Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Kazy.mekml befallender rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.04.2011, 16:21   #1
haimon
 
Kazy.mekml befallender rechner - Standard

Kazy.mekml befallender rechner



Hallo mein antivir schreit die ganze zeit das mein rechner mit dem Tr kazy.mekml.1 befallen ist, zudem kommt eine warnung nach der anderen rein das meine festplatten fehler bekommen, mein arbeitsspeicher überhitzt und noch mehr solcher sachen. zwei meiner festplatten partitionen können nicht mehr ausgelesen werden, was für mich als sutdent eine katastrophe ist da dort meine wichtigen daten gespeichert sind, gibt es möglichkeiten alles zu reperieren und den virus loszuwerden?

ich brauch wirklich hilfe und meine wissen ist äußerst beschrenkt

hier die beiden logs von OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.04.2011 17:27:12 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Brugmann\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,25 Gb Total Space | 1,94 Gb Free Space | 6,19% Space Free | Partition Type: NTFS
Drive D: | 55,15 Gb Total Space | 34,73 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive E: | 95,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 931,51 Gb Total Space | 233,25 Gb Free Space | 25,04% Space Free | Partition Type: NTFS
Drive P: | 24,41 Gb Total Space | 17,06 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive S: | 122,07 Gb Total Space | 45,80 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
 
Computer Name:  | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Brugmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Brugmann\Desktop\stinger10101529.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - P:\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
PRC - P:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
PRC - P:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.40\aaCenter.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Brugmann\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (lxdn_device) -- C:\Windows\SysWow64\lxdncoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys (AfaTech                  )
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hattrick.org/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 21:48:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 21:48:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 21:48:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 21:48:45 | 000,000,000 | ---D | M]
 
[2010.01.14 21:03:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brugmann\AppData\Roaming\mozilla\Extensions
[2010.01.14 21:03:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brugmann\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.04.21 10:48:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brugmann\AppData\Roaming\mozilla\Firefox\Profiles\cplubv7b.default\extensions
[2010.06.28 08:05:01 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brugmann\AppData\Roaming\mozilla\Firefox\Profiles\cplubv7b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.15 07:39:01 | 000,001,056 | -H-- | M] () -- C:\Users\Brugmann\AppData\Roaming\Mozilla\Firefox\Profiles\cplubv7b.default\searchplugins\icqplugin.xml
[2011.04.21 10:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.13 00:51:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.13 18:00:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.08 12:17:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.02.05 12:02:36 | 000,219,904 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2006.07.31 16:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.07.28 21:23:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 21:23:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.28 21:23:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.28 21:23:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.28 21:23:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] P:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] P:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] P:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [StartCCC] p:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [TomTomHOME.exe] p:\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Brugmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = P:\Program Files (x86)\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - P:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - s:\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - p:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - p:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - s:\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - s:\PartyGaming\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brugmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brugmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.02 10:44:12 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{189c3de5-33bd-11df-8185-001e8c91c470}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{ac155b23-00f9-11dd-81e0-001e8c91c470}\Shell - "" = AutoRun
O33 - MountPoints2\{ac155b23-00f9-11dd-81e0-001e8c91c470}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{b8699b7b-22e1-11de-8970-001e8c91c470}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winsvc.exe
O33 - MountPoints2\{b8699b7b-22e1-11de-8970-001e8c91c470}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winsvc.exe
O33 - MountPoints2\{bea8de6e-010b-11dd-98ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bea8de6e-010b-11dd-98ad-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2003.10.31 23:08:46 | 002,990,313 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{f2eaff53-0de7-11dd-b7f6-001e8c91c470}\Shell - "" = AutoRun
O33 - MountPoints2\{f2eaff53-0de7-11dd-b7f6-001e8c91c470}\Shell\AutoRun\command - "" = G:\RunGame.exe
O33 - MountPoints2\{f39a7f86-e841-11de-bed8-001e8c91c470}\Shell - "" = AutoRun
O33 - MountPoints2\{f39a7f86-e841-11de-bed8-001e8c91c470}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 17:25:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Brugmann\Desktop\OTL.exe
[2011.04.21 17:01:56 | 000,000,000 | -H-D | C] -- C:\Users\Brugmann\AppData\Roaming\Malwarebytes
[2011.04.21 17:01:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.21 17:01:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 17:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 17:01:45 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.21 17:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.21 17:01:23 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Brugmann\Desktop\mbam-setup.exe
[2011.04.21 17:00:59 | 000,388,608 | -H-- | C] (Trend Micro Inc.) -- C:\Users\Brugmann\Desktop\HiJackThis204.exe
[2011.04.21 16:59:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.21 16:59:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.21 16:45:05 | 000,000,000 | -H-D | C] -- C:\Users\Brugmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.15 07:38:48 | 001,076,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.15 07:38:48 | 001,063,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.15 07:38:48 | 000,991,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.15 07:38:48 | 000,979,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.15 07:38:48 | 000,018,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.15 07:38:47 | 000,020,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.15 07:38:47 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.15 07:38:34 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.15 07:38:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.15 07:38:34 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.15 07:38:20 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.15 07:38:20 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.15 07:38:19 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.15 07:38:18 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.15 07:38:18 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.15 07:38:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.15 07:38:18 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.15 07:38:18 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.15 07:38:18 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2011.04.15 07:38:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011.04.15 07:38:17 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.04.15 07:38:17 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.04.15 07:38:16 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.15 07:38:15 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.15 07:38:15 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.15 07:38:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.15 07:38:13 | 001,398,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.15 07:38:13 | 001,360,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.15 07:38:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.15 07:38:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.15 07:38:12 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.15 07:38:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.15 07:38:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.03.28 21:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Brugmann\Documents\The Witcher
[2011.03.28 21:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Brugmann\AppData\Local\The Witcher
[2011.03.28 21:14:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2011.03.23 13:32:59 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.23 13:32:59 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.23 13:32:59 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.03.23 13:32:59 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2009.04.10 10:54:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2009.04.10 10:54:59 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2009.04.10 10:54:58 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2009.04.10 10:54:58 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2009.04.10 10:54:57 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2009.04.10 10:54:57 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2009.04.10 10:54:57 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2009.04.10 10:54:57 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2009.04.10 10:54:57 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2009.04.10 10:54:56 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2009.04.10 10:54:56 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2009.04.10 10:54:56 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2009.04.10 10:54:56 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 17:28:59 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 17:25:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Brugmann\Desktop\OTL.exe
[2011.04.21 17:15:37 | 008,125,959 | ---- | M] () -- C:\Users\Brugmann\Desktop\stinger10101529.exe
[2011.04.21 17:14:24 | 004,325,821 | ---- | M] () -- C:\Users\Brugmann\Desktop\cofi.exe
[2011.04.21 17:10:20 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 17:10:20 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 17:10:19 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 17:10:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 17:01:48 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 17:01:25 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Brugmann\Desktop\mbam-setup.exe
[2011.04.21 17:00:58 | 000,388,608 | -H-- | M] (Trend Micro Inc.) -- C:\Users\Brugmann\Desktop\HiJackThis204.exe
[2011.04.21 16:59:03 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.21 16:58:32 | 000,300,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.21 16:58:32 | 000,144,974 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.21 16:58:32 | 000,084,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.21 16:58:32 | 000,051,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.21 16:58:32 | 000,036,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.21 16:54:02 | 000,000,587 | -H-- | M] () -- C:\Users\Brugmann\Desktop\Windows Recovery.lnk
[2011.04.21 16:44:32 | 000,487,424 | ---- | M] () -- C:\ProgramData\42983176.exe
[2011.04.21 15:30:14 | 000,112,640 | -H-- | M] () -- C:\Users\Brugmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.15 20:59:58 | 000,250,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.08 13:28:58 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.04.08 13:28:58 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
 
