 15:14 -------- d-----w- c:\program files\Foto-Mosaik-Edda
2010-08-01 13:25 . 2010-02-02 14:04 -------- d-----w- c:\programdata\Skype
2010-08-01 13:24 . 2008-09-30 16:08 -------- d-----w- c:\programdata\Microsoft Help
2010-08-01 13:24 . 2008-09-30 16:09 -------- d-----w- c:\program files\Microsoft Works
2010-08-01 13:19 . 2010-05-05 17:42 -------- d-----w- c:\programdata\Norton
2010-08-01 13:19 . 2010-05-05 17:42 -------- d-----w- c:\programdata\Symantec
2010-08-01 13:12 . 2010-03-29 15:11 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-08-01 13:09 . 2009-07-13 11:38 -------- d-----w- c:\program files\alaplaya
2010-07-17 03:00 . 2010-04-30 20:26 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-13 11:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 11:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 11:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 11:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 18:51 . 2009-10-10 14:45 8854 ----a-r- c:\users\Alex und Corinna\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Uninstall_Fahrenheit_8C2B6FBDC8D14FA595F7B3231B7D8CBC.exe
2010-06-24 18:51 . 2009-10-10 14:45 10134 ----a-r- c:\users\Alex und Corinna\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\ARPPRODUCTICON.exe
2010-06-24 18:51 . 2009-10-10 14:09 4286 ----a-r- c:\users\Alex und Corinna\AppData\Roaming\Microsoft\Installer\{BA10AC78-E687-4523-8B93-540428FC256F}\Fahrenheit.exe_B11493A1D18C4B5FAD8D53D777C9C16A.exe
2010-06-21 13:37 . 2010-08-13 11:36 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-01 13:53 . 2009-10-29 15:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-08 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-08 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-27 6281760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"KeyConfiguration"="c:\program files\Fujitsu Siemens Computers\Key Configuration Tool\KeyConfigurationTool.exe" [2008-09-04 413184]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Gigaget"="c:\program files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 495616]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\users\Alex und Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FIFA 10-Registrierung.lnk - d:\fifa10\Support\EAregister.exe [2009-9-9 4374800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
R2 gupdate1ca7694be04b671;Google Update Service (gupdate1ca7694be04b671);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-01 30192]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-31 641024]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-09-04 3347280]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-02 691696]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-01 41816]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-09-14 716024]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-28 71008]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 16:54]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 16:54]
2010-09-18 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2009-12-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{FD9BE6BC-8F12-4671-89C2-5B865B98E93A}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Alex und Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\mxpup8ml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2447621&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\users\Alex und Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}\components\FFExternalAlert.dll
FF - component: c:\users\Alex und Corinna\AppData\Roaming\Mozilla\Firefox\Profiles\mxpup8ml.default\extensions\{ef468e5b-5b30-4136-a833-7f2e3a31afdf}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.2\ICQ.exe
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-19 14:10
Windows 6.0.6002 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3007487369-405977050-4058923890-1000\Software\SecuROM\License information*]
"datasecu"=hex:a4,4c,28,87,3d,53,72,9c,c8,08,2c,34,4d,0e,69,88,74,6b,4b,94,9d,
d0,6b,73,4e,9c,52,7f,27,26,e7,96,c6,ef,cd,ce,76,e8,ce,2c,49,dc,41,a1,13,61,\
"rkeysecu"=hex:44,c8,b9,9f,32,57,3b,cb,d1,4b,2e,c3,b7,6d,88,b1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-19 14:18:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-19 12:17
Vor Suchlauf: 25 Verzeichnis(se), 10.946.310.144 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 11.395.776.512 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 107F9C96ABF4BB775089D84CD8EF0A5F
mfg DDDAlexDDD |
|
19.09.2010, 17:53
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoorporgramm Problem!Zitat:
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2010, 21:49
| #14 |
| | Backdoorporgramm Problem! ich wusste nicht genau was ich posten sollte aber ich hoffe das es das richtige ist xD AhnLab-V3 2010.09.19.00 2010.09.18 - AntiVir 8.2.4.58 2010.09.18 - Antiy-AVL 2.0.3.7 2010.09.19 - Authentium 5.2.0.5 2010.09.19 - Avast 4.8.1351.0 2010.09.19 - Avast5 5.0.594.0 2010.09.19 - AVG 9.0.0.851 2010.09.19 - BitDefender 7.2 2010.09.19 - CAT-QuickHeal 11.00 2010.09.18 - ClamAV 0.96.2.0-git 2010.09.19 - Comodo 6132 2010.09.19 - DrWeb 5.0.2.03300 2010.09.19 - Emsisoft 5.0.0.37 2010.09.19 - eSafe 7.0.17.0 2010.09.17 - eTrust-Vet 36.1.7862 2010.09.17 - F-Prot 4.6.1.107 2010.09.19 - F-Secure 9.0.15370.0 2010.09.19 - Fortinet 4.1.143.0 2010.09.19 - GData 21 2010.09.19 - Ikarus T3.1.1.88.0 2010.09.19 - Jiangmin 13.0.900 2010.09.19 - K7AntiVirus 9.63.2552 2010.09.18 - Kaspersky 7.0.0.125 2010.09.19 - McAfee 5.400.0.1158 2010.09.19 - McAfee-GW-Edition 2010.1C 2010.09.19 - Microsoft 1.6201 2010.09.19 - NOD32 5462 2010.09.19 - Norman 6.06.06 2010.09.19 - nProtect 2010-09-19.01 2010.09.19 - Panda 10.0.2.7 2010.09.19 - PCTools 7.0.3.5 2010.09.19 - Prevx 3.0 2010.09.19 - Rising 22.65.05.00 2010.09.18 - Sophos 4.57.0 2010.09.19 - Sunbelt 6896 2010.09.19 - SUPERAntiSpyware 4.40.0.1006 2010.09.19 - Symantec 20101.1.1.7 2010.09.19 - TheHacker 6.7.0.0.025 2010.09.19 - TrendMicro 9.120.0.1004 2010.09.19 - TrendMicro-HouseCall 9.120.0.1004 2010.09.19 - VBA32 3.12.14.0 2010.09.17 - ViRobot 2010.9.18.4048 2010.09.19 - VirusBuster 12.65.14.0 2010.09.19 - |
|
20.09.2010, 08:26
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoorporgramm Problem! In meinem Posting steht doch, Du sollst den Link posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Backdoorporgramm Problem! |
| antivirenprogramm, beim starten, das angegebene modul wurde nicht gefunden, entdeck, fehler, folge, frage, fragen, gelöscht, hallo zusammen, home, home premium, laden, langsamer, löschen, modul, nicht gefunden, problem, seltsame, starten, tipps, total, vista, vista home premium, windows, windows vista, windows vista home, zugriff, zugriff verweigert |
Linear-Darstellung