========== Files Created - No Company Name ==========
 
[2011.04.21 17:15:35 | 008,125,959 | ---- | C] () -- C:\Users\Brugmann\Desktop\stinger10101529.exe
[2011.04.21 17:14:16 | 004,325,821 | ---- | C] () -- C:\Users\Brugmann\Desktop\cofi.exe
[2011.04.21 17:01:48 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 16:59:03 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.21 16:54:02 | 000,000,587 | -H-- | C] () -- C:\Users\Brugmann\Desktop\Windows Recovery.lnk
[2011.04.21 16:44:32 | 000,487,424 | ---- | C] () -- C:\ProgramData\42983176.exe
[2011.04.08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.04.08 13:28:58 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.08.01 02:50:40 | 000,052,325 | ---- | C] () -- C:\Windows\AFUDOS_2.32.exe
[2010.08.01 02:43:50 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.06.16 00:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.02.03 21:44:11 | 000,032,550 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009.12.13 15:28:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009.09.17 12:29:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.17 12:29:22 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.17 12:28:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.09.01 22:49:52 | 000,000,248 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.08.17 23:26:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.08.17 01:02:37 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2009.07.15 12:45:47 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.10 10:55:00 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2009.04.10 10:55:00 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2009.04.03 19:08:01 | 000,091,136 | -H-- | C] () -- C:\Users\Brugmann\AppData\Local\~relaunch.exe
[2009.03.08 00:42:14 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2009.03.08 00:42:14 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009.03.03 14:30:51 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009.02.01 00:23:28 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2008.11.14 23:47:38 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.08.30 10:56:43 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.08.06 21:37:08 | 000,000,680 | -H-- | C] () -- C:\Users\Brugmann\AppData\Local\d3d9caps.dat
[2008.08.06 21:37:03 | 000,000,552 | -H-- | C] () -- C:\Users\Brugmann\AppData\Local\d3d8caps.dat
[2008.06.17 13:23:04 | 000,000,019 | ---- | C] () -- C:\Windows\wp.ini
[2008.06.17 13:23:01 | 000,002,059 | ---- | C] () -- C:\Windows\wp2.ini
[2008.04.23 14:33:36 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008.04.20 19:22:43 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2008.04.20 19:22:43 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2008.04.20 19:22:43 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2008.04.18 22:11:39 | 000,112,640 | -H-- | C] () -- C:\Users\Brugmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.04 08:16:46 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.03 21:13:05 | 000,000,096 | -H-- | C] () -- C:\Users\Brugmann\AppData\Local\fusioncache.dat
[2008.04.03 21:10:09 | 000,265,114 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.04.03 21:08:03 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008.04.03 21:08:01 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008.04.03 00:18:33 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2008.04.02 23:21:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.04.02 20:57:24 | 000,001,447 | ---- | C] () -- C:\Windows\mozver.dat
[2008.04.02 20:03:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.02 19:58:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.04.02 19:48:56 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008.04.02 19:48:56 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008.04.02 19:48:54 | 000,012,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008.04.02 19:48:54 | 000,010,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008.04.02 19:43:17 | 000,025,552 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.04.02 19:33:23 | 000,002,188 | -H-- | C] () -- C:\Users\Brugmann\AppData\Local\d3d9caps64.dat
[2008.02.26 04:40:26 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.01.21 04:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007.11.21 02:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2007.11.21 01:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007.10.03 00:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2006.11.02 17:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.10.11 13:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2000.07.22 16:49:46 | 000,431,104 | ---- | C] () -- C:\Windows\SysWow64\VFCodec.dll
 
========== LOP Check ==========
 
[2008.04.02 22:55:31 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\DAEMON Tools
[2010.03.23 14:22:06 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\DAEMON Tools Lite
[2009.12.14 01:54:43 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\DAEMON Tools Pro
[2010.12.04 11:17:57 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\DC++
[2009.06.01 23:48:34 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\DynaGeo
[2010.02.25 11:06:14 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\FileZilla
[2010.08.01 12:38:01 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\GetRightToGo
[2011.03.09 15:04:07 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\ICQ
[2009.02.18 01:36:24 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\Leadertech
[2009.12.16 01:57:07 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\Lionhead Studios
[2011.03.17 13:28:05 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\Sony Online Entertainment
[2008.04.02 19:45:48 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\TMP
[2010.09.02 12:51:50 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\TomTom
[2010.08.01 15:50:17 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\Turbine
[2011.02.27 14:21:45 | 000,000,000 | -H-D | M] -- C:\Users\Brugmann\AppData\Roaming\Unity
[2011.04.21 17:09:23 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
 
< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 17:27:12 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Brugmann\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 512 512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,25 Gb Total Space | 1,94 Gb Free Space | 6,19% Space Free | Partition Type: NTFS
Drive D: | 55,15 Gb Total Space | 34,73 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive E: | 95,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 931,51 Gb Total Space | 233,25 Gb Free Space | 25,04% Space Free | Partition Type: NTFS
Drive P: | 24,41 Gb Total Space | 17,06 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive S: | 122,07 Gb Total Space | 45,80 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
 
Computer Name:  | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "p:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "p:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "p:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "p:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01  [binary data]
"VistaSp2" = 5A 56 08 52 00 3D CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1A1956-A8C9-4104-93ED-9658233B6236}" = lport=56605 | protocol=6 | dir=in | name=pando media booster | 
"{18003974-22F8-443E-8B1A-9B8101FCF6CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{23CBFC90-2B38-4A94-9945-8EBF426A4FD6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2896F9C6-F245-4F4F-91EE-E0E75F832B75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D8C034B-7816-4777-8574-073750FDDB59}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{351E51F5-070A-4FA3-BAD8-54FCEE29EDCA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{431BF7FA-026D-43CC-AD72-242BEFA9FC69}" = lport=58667 | protocol=6 | dir=in | name=pando media booster | 
"{4EDDB04D-A43D-42C1-9E97-9AC228E60E69}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{50351E2E-CBBD-4999-928A-2B0A722B9B17}" = lport=138 | protocol=17 | dir=in | app=system | 
"{55C6F24E-F08F-4684-87B0-8F3ADD563961}" = rport=138 | protocol=17 | dir=out | app=system | 
"{59D8C513-5AB9-4DDC-B65D-8092F4DB6000}" = rport=137 | protocol=17 | dir=out | app=system | 
"{61F61F57-B500-40B1-AF99-32F4D1CE460C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70114082-92D4-447A-B105-EF82B26E7CC3}" = lport=58667 | protocol=17 | dir=in | name=pando media booster | 
"{75912B84-5315-40D0-8D00-158A6009565F}" = lport=58667 | protocol=6 | dir=in | name=pando media booster | 
"{76CB1EFF-9764-45CC-98BA-D7C88DFCF849}" = lport=58667 | protocol=17 | dir=in | name=pando media booster | 
"{8D2EDC0C-85C2-4B9D-AC76-FCBC55497CAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{903F3ED0-42B7-45CB-834F-E9E03B467909}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{933845A2-7B4A-43E1-8346-A5B5D05C7436}" = lport=56605 | protocol=6 | dir=in | name=pando media booster | 
"{9737F8D6-E74E-45DB-93E0-7FAC37F21416}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9974EE31-3CA3-431C-B1A0-A95AF08E4D7E}" = lport=56605 | protocol=17 | dir=in | name=pando media booster | 
"{A6F88D8B-7F54-4B21-9003-425FE6FEE34F}" = lport=56605 | protocol=17 | dir=in | name=pando media booster | 
"{A76B10CF-C6AC-425A-B115-69BF6127B6AA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AAE6E55F-8D09-4A39-B411-94F76CA51C56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD3681ED-2454-4B17-A932-1F996F7AE55D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AF987EDD-5F72-4FEC-802F-A0C280D4E269}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B66A254D-0AFB-48CB-9913-90E69F6BCC44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BB2CCB5B-935C-4325-BB77-343F8152F489}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BEA63475-A986-4272-B2AF-2354F7FCFA78}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C10EC2A3-C4B4-4B9B-B5AD-E57509BA8337}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C532F853-08AF-4CD8-8E50-CB82752579BB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CD732504-EF90-43DD-B30E-CBFCB0B1239C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D9DA2630-BE6B-43A3-8B37-29168A06DCA0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E1D0327E-9021-4DEB-914F-164680D04AB5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E4ADC144-CEF2-4D3A-B04F-4B216BB13018}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E8EAD90B-18D2-485B-B514-95F25C9829CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EADED1D6-0DFF-4301-8A85-C179AB98B1D5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EB45CB03-383C-4B0E-B01F-73E21CD871ED}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{F8BB0F7E-F6DD-4F85-9327-B035BA3C22F5}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C91D3A-AE1E-482A-A769-98BFAC2A040A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{036FCEBA-3325-4541-AD7F-165D29871CA9}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\cogs\cogs.exe | 
"{06015569-C174-4840-B03A-626A2FFB440F}" = protocol=6 | dir=in | app=s:\black prophecy client beta\bin\win32\patcher.exe | 
"{0814C3FF-93E8-48E8-B97B-1E058B2EE7DB}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\everquest\launchpad.exe | 
"{0AB05F1A-6354-4FDA-BBEF-C122665B0C7A}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\everquest\launchpad.exe | 
"{0BA00DF2-B324-4B50-AC80-CBCE2688428C}" = protocol=6 | dir=in | app=s:\world of warcraft beta\blizzard downloader.exe | 
"{0EEFF95E-9596-427B-B59E-F1632829A255}" = protocol=6 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike\hl.exe | 
"{1DAA4509-12C5-4C9C-9F53-E70E316AED10}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{20D8ACAD-E076-42D6-A319-DCEEBEAD3D1D}" = protocol=17 | dir=in | app=c:\starcraft ii beta\starcraft ii.exe | 
"{20DB9C2B-970D-41CE-BE2B-2F377F42DBCC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{2213EC73-AB96-465E-87C4-5FFE646F9093}" = protocol=17 | dir=in | app=s:\lost empire - immortals\lostempire.exe | 
"{25CDDF50-6D9A-47BB-9CE4-7C29F48385E0}" = protocol=17 | dir=in | app=d:\battleforge\bootstrapper.exe | 
"{27F2E5B1-D2AC-4200-8DCD-9EC6A3B35828}" = protocol=6 | dir=in | app=s:\heroes in the sky\his.exe | 
"{293A1DFE-72E0-4DE5-8E96-EF50734CC519}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{2A037EC2-4AA1-43C0-BB51-89FB1AB7AAFD}" = protocol=17 | dir=in | app=s:\civilization 4\warlords\civ4warlords_pitboss.exe | 
"{2B6F3774-57D4-4D0E-9302-A124B75B6CE9}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\everquest\launchpad.exe | 
"{2BCF3688-63C0-44F4-BEF9-796B0B9D7112}" = protocol=6 | dir=in | app=s:\wow\backgrounddownloader.exe | 
"{2BF80ACE-171E-4071-9761-5043BD58F84F}" = protocol=17 | dir=in | app=s:\world of warcraft\launcher.patch.exe | 
"{2FC4C853-D756-4257-B9D8-852B47A0C6BC}" = protocol=17 | dir=in | app=c:\starcraft ii beta\support\blizzarddownloader.exe | 
"{30F5F2AE-2304-4BA4-8094-8406D73D35CF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnwbgw.exe | 
"{318875F9-75EC-4F91-9347-C40235463D18}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\cogs\cogs.exe | 
"{31AD6B2B-5700-410C-AAF2-C3E3CE0CE47B}" = protocol=17 | dir=in | app=s:\neverwinter nights 2\nwn2main_amdxp.exe | 
"{3549E720-048A-4900-AA03-E48049B336BC}" = protocol=17 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike source\hl2.exe | 
"{3F9B9C1D-93DB-460E-B078-6461DDE2396D}" = protocol=6 | dir=in | app=s:\civilization 4\warlords\civ4warlords.exe | 
"{3FBC0104-0E54-4DB3-AA60-FE808DB8A5F7}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{434BE966-74D9-401F-BA72-95913847231F}" = protocol=6 | dir=in | app=s:\neverwinter nights 2\nwn2main_amdxp.exe | 
"{4379A7A8-080A-4BD8-9052-FF01234E8B2E}" = protocol=17 | dir=in | app=s:\civilization 4\warlords\civ4warlords.exe | 
"{444C60DD-A9FF-49DD-8929-C12C59433BDB}" = protocol=6 | dir=in | app=c:\users\brugmann\appdata\local\temp\{8f7a095c-7aff-4e8f-be5e-eeb002301e18}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{4521C547-65A9-48F6-AB22-1F77BDFDD45F}" = protocol=6 | dir=in | app=c:\starcraft ii beta\support\blizzarddownloader.exe | 
"{482101AD-E49E-4158-B1CE-46A2E7DF0FDA}" = protocol=6 | dir=out | app=system | 
"{4A1F54AD-1CD9-4AC7-B81B-653ACB632CAA}" = protocol=17 | dir=in | app=s:\neverwinter nights 2\nwn2server.exe | 
"{4C0E6763-EF05-4114-BDB9-CF845FEFE992}" = protocol=6 | dir=in | app=s:\starcraft ii\starcraft ii.exe | 
"{4C2D76BB-D58F-4E11-B2BF-848B9A067C53}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"{4D5193B3-4C67-4788-AA3C-93D0FF14DF89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4ED43DBA-7EBB-40F9-B2AB-B78683A574AF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4FA7880E-D4EE-45D2-A377-ABD78512DE3C}" = protocol=17 | dir=in | app=s:\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{5038FCC8-83FC-4EF2-A65C-B6E2154D934B}" = protocol=6 | dir=in | app=p:\curse\curseclient.exe | 
"{509EF9D1-B997-47B0-9682-AADBE9A3B6B3}" = protocol=17 | dir=in | app=p:\ventrilo\ventrilo.exe | 
"{5166E5BB-F101-46A4-BBA1-65EF06EDD6C9}" = protocol=6 | dir=in | app=s:\civilization 4\warlords\civ4warlords_pitboss.exe | 
"{529DAE8C-D07F-4E91-8273-8B1319531D91}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | 
"{539AD8B2-5EC8-4767-9DC4-589114F12218}" = protocol=6 | dir=in | app=s:\world of warcraft\launcher.exe | 
"{53DB415D-AC21-47A7-8445-DBE713D1DEE4}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{53EEDCF3-2373-4BFA-8DAD-19FFC0D5730D}" = protocol=17 | dir=in | app=s:\civilization 4\civilization4.exe | 
"{55726A31-70C5-440C-80DA-CFC317F1BD94}" = protocol=17 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike\hl.exe | 
"{56835FC2-40D0-4B15-99C1-4A482E2B103B}" = protocol=17 | dir=in | app=s:\world of warcraft beta\launcher.exe | 
"{56F65170-012C-4B28-A478-057109CD4514}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{577170BB-2354-462D-B055-78675AB1F79A}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.4\icq.exe | 
"{5A29416A-B738-47FE-AE73-4EA864D44807}" = protocol=17 | dir=in | app=s:\wow\backgrounddownloader.exe | 
"{5A984B3F-B592-4E5B-A4F3-5D6756E9CA35}" = protocol=17 | dir=in | app=s:\starcraft ii\versions\base15405\sc2.exe | 
"{5B5AB27F-1B44-4622-B793-FF79FD730188}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5CA806D2-0A73-4566-8CDF-28B136F2E8FA}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\everquest\launchpad.exe | 
"{5D1347B6-A38D-47D3-A854-BB72A4A907CE}" = protocol=17 | dir=in | app=s:\wow\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{5D3522D0-03CB-4959-86DE-1A3647011A7C}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | 
"{5D6E0743-2593-4CCB-9147-F71570840856}" = protocol=17 | dir=in | app=s:\world of warcraft beta\blizzard downloader.exe | 
"{5F363B06-9E6C-460D-904B-E904507796CF}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\cogs\cogs.exe | 
"{5F57534E-3AB7-411D-A29B-EF2B6609FB95}" = protocol=6 | dir=in | app=d:\battleforge\bootstrapper.exe | 
"{601CDE42-7E1B-427F-A976-654768C13E8D}" = protocol=17 | dir=in | app=p:\program files (x86)\icq7.4\icq.exe | 
"{650400B7-80E5-4D7C-8A05-BEEE58A683E1}" = protocol=17 | dir=in | app=s:\black prophecy client beta\bin\win32\patcher.exe | 
"{67FA2290-2122-41C0-B898-294899C95A37}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{6947F9F3-6EEB-469B-B900-DD16EFE0489D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{696D52C6-750D-4B86-8F6F-737E0A5E7189}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BFE7436-894D-4089-B174-152E52C0A29D}" = protocol=6 | dir=in | app=s:\civilization 4\civilization4.exe | 
"{6CCEB008-01EC-4A78-8BBE-7327E211123F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6DED29D4-EA39-4CE7-84F2-A229A72856A8}" = protocol=6 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike source\hl2.exe | 
"{6F9F8149-D42C-4F11-A8BB-83DA15651C03}" = protocol=17 | dir=in | app=s:\civilization 4\beyond the sword\civ4beyondsword.exe | 
"{707DDE80-8202-47C1-ABE0-B9112B144A1B}" = protocol=6 | dir=in | app=c:\starcraft ii beta\starcraft ii.exe | 
"{71B5695C-5122-4FAF-83A2-EAAD30BE9950}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{7253001A-04D0-4816-92D0-6B3D26E863F3}" = protocol=17 | dir=in | app=s:\neverwinter nights 2\nwn2main.exe | 
"{75A87F47-A372-4389-AAE6-7353B72461EC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{77EE840B-6506-47ED-8581-4D2594EA8F56}" = protocol=17 | dir=in | app=s:\heroes in the sky\his.exe | 
"{79DB3BFD-380B-4D2C-8AA8-FE0AAC63106F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7E9C29DA-B51C-4BD8-A780-C9BDBC77508F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7EE41CFD-D72E-47BE-9054-C6ADACC288CE}" = protocol=6 | dir=in | app=s:\civilization 4\beyond the sword\civ4beyondsword.exe | 
"{7F8D1F3A-958B-4DE8-8C0C-6767CB19F5A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{80AEA494-44CD-42E8-9830-754B1302F7D4}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{82008738-9714-410E-A683-4DB8EB9903C7}" = protocol=6 | dir=in | app=s:\starcraft ii\versions\base15405\sc2.exe | 
"{8268EF3A-1EC5-49D2-B7CA-DA259AEF26B1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{82B83607-4576-45E8-9342-FB8631A192C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8941C684-D38F-4FAD-9825-51224CF4A181}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8948F5B5-B8BA-4FB6-9779-7555A4620895}" = protocol=17 | dir=in | app=p:\curse\curseclient.exe | 
"{89864A7C-CCA6-40BC-8352-77F235B93881}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | 
"{8A48E187-1409-47AF-B2A1-8C7ED988932A}" = protocol=17 | dir=in | app=s:\heroes in the sky\his.exe | 
"{8CA3CE69-E663-4C00-BB46-403723DD4509}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{8EF5F950-F939-49B5-BC4D-4B1895DF6355}" = protocol=6 | dir=in | app=s:\civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{8F3587E0-598A-4955-888F-C50313272D1B}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{8FE5D9D9-CB49-46C5-A82F-22985D30E2C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92D13E80-E370-4B49-A0F8-8FA3090AED36}" = protocol=6 | dir=in | app=s:\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{936A14A5-97F3-4356-A942-AC4E012E5928}" = protocol=17 | dir=in | app=d:\battleforge\battleforge.exe | 
"{954C1832-2A15-435A-A762-85F17127A1E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{95DEE74A-C819-4AE0-A09C-6E39E6280D30}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{97450AD5-513C-4E16-9408-8F54DA917EDF}" = protocol=6 | dir=in | app=s:\neverwinter nights 2\nwupdate.exe | 
"{984F5315-34EE-4C78-8543-C3BE916E2ACA}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.4\icq.exe | 
"{999E31AE-AA9C-4C52-8F0C-5D13EDC1D4E3}" = protocol=17 | dir=in | app=s:\neverwinter nights 2\nwupdate.exe | 
"{9AF8A6D9-B360-4678-B2C8-3B98C028158C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{9BCD70A6-86DF-4365-8685-3384CD125877}" = protocol=6 | dir=in | app=s:\world of warcraft\launcher.patch.exe | 
"{9BCEEFF5-B08B-49B3-8228-31EB32F907C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C2CB722-8306-44CF-B19E-30B5872C0A1B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | 
"{9CFFA467-A894-4D3B-BB8C-84BB8F6CFC5B}" = protocol=6 | dir=in | app=s:\lost empire\lostempire.exe | 
"{A067DC87-AB81-4996-86D4-B6739F3D1C2C}" = protocol=17 | dir=in | app=s:\turbine download manager\turbinemessageservice.exe | 
"{A139F095-5DBF-4F9D-A40F-5D6B73B56B95}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A18BD04A-4B43-40C7-8AA2-EB0A85F63877}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\hearts of iron 3\hoi3game.exe | 
"{A30E0598-4972-4B74-862E-7D1759AD0EDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7F9A5B8-9428-4CA4-B0EE-EA6D2A42D272}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{A8AD8D4D-033A-4188-B22E-BB6140B217B7}" = protocol=6 | dir=in | app=s:\black prophecy client beta\bin\win32\launcher.exe | 
"{A921061C-FAE1-49D1-A44D-DE4813620825}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{A9729809-55A2-4D7D-8097-2174C810348F}" = protocol=17 | dir=in | app=c:\users\brugmann\appdata\local\temp\{8f7a095c-7aff-4e8f-be5e-eeb002301e18}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{AA96D77E-39C7-4802-A4D9-D8AC07EBD285}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B64F3C4B-A0EC-4521-B9C0-9514DF13BC0A}" = protocol=6 | dir=in | app=s:\lost empire - immortals\lostempire.exe | 
"{B7EE7BD8-43C0-4860-83E3-D502DF5F302E}" = protocol=6 | dir=in | app=s:\reliccoh.exe | 
"{B8E6285A-2683-47CE-87C0-A030577DD12B}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | 
"{BD28AAEB-C7CF-4909-B076-5383FB30D4BF}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe | 
"{BE2E1838-438D-4491-B40E-B17291021D73}" = protocol=17 | dir=in | app=s:\black prophecy client beta\bin\win32\blackprophecy.exe | 
"{C01C2900-BD63-4C35-B3F7-B0CB6D416EC0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C03E2717-5E25-41A8-87A0-06A17C5C9C29}" = protocol=6 | dir=in | app=p:\ventrilo\ventrilo.exe | 
"{C1FB0752-44FC-43EA-B851-942C623DE7CD}" = protocol=17 | dir=in | app=s:\world of warcraft\backgrounddownloader.exe | 
"{C22ACA32-03BA-47EB-8AD8-B9602C26868B}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{C2D84D43-6A3D-422A-B7B3-D9416F64B72D}" = protocol=6 | dir=in | app=s:\neverwinter nights 2\nwn2server.exe | 
"{C3147BBC-C700-4FF9-A34B-917542C04B3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C42FA5E4-FB98-4FA4-9543-4BB5997BEC3C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C74FBE41-BDF6-4E1B-B0E2-A5307E66FFBC}" = protocol=6 | dir=in | app=s:\wow\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{C8DA926E-1BD6-4C4B-8B83-0BA1F4A88445}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnwbgw.exe | 
"{C8DBF34F-B097-415A-AC06-F79DD9E33089}" = protocol=6 | dir=in | app=s:\turbine download manager\turbinemessageservice.exe | 
"{C95D5C5C-ABE2-45A6-B258-F527AD27D2B7}" = protocol=17 | dir=in | app=s:\civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{CA376EDD-8033-4329-BAD1-828C283E3214}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"{CA64B0FA-E401-48A6-8BEA-6835DDBB5317}" = protocol=17 | dir=in | app=s:\black prophecy client beta\bin\win32\launcher.exe | 
"{CB722881-29A1-406A-A992-E77C19CAABFE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CC6EA8D8-3D79-4BBF-82B3-B3ED694CEDC1}" = protocol=6 | dir=in | app=s:\wow\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{CD4C653B-8143-477C-B27B-03D82E4B0ADC}" = protocol=17 | dir=in | app=s:\starcraft ii\starcraft ii.exe | 
"{CE36C14E-D9C7-4054-B0FE-8DE8CF874AE2}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"{CFA1A185-6D62-40D1-AA5D-7345340F818B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D091D0F5-061D-494C-9FCF-84A71202A929}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D13B79F7-6B02-449D-B850-E79DDDAC2592}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"{D1B16AD5-7A96-400E-8CA3-0E3A7859AF86}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{D1CBCD4C-4007-43A8-9AA3-76D471233AE4}" = protocol=6 | dir=in | app=p:\program files (x86)\icq7.4\icq.exe | 
"{D36F5A45-EF4B-4BCB-B7CE-1F4C3BF200E2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D4AF3BF9-5DDD-4951-BACF-76F3FCADE4CD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{D624B328-C62E-4A2E-B959-E9412B1263C9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D6D60704-9ADF-4732-8EE7-D6AD609E9701}" = protocol=6 | dir=in | app=d:\battleforge\battleforge.exe | 
"{DACB2DF3-377E-421C-83A7-CAF3816953F7}" = protocol=6 | dir=in | app=s:\heroes in the sky\his.exe | 
"{DAF67202-0A2D-42BE-AA0E-4CE686AFE8F4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DCF0AC17-84C6-4803-9232-16CFF8151113}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\magic the gathering - duels of the planeswalkers\dotp.exe | 
"{DCF37BDC-BD4B-4C31-B1A6-CE747DDF910A}" = protocol=6 | dir=in | app=s:\steam\steamapps\common\cogs\cogs.exe | 
"{DFB66A79-120B-419D-9970-F607B485D05E}" = protocol=17 | dir=in | app=s:\steam\steamapps\common\hearts of iron 3\hoi3game.exe | 
"{E0F4A568-5800-46BC-8D97-5BCD168CEE4A}" = protocol=6 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike source\hl2.exe | 
"{E166764D-830C-4D8B-9C54-19AB7484E121}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E2FE15ED-42D2-4502-BCD6-27CEB451EE2A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E30E3944-C6DB-4A60-880A-21687F854684}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E3FFCF1C-5B18-4735-B570-21C53E9D3DD5}" = protocol=17 | dir=in | app=s:\wow\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{E7F960B4-A3FC-4B32-9CD5-41670B1C5169}" = protocol=17 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike source\hl2.exe | 
"{EA56DFF1-8E12-4229-8151-632E9ECFE1DE}" = protocol=6 | dir=in | app=s:\neverwinter nights 2\nwn2main.exe | 
"{EAAE8578-916D-471E-BF8E-B0DC76178861}" = protocol=17 | dir=in | app=s:\world of warcraft\launcher.exe | 
"{EAE95162-F339-4A23-B3EA-9494B0884662}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EBE6AB8B-835C-4B38-B8C7-2C6B1524F942}" = protocol=6 | dir=in | app=s:\black prophecy client beta\bin\win32\blackprophecy.exe | 
"{EE60427B-83AA-4700-BD9C-E6AF5EFF09E7}" = protocol=17 | dir=in | app=s:\lost empire\lostempire.exe | 
"{F1F2BE92-DAD1-4C02-AB49-3E6AA37C82EF}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{F4422943-3309-4631-B101-6CF2028641C7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"{F618AAF6-EE19-4088-84EF-C526161B6756}" = protocol=6 | dir=in | app=s:\world of warcraft\backgrounddownloader.exe | 
"{F6E6D5F8-5646-4EE7-9BA1-F2ADB29096A5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | 
"{F7FCBED7-0A97-4FA0-A7B7-98E2FCA20DD6}" = protocol=6 | dir=in | app=s:\world of warcraft beta\launcher.exe | 
"{FA1F34B4-123C-4945-A889-7492927A8713}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FBF8021F-139F-4B9C-9910-6F7E9730A219}" = protocol=17 | dir=in | app=s:\reliccoh.exe | 
"{FD7151FA-9DB2-43FD-A013-29AEC16DB8D3}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | 
"{FE51070E-C1AA-49C9-B6F9-0327219DD604}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"TCP Query User{03CF06CD-E1C4-4556-B908-78183E589D18}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{1B8856E2-8178-45EB-A496-3C67FCF92FA4}S:\dead space\dead space.exe" = protocol=6 | dir=in | app=s:\dead space\dead space.exe | 
"TCP Query User{1BD9649A-9515-4AB7-AB65-6DE4C3187C53}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{209DD437-DE74-42F5-A4ED-EBD07898C640}P:\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=p:\dc++\dcplusplus.exe | 
"TCP Query User{230123DA-6C05-46B6-B825-E5959DD7A11B}P:\icq6\icq.exe" = protocol=6 | dir=in | app=p:\icq6\icq.exe | 
"TCP Query User{28BA134C-86C5-4A96-88F5-74236B053F07}S:\steam\steamapps\bjoernbrugmann@web.de\counter-strike\hl.exe" = protocol=6 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike\hl.exe | 
"TCP Query User{2AB5162D-8D1B-437B-B320-DA644B227014}S:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=s:\anno 1701\anno1701.exe | 
"TCP Query User{3106C83F-A00D-464F-8A18-20711A441D8D}S:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=s:\tmnationsforever\tmforever.exe | 
"TCP Query User{33A3D7A6-7F11-46C4-B11B-62F15119CA91}S:\wow\launcher.exe" = protocol=6 | dir=in | app=s:\wow\launcher.exe | 
"TCP Query User{344798D8-5DAD-4D33-B799-F7C6114D4C83}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"TCP Query User{39C64AB8-3561-424C-8332-0167237B95A3}P:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=p:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{429AB74D-B8FA-4EE4-A038-A44007061703}S:\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=s:\ghost recon advanced warfighter\graw.exe | 
"TCP Query User{43B868A6-51E8-4EC8-9936-518A2038AE40}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"TCP Query User{5045A4E0-1D65-4691-80DD-43C764F71E5D}C:\users\brugmann\appdata\local\temp\blizzard launcher temporary - 36909508\launcher.exe" = protocol=6 | dir=in | app=c:\users\brugmann\appdata\local\temp\blizzard launcher temporary - 36909508\launcher.exe | 
"TCP Query User{5192D353-CD11-4442-922F-0A598EDCEF97}P:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=p:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{622C7CD4-9B77-4EA4-B3CE-59D38BAFE516}P:\veohplayer\veoh\veohclient.exe" = protocol=6 | dir=in | app=p:\veohplayer\veoh\veohclient.exe | 
"TCP Query User{62F8F583-18F7-459E-8019-5C1BE2C6439E}S:\steam\steamapps\mau.eq@freenet.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=s:\steam\steamapps\mau.eq@freenet.de\counter-strike source\hl2.exe | 
"TCP Query User{67ADAFB1-8DA1-403F-8C09-E83FEADDBA04}P:\icq6.5\icq.exe" = protocol=6 | dir=in | app=p:\icq6.5\icq.exe | 
"TCP Query User{6CC1968A-F4B6-45AA-985F-052E5461400C}D:\starcraft ii beta\versions\base15580\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii beta\versions\base15580\sc2.exe | 
"TCP Query User{6D323AB5-2538-4556-BE94-19F5B6C5B052}S:\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=s:\der herr der ringe online\lotroclient.exe | 
"TCP Query User{6D62E069-45B6-45C7-8420-55962324B171}S:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=s:\anno 1701\anno1701.exe | 
"TCP Query User{6FDE3A26-A579-48A1-AAFE-F612C006936A}P:\veohplayer\veohclient.exe" = protocol=6 | dir=in | app=p:\veohplayer\veohclient.exe | 
"TCP Query User{70C6C56D-03E0-4516-AD67-6C1308CFDD6F}S:\dungeons and dragons online - eberron unlimited\dndclient.exe" = protocol=6 | dir=in | app=s:\dungeons and dragons online - eberron unlimited\dndclient.exe | 
"TCP Query User{735CED69-3252-442E-ADC4-C9459459556C}S:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=s:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{77E17462-2983-437B-B80C-ED38B3340B1B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{795919B5-0D18-4FD6-B5FB-61A6BCFAC6C2}P:\icq6.5\icq.exe" = protocol=6 | dir=in | app=p:\icq6.5\icq.exe | 
"TCP Query User{8716ECD1-4B34-49AF-84F8-3BEA966DBF54}C:\users\brugmann\appdata\local\temp\blizzard launcher temporary - fb1411e8\launcher.exe" = protocol=6 | dir=in | app=c:\users\brugmann\appdata\local\temp\blizzard launcher temporary - fb1411e8\launcher.exe | 
"TCP Query User{89B7E532-593D-4A78-BAE7-818F973E026F}P:\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=p:\dc++\dcplusplus.exe | 
"TCP Query User{9A7353D8-F1C2-4584-B1F6-DABA73F53471}S:\world public test\launcher.exe" = protocol=6 | dir=in | app=s:\world public test\launcher.exe | 
"TCP Query User{A33BE159-F8DE-4E1F-9AA4-C13ADAC6A939}S:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=s:\eve\bin\exefile.exe | 
"TCP Query User{A398B7AB-0B97-4AD6-A56C-6CE7EC4612CD}S:\steam\steamapps\common\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=s:\steam\steamapps\common\everquest\eqvoiceservice.exe | 
"TCP Query User{AA85DD65-82A8-42DC-8CE6-3654B50A0D71}C:\users\brugmann\appdata\local\temp\rar$ex00.695\yuleech-runes_of_magic_en-en.exe" = protocol=6 | dir=in | app=c:\users\brugmann\appdata\local\temp\rar$ex00.695\yuleech-runes_of_magic_en-en.exe | 
"TCP Query User{AFB2F90B-B5DD-427C-857F-E8D05E54935A}S:\eve\bin\exefile.exe" = protocol=6 | dir=in | app=s:\eve\bin\exefile.exe | 
"TCP Query User{B6EE868B-21D3-4A82-99B0-A7F6E29FCA61}S:\armageddon\hoi2.exe" = protocol=6 | dir=in | app=s:\armageddon\hoi2.exe | 
"TCP Query User{B778626B-6592-4BFE-B0E4-50E1AD9906D1}S:\wow\launcher.exe" = protocol=6 | dir=in | app=s:\wow\launcher.exe | 
"TCP Query User{BBF5695A-EC92-47BB-B77B-13C873A3FDC9}D:\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=d:\starcraft ii beta\starcraft ii.exe | 
"TCP Query User{BC1E3767-4DEF-4B26-B27A-3276EA392031}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{C62F002A-92AB-4C26-9633-69B148CBF4BD}S:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=s:\warcraft iii\war3.exe | 
"TCP Query User{DACB4F31-6F22-4138-8777-251E104532F2}S:\diablo ii\game.exe" = protocol=6 | dir=in | app=s:\diablo ii\game.exe | 
"TCP Query User{DDE83692-8195-4310-B18D-0A7356D9FB34}S:\steam\steamapps\common\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=s:\steam\steamapps\common\everquest\eqvoiceservice.exe | 
"TCP Query User{E1D3B558-948E-443C-915A-C5C3E0F94ED8}D:\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii beta\versions\base15449\sc2.exe | 
"TCP Query User{E2CAA59D-DD3D-4737-B17F-9467D97D6289}S:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=s:\tmnationsforever\tmforever.exe | 
"TCP Query User{EC395D5E-966A-4910-B3E7-DAD2DF881292}S:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=s:\world of warcraft\launcher.exe | 
"TCP Query User{EC812224-C9A2-4B94-B430-2141A46C43B1}S:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=s:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{ED332896-D42E-4E40-B0CC-17063E2BEE16}P:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=p:\program files (x86)\dc++\dcplusplus.exe | 
"TCP Query User{F051EE02-2828-40DB-8DCA-4956CEDB3A88}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"TCP Query User{F0C1DF44-F93C-4DCA-82AB-559650016BB1}C:\users\brugmann\appdata\local\temp\rar$ex00.950\yuleech-runes_of_magic_en-en.exe" = protocol=6 | dir=in | app=c:\users\brugmann\appdata\local\temp\rar$ex00.950\yuleech-runes_of_magic_en-en.exe | 
"UDP Query User{174ADEBF-AB46-4907-AC7B-F06FABD8851C}S:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=s:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{18307F7D-303B-4A3F-A5B2-0B5D380FF4D0}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | 
"UDP Query User{202FC303-1AE8-4DC5-AD07-C0259A0ACC56}C:\users\brugmann\appdata\local\temp\rar$ex00.695\yuleech-runes_of_magic_en-en.exe" = protocol=17 | dir=in | app=c:\users\brugmann\appdata\local\temp\rar$ex00.695\yuleech-runes_of_magic_en-en.exe | 
"UDP Query User{2439BEB7-A715-44D7-A903-BF1F1CAA27FE}S:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=s:\anno 1701\anno1701.exe | 
"UDP Query User{25E6D087-BD10-4A44-BBD2-03C8302399F7}D:\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=d:\starcraft ii beta\starcraft ii.exe | 
"UDP Query User{25FAEC25-D8A4-4A2C-9E11-642FAD944751}S:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=s:\anno 1701\anno1701.exe | 
"UDP Query User{27C45738-3352-47D1-96BC-BDEF7F918EA2}C:\users\brugmann\appdata\local\temp\blizzard launcher temporary - 36909508\launcher.exe" = protocol=17 | dir=in | app=c:\users\brugmann\appdata\local\temp\blizzard launcher temporary - 36909508\launcher.exe | 
"UDP Query User{35DB9425-E41A-4A29-B681-FFF99290184D}P:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=p:\program files (x86)\dc++\dcplusplus.exe | 
"UDP Query User{375CAF1C-4E2A-4B1F-843D-5C4CCCACD518}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"UDP Query User{3B498221-D27F-41B3-964B-0D5A73F567DB}C:\users\brugmann\appdata\local\temp\rar$ex00.950\yuleech-runes_of_magic_en-en.exe" = protocol=17 | dir=in | app=c:\users\brugmann\appdata\local\temp\rar$ex00.950\yuleech-runes_of_magic_en-en.exe | 
"UDP Query User{3D4844D7-DFA9-4645-8EBA-5C5162B0007E}S:\steam\steamapps\common\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=s:\steam\steamapps\common\everquest\eqvoiceservice.exe | 
"UDP Query User{418FA822-0901-4C64-9495-9D548E5361AD}C:\users\brugmann\appdata\local\temp\blizzard launcher temporary - fb1411e8\launcher.exe" = protocol=17 | dir=in | app=c:\users\brugmann\appdata\local\temp\blizzard launcher temporary - fb1411e8\launcher.exe | 
"UDP Query User{60B0BF62-47AC-4F3E-AA57-2F06744C5643}S:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=s:\tmnationsforever\tmforever.exe | 
"UDP Query User{678190C7-3FE4-4528-8AFF-4EE301B06FA0}S:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=s:\tmnationsforever\tmforever.exe | 
"UDP Query User{6D9964B1-7621-442E-89A3-1DA80F9E94E3}P:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=p:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{6EDBC01B-DC6A-4B82-B5D3-CDCF3D8664A2}S:\world public test\launcher.exe" = protocol=17 | dir=in | app=s:\world public test\launcher.exe | 
"UDP Query User{72313EA8-424A-44DB-A850-CFEF16B80BEB}S:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=s:\eve\bin\exefile.exe | 
"UDP Query User{746C27E2-E80D-41DC-8937-7F70B00BBEA4}S:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=s:\warcraft iii\war3.exe | 
"UDP Query User{7EC7C077-C538-4F74-AF7A-4C94386548E3}D:\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii beta\versions\base15449\sc2.exe | 
"UDP Query User{88C7E203-58A3-43EC-A1BD-DD6061F3914D}P:\veohplayer\veoh\veohclient.exe" = protocol=17 | dir=in | app=p:\veohplayer\veoh\veohclient.exe | 
"UDP Query User{8A539410-3482-4116-8DC8-976FD3698F2E}S:\wow\launcher.exe" = protocol=17 | dir=in | app=s:\wow\launcher.exe | 
"UDP Query User{90C924C8-AB4E-4DE0-A429-E03D7A7906B6}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | 
"UDP Query User{93D96A79-6089-4DC5-95B2-40DA642A8B89}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{96D6A7C0-017A-4147-AD3F-7B7DCD787494}S:\steam\steamapps\bjoernbrugmann@web.de\counter-strike\hl.exe" = protocol=17 | dir=in | app=s:\steam\steamapps\bjoernbrugmann@web.de\counter-strike\hl.exe | 
"UDP Query User{998B238F-C91D-4481-AA02-214D53209CBE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{9B50AD98-C062-40DF-9971-021D074A6916}S:\diablo ii\game.exe" = protocol=17 | dir=in | app=s:\diablo ii\game.exe | 
"UDP Query User{9B9B348E-D611-4887-814F-736FC3283D4F}P:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=p:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{9D26F23D-5201-4EEB-8714-EB04A45D12EF}S:\steam\steamapps\common\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=s:\steam\steamapps\common\everquest\eqvoiceservice.exe | 
"UDP Query User{A5619A9A-585C-4263-832D-9B7817A7E02F}S:\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=s:\der herr der ringe online\lotroclient.exe | 
"UDP Query User{A79323EA-8FE7-4454-B4BB-4995A51A2BBF}P:\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=p:\dc++\dcplusplus.exe | 
"UDP Query User{AD3D9E40-6A6B-4294-B7E1-4D5292883BE7}S:\dungeons and dragons online - eberron unlimited\dndclient.exe" = protocol=17 | dir=in | app=s:\dungeons and dragons online - eberron unlimited\dndclient.exe | 
"UDP Query User{AD4B1BBD-CA54-4AC7-ADD9-8090E259B731}S:\eve\bin\exefile.exe" = protocol=17 | dir=in | app=s:\eve\bin\exefile.exe | 
"UDP Query User{B06B4C10-ADC4-4E0A-BF40-9930A8C53AAC}S:\dead space\dead space.exe" = protocol=17 | dir=in | app=s:\dead space\dead space.exe | 
"UDP Query User{B63C81AF-227C-4E17-9780-EB95944048C0}S:\steam\steamapps\mau.eq@freenet.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=s:\steam\steamapps\mau.eq@freenet.de\counter-strike source\hl2.exe | 
"UDP Query User{C731AE9A-8961-4A70-BA58-AD4F189A7E45}P:\icq6\icq.exe" = protocol=17 | dir=in | app=p:\icq6\icq.exe | 
"UDP Query User{C7897555-87C5-4C85-A62E-D46329F06049}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{D5E5060D-1885-426D-AE94-DE8B2A2C7BBE}S:\armageddon\hoi2.exe" = protocol=17 | dir=in | app=s:\armageddon\hoi2.exe | 
"UDP Query User{DE73B457-EA38-43A8-9DE2-7C80F1E1C3EB}P:\veohplayer\veohclient.exe" = protocol=17 | dir=in | app=p:\veohplayer\veohclient.exe | 
"UDP Query User{DF5D354A-539A-42AA-9983-BCCBC71630BC}P:\icq6.5\icq.exe" = protocol=17 | dir=in | app=p:\icq6.5\icq.exe | 
"UDP Query User{E72CD531-F732-49DD-982A-786069D1DF31}S:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=s:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{E73B386E-54F2-477F-BE9F-EED4B8C168BF}P:\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=p:\dc++\dcplusplus.exe | 
"UDP Query User{ED70AEBF-1C19-488E-A8EF-D0140D10B17B}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | 
"UDP Query User{F21A5C5D-B130-41B4-BFDC-CD53002C5A9F}D:\starcraft ii beta\versions\base15580\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii beta\versions\base15580\sc2.exe | 
"UDP Query User{F60C0BB0-2567-459E-B9AE-AE46E9872927}S:\wow\launcher.exe" = protocol=17 | dir=in | app=s:\wow\launcher.exe | 
"UDP Query User{F7800873-A45A-49D8-9A04-7EBAD4E642BF}S:\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=s:\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{FD2FEE2E-5B8C-4785-B881-39B8F7DF5C26}P:\icq6.5\icq.exe" = protocol=17 | dir=in | app=p:\icq6.5\icq.exe | 
"UDP Query User{FE895544-C2A1-4B62-A624-A22B451D7731}S:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=s:\world of warcraft\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04C43AE1-5B72-487F-AC6C-6BC1AA19FE03}" = Microsoft IntelliPoint 6.2
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{28259F68-33B4-45C1-82F8-51D1DBD6AEB9}" = Lost Empire - Immortals
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{4558441A-0414-4ABE-A5D4-2E8005C0C6FE}" = Adventure Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7f15c877-31ba-4340-9c06-ea4ce375e63e}" = Nero 9
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B63321ED-94B1-4933-BC31-AED50BFF5961}" = NavyFIELD Europe (DE)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD11E3C6-065E-40BB-A129-435C4530A159}_is1" = Jewel Master - Cradle Of Rome
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ANSTOSS 3_is1" = ANSTOSS 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"DC++" = DC++ 0.770
"DynaGeo_is1" = DynaGeo 3.0f
"EVE" = EVE Online (remove only)
"FileZilla Client" = FileZilla Client 3.0.11
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Hamachi" = Hamachi 1.0.1.5
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"king.com" = king.com (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PartyPoker" = PartyPoker
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"PokerStars" = PokerStars
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"S2TNG" = Die Siedler II - Die nächste Generation
"ShotOnline" = ShotOnline
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 10" = Counter-Strike
"Steam App 11900" = Lumines
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 240" = Counter-Strike: Source
"Steam App 24130" = EverQuest: Seeds of Destruction
"Steam App 26500" = Cogs
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR archiver
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V7" = Skat-Online V7
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2011 09:01:53 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 04:36:46 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 04:36:46 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 09:32:20 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 09:32:20 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 10:48:29 | Computer Name = Haimon | Source = EventSystem | ID = 4609
Description = 
 
Error - 21.04.2011 10:55:48 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 10:55:48 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 11:10:42 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.04.2011 11:10:42 | Computer Name = Haimon | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 21.04.2011 10:55:53 | Computer Name = Haimon | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 21.04.2011 10:55:56 | Computer Name = Haimon | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 21.04.2011 10:59:13 | Computer Name = Haimon | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 21.04.2011 11:09:20 | Computer Name = Haimon | Source = DCOM | ID = 10010
Description = 
 
Error - 21.04.2011 11:10:03 | Computer Name = Haimon | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 21.04.2011 11:10:13 | Computer Name = Haimon | Source = volmgr | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 21.04.2011 11:10:39 | Computer Name = Haimon | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 21.04.2011 11:10:39 | Computer Name = Haimon | Source = WMPNetworkSvc | ID = 866312
Description = 
 
Error - 21.04.2011 11:11:56 | Computer Name = Haimon | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.04.2011 11:11:56 | Computer Name = Haimon | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---


und von malware auch noch nenn log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21.04.2011 17:08:07
mbam-log-2011-04-21 (17-08-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165214
Laufzeit: 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2240 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 25.04.2011, 14:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kazy.mekml befallender rechner - Standard

Kazy.mekml befallender rechner



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Antwort

Themen zu Kazy.mekml befallender rechner
0x00000001, alternate, andere, anderen, antivir, arbeitsspeicher, avgntflt.sys, befallen, black, brauch, counter-strike source, curse, daten, disabletaskmgr, excel.exe, fehler, festplatte, festplatten, gespeichert, google chrome, katastrophe, kazy.mekml, kazy.mekml.1, location, nicht mehr, oldtimer, pando media booster, partitionen, platte, platten, plug-in, rechner, sache, saver, sched.exe, searchplugins, shell32.dll, shortcut, sptd.sys, start menu, syswow64, virus, visual studio, warnung, wichtige, wirklich, wissen, überhitzt




Ähnliche Themen: Kazy.mekml befallender rechner


  1. TR/Kazy.mekml.1 - jetzt auch auf meinem Rechner! :(
    Log-Analyse und Auswertung - 20.05.2011 (2)
  2. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 19.05.2011 (27)
  3. TR/Kazy.mekml.1 ?
    Log-Analyse und Auswertung - 15.05.2011 (15)
  4. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  5. Kazy.mekml.1
    Log-Analyse und Auswertung - 09.05.2011 (19)
  6. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (5)
  7. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (29)
  8. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  9. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 04.05.2011 (1)
  10. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  11. TR/Kazy.mekml.1
    Mülltonne - 30.04.2011 (2)
  12. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (1)
  13. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 25.04.2011 (17)
  14. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  15. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  16. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (14)
  17. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 20.04.2011 (16)

Zum Thema Kazy.mekml befallender rechner - Hallo mein antivir schreit die ganze zeit das mein rechner mit dem Tr kazy.mekml.1 befallen ist, zudem kommt eine warnung nach der anderen rein das meine festplatten fehler bekommen, mein - Kazy.mekml befallender rechner...
Archiv
Du betrachtest: Kazy.mekml befallender rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.